feat: [kit] Add Codebase Onboarding Agent for role-specific repo analysis

[HIMANSHU6001]

This PR introduces the Codebase Onboarding Agent kit (internally designated as repo-analyzer).

The agent is designed to reduce developer ramp-up time on new codebases. By accepting a public GitHub repository URL and a specific developer role (e.g., Frontend Engineer, Backend Developer), it submits the data to a Lamatic execution flow, analyzes the repository structure and codebase, and generates highly targeted, role-specific onboarding documentation.
Live link: https://agent-kit-delta.vercel.app/
The project is kept simple for the sake of testing, this kit can be enhanced further by adding more complex flows for giving more features

• Files added (concise list):

  • Kit metadata & docs: README.md, agent.md, lamatic.config.ts, constitutions/default.md, .gitignore (kit & apps), biome.json
  • App root & config: apps/package.json, apps/tsconfig.json, apps/next.config.ts, apps/eslint.config.mjs, apps/postcss.config.mjs, apps/components.json, apps/README.md
  • Next.js app entry & styles: apps/src/app/layout.tsx, apps/src/app/page.tsx, apps/src/app/actions.ts, apps/src/app/globals.css
  • Utilities & hooks: apps/src/lib/utils.ts (cn), apps/src/hooks/use-mobile.ts
  • Onboarding report: apps/src/components/OnboardingReport.tsx
  • UI component library: many Shadcn/Radix-based components under apps/src/components/ui/* (accordion, alert, alert-dialog, avatar, badge, breadcrumb, button, calendar, card, carousel, chart, checkbox, collapsible, command, context-menu, dialog, drawer, dropdown-menu, form integrations, hover-card, input, input-otp, label, menubar, navigation-menu, pagination, popover, progress, radio-group, resizable, scroll-area, select, separator, sheet, sidebar (complex), skeleton, slider, sonner/toaster wrapper, switch, table, tabs, textarea, toggle, toggle-group, tooltip)
  • Lamatic flow, prompts, scripts, model configs:
    • flows/repo-analyzer.ts
    • prompts/* (system + user templates for Instructor node)
    • model-configs/* (generative model config)
    • scripts/repo-analyzer_code-node-101_code.ts
    • scripts/repo-analyzer_code-node-301_code.ts

• Flow node types (from flows/repo-analyzer.ts):

  • triggerNode (async API trigger)
  • codeNode (custom JS processing nodes)
  • apiNode (GitHub/HTTP fetch nodes)
  • InstructorLLMNode (schema-driven LLM generation node)

• Specific nodes (high-level):

  • triggerNode_1 — receives repo URL + role (entry)
  • codeNode_101 — parse & normalize GitHub repo URL; build request headers (optional token)
  • apiNode_* (201..205) — parallel GitHub fetches: file tree, README, package.json, pyproject.toml, go.mod
  • codeNode_301 — decode base64 responses, truncate/sanitize README & manifests, filter/cap file tree
  • InstructorLLMNode_246 — generate role-specific onboarding guide constrained to a JSON schema (structured fields + quiz)

• Flow behavior / high-level summary:

  • Input: frontend collects public GitHub repo URL, developer role, optional GitHub token and triggers the Lamatic flow.
  • Parsing: code node extracts owner/repo and prepares headers (adds Bearer token if provided).
  • Parallel fetch: multiple api nodes retrieve repository metadata (file tree, README, common manifests).
  • Processing: code node decodes base64 payloads, truncates and sanitizes content, filters file list (depth ≤3, exclude node_modules/.git/.env, cap entries).
  • Analysis: InstructorLLMNode runs role-aware prompts + model config to produce a JSON-schema-constrained onboarding report (fields: projectOverview, techStack, folderStructure, keyFiles, setupSteps, architectureNotes, quiz).
  • Delivery: frontend polls for async completion (runOnboardingAgent → waitForCompletedFlow), unwraps/validates result (parseOnboardingReport), and renders the structured onboarding UI including a 5-question quiz.
  • Failure handling: scripts and action detect missing README/manifests and return graceful fallbacks; action returns structured errors for missing env vars, API/LLM failures, or timeouts.

• Key characteristics / notes:

  • Output is schema-constrained to enable deterministic parsing and UI rendering.
  • Kit is intentionally simple/extendable: Next.js frontend + Lamatic orchestration + prompt-driven LLM.
  • Required env vars: LAMATIC_PROJECT_API_KEY, LAMATIC_PROJECT_ID, LAMATIC_FLOW_ID, LAMATIC_PROJECT_ENDPOINT; optional GitHub token for higher-rate or private access.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a new kit “Codebase Onboarding Agent”: a Lamatic repo-analyzer workflow plus a Next.js app with UI components, server action to run/poll flows, preprocessing scripts, model/prompts/constitution, styling/config, and documentation.

Changes

Repo analyzer application

Layer / File(s)	Summary
Project scaffolding and documentation kits/codebase-onboarding-agent/*, kits/codebase-onboarding-agent/apps/*	Adds ignores, kit and app READMEs, package.json, tsconfig, Biome/PostCSS/ESLint/Next configs, and components.json.
App shell, theme, and shared utilities apps/src/app/globals.css, apps/src/app/layout.tsx, apps/src/lib/utils.ts, apps/src/hooks/use-mobile.ts, apps/postcss.config.mjs, apps/next.config.ts, apps/eslint.config.mjs	Defines Tailwind theme, global styles, root layout, cn utility, mobile breakpoint hook, and build/lint configs.
Lamatic workflow, prompts, and preprocessing lamatic.config.ts, flows/repo-analyzer.ts, model-configs/*, prompts/*, constitutions/default.md, scripts/*	Adds the repo-analyzer workflow graph, model configuration, system/user prompts and constitution, and code-node scripts to parse repo URL and aggregate GitHub data.
Submission and onboarding report flow apps/src/app/actions.ts, apps/src/app/page.tsx, apps/src/components/OnboardingReport.tsx	Server action executes/polls Lamatic flow; page submits form and renders results; parser validates/unpacks onboarding report and renders the report UI.
Form and foundational UI primitives apps/src/components/ui/{button,input,label,form,alert,badge,avatar,aspect-ratio,input-otp,textarea}	Adds core inputs, button variants, form wiring (react-hook-form + Radix), alerts, badges, avatar and OTP UI building blocks.
Overlays, menus, and navigation primitives apps/src/components/ui/{dialog,sheet,drawer,dropdown-menu,context-menu,popover,tooltip,command,navigation-menu,menubar,hover-card,alert-dialog}	Adds dialogs/sheets/drawers, dropdown/context menus, popovers/tooltips, command palette, navigation menu and menubar wrappers.
Display and layout widgets apps/src/components/ui/{accordion,calendar,card,carousel,chart,table,tabs,progress,scroll-area,resizable,pagination,select,radio-group,checkbox,separator,skeleton,slider,switch,breadcrumb,sonner}	Adds display components, charts/legend/tooltip plumbing, carousel, table/tabs, layout helpers, and a toast wrapper.
Sidebar state and composition system apps/src/components/ui/sidebar.tsx	Implements a full sidebar provider and component suite with desktop/mobile behavior, persisted state, menu buttons, and nested sub-navigation.
Repo processing scripts kits/codebase-onboarding-agent/scripts/*	Scripts to parse GitHub URLs, build request headers, decode base64 API results, truncate/assemble README and manifests, and produce a filtered file tree.

Suggested reviewers

• amanintech
• d-pamneja

Act like the agent handler from mission impossible. Your mission if you choose to accept it: review the layers above in sequence to validate the end-to-end onboarding flow.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

[akshatvirmani]

/validate

[github-actions]

📡 Running Studio validation — results will appear here shortly.

[github-actions]

Studio Runtime Validation (Phase 2)

✅ Studio validation passed. The kit loaded successfully in Lamatic Studio.

This PR is ready for final review and merge.

[HIMANSHU6001]

The root .gitignore file currently ignores the scripts/ directory, which prevents new kit-related scripts from being committed. While I have force-committed the necessary files in this PR, this issue will persist for future contributions. I suggest updating the .gitignore at line 6 to either remove scripts or add an exception for kit-specific script files to ensure they are properly tracked.

[akshatvirmani]

/validate

[github-actions]

📡 Running Studio validation — results will appear here shortly.

[coderabbitai]

Actionable comments posted: 22

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

kits/codebase-onboarding-agent/apps/AGENTS.md (1)

1-6: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Your mission: expand this AGENTS dossier with concrete agent responsibilities and configs.

The file currently only carries a Next.js caution banner; it does not document actual agent configuration, responsibilities, capabilities, or usage boundaries for this app.

As per coding guidelines: "kits/codebase-onboarding-agent/apps/**/AGENTS.md: Document agent configurations and responsibilities in AGENTS.md".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/AGENTS.md` around lines 1 - 6, The
AGENTS.md currently only contains a Next.js caution banner and lacks any agent
definitions; update AGENTS.md to add concrete agent entries including: agent
names/IDs, responsibility summaries (what each agent should do),
capabilities/inputs/outputs, configuration examples (env vars, timeouts, model
names), usage boundaries and failure modes, and a short runbook for common
tasks; reference the existing banner section (<!-- BEGIN:nextjs-agent-rules -->
/ <!-- END:nextjs-agent-rules -->) so the new content follows it and ensure each
agent block is clearly marked (e.g., "## Agent: <AgentName>") and includes
example config snippets and permissions required.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/codebase-onboarding-agent/agent.md`:
- Around line 3-23: Several top-level headings in agent.md (e.g., "## Agent
Overview", "## Purpose", "## Flow Descriptions", "## Guardrails", "##
Integration Reference") lack the required blank line beneath them and trigger
markdownlint MD022; fix by inserting a single blank line immediately after each
of those headings so each heading is separated from the following
paragraph/listing, then re-run the linter to confirm MD022 is resolved.

In `@kits/codebase-onboarding-agent/apps/CLAUDE.md`:
- Line 1: The file starts with a bare reference token "`@AGENTS.md`" which
triggers MD041; add a top-level heading (e.g., "# Claude onboarding" or another
appropriate H1) as the first line, then keep the existing "`@AGENTS.md`" line
immediately below it so the reference remains but the document now begins with
an H1 to satisfy the markdown linter.

In `@kits/codebase-onboarding-agent/apps/package.json`:
- Around line 12-68: The package manifest uses range specifiers (caret/tilde) in
both the dependencies and devDependencies sections which breaks the kit rule
requiring pinned versions; update every dependency entry (e.g.,
"`@hookform/resolvers`", "zod", "next", "react", "typescript", "tailwindcss",
etc.) and every devDependency entry to use exact version strings instead of ^ or
~ (remove the range operator and set the precise version number currently
referenced), ensuring all entries under the "dependencies" and "devDependencies"
objects are exact, pinned versions.

In `@kits/codebase-onboarding-agent/apps/src/app/actions.ts`:
- Line 8: WORKFLOW_ID is hardcoded; change it to read from an environment
variable (e.g. process.env.WORKFLOW_ID or process.env.LAMATIC_WORKFLOW_ID)
instead of a literal so deployments can target different flows, and ensure it
either has a sensible fallback or throws a clear error if missing; update the
constant declaration that currently defines WORKFLOW_ID and leave the
executeFlow(...) call (the invocation passing WORKFLOW_ID) unchanged so it uses
the env-backed value.
- Around line 60-62: The code is logging sensitive github_token from the inputs
and possibly in the Lamatic response; before any console.log calls around inputs
or resData (the variables used with lamaticClient.executeFlow and its response),
create a sanitized copy that removes or masks inputs.github_token (e.g., replace
with "[REDACTED]") and likewise remove/mask any github_token inside resData
before logging; update the console.log calls that reference inputs and resData
to use the sanitized versions so the token is never written to logs.

In `@kits/codebase-onboarding-agent/apps/src/app/globals.css`:
- Around line 1-62: The CSS uses Tailwind v4 at-rules (`@custom-variant` and
`@theme` inline) which Biome flags as unknown; add a biome.json that disables the
CSS linter rule css.linter.rules.suspicious.noUnknownAtRule (or set the same
override in the repo root biome.json) so Biome stops treating those at-rules as
errors — mirror the same setting used in the other package that already disables
noUnknownAtRule to prevent CI lint failures.

In `@kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx`:
- Around line 131-157: parseOnboardingReport currently only checks for key
presence and then casts to OnboardingReport, allowing malformed shapes (e.g.,
techStack: "React") to slip through and crash renderers; update
parseOnboardingReport to validate the shape of each field before returning: when
unwrapping v.result / v.output / v.generatedResponse continue validating, and
ensure fields like techStack, folderStructure, keyFiles, setupSteps, and quiz
are the expected array/object shapes (use Array.isArray checks and typeof checks
for nested objects) or reject/normalize them to safe defaults (e.g., empty
arrays) so the returned value truly conforms to OnboardingReport; alternatively
implement a zod schema for OnboardingReport and validate/parse the value there
and return null on failure.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/alert.tsx`:
- Around line 30-45: AlertTitle and AlertDescription use mismatched ref/prop
generics for the elements they render; update AlertTitle's forwardRef generics
to use HTMLHeadingElement for the ref and
React.HTMLAttributes<HTMLHeadingElement> for props to match the rendered <h5>,
and update AlertDescription's forwardRef generics to use HTMLDivElement for the
ref and React.HTMLAttributes<HTMLDivElement> for props to match the rendered
<div>; ensure displayName and returned JSX remain unchanged.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/breadcrumb.tsx`:
- Line 91: The component displayName is misspelled; update the assignment
BreadcrumbEllipsis.displayName = "BreadcrumbElipssis" to the correct name
"BreadcrumbEllipsis" so React DevTools shows the proper component identity;
locate the BreadcrumbEllipsis symbol and correct its displayName string to match
the component name.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/drawer.tsx`:
- Line 1: This component is missing the required client boundary; add the
directive "use client" as the very first line of the Drawer module so the Drawer
component runs as a client component. Open the Drawer component (the file
exporting the Drawer UI) and insert the "use client" directive before any
imports or code, then verify any client-only hooks/effects inside Drawer still
function correctly.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/hover-card.tsx`:
- Line 1: This file is missing the "use client" directive so the Radix Hover
Card wrapper can be treated as a client component; add the string "use client"
as the very first line of apps/src/components/ui/hover-card.tsx (before the
import * as React from "react";) to establish the client boundary for the Hover
Card wrapper and prevent server-component imports from leaking into this module.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/menubar.tsx`:
- Line 210: The component export has a typo: set the React displayName correctly
by replacing the non-standard MenubarShortcut.displayname assignment with
MenubarShortcut.displayName so DevTools and error stacks show the component
name; locate the MenubarShortcut symbol in menubar.tsx and update the property
to displayName (capital N).

In `@kits/codebase-onboarding-agent/apps/src/components/ui/popover.tsx`:
- Line 1: This module is missing the "use client" directive required for the
Radix Popover wrapper (the client-side portal/context code used by the Popover
components); add the directive as the very first line of the file (before any
imports) so the Popover-related exports (e.g., Popover, PopoverTrigger,
PopoverContent or whatever components are defined in this module) are treated as
a client component and avoid server-side rendering errors.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx`:
- Around line 153-211: The forwarded ref passed into Sidebar is not attached in
the mobile rendering branch, causing consumers of the ref to break; update the
mobile path to attach the forwarded ref to a stable DOM element (e.g., pass ref
to SheetContent or the inner <div className="flex h-full w-full flex-col">)
instead of dropping it, ensuring you still spread {...props} where appropriate
and keep types intact for React.forwardRef in the Sidebar component so the ref
works consistently across breakpoints.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sonner.tsx`:
- Around line 1-5: Add the Next.js client directive and make the React type
import explicit: add "use client" as the very first line of the file, and import
the React types used by the Toaster type (e.g., either add `import type React
from "react"` or `import type { ComponentProps } from "react"` and change `type
ToasterProps = React.ComponentProps<typeof Sonner>` to `type ToasterProps =
ComponentProps<typeof Sonner>`). Ensure the existing Toaster and Sonner
identifiers remain unchanged.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/toggle.tsx`:
- Line 1: The Toggle component file lacks a "use client" directive so it could
be imported from server components; add "use client" as the first line of
kits/codebase-onboarding-agent/apps/src/components/ui/toggle.tsx to mark the
Toggle component as a client component, keep the existing export of Toggle and
toggleVariants unchanged, and ensure any consumer expecting client behavior
(symbols: Toggle, toggleVariants) continues to import from this module only from
client-marked files.

In `@kits/codebase-onboarding-agent/constitutions/default.md`:
- Around line 3-17: The markdown has heading-spacing violations (MD022): add a
single blank line after each top-level heading "Identity", "Safety", "Data
Handling", and "Tone" in constitutions/default.md so each heading is followed by
one empty line before the subsequent content; update the four places where those
headings are defined to insert the blank line immediately after the heading text
to satisfy the linter.

In `@kits/codebase-onboarding-agent/lamatic.config.ts`:
- Line 3: The kit metadata in lamatic.config.ts is incomplete: the "description"
is empty, "tags" is an empty array, and the GitHub URL points to a personal
fork; populate "description" with a concise summary of the kit's purpose, add
relevant discovery tags in "tags" (e.g., "agent", "lamatic", "onboarding"), and
update the repository URL to the upstream repository (replace the current
https://github.com/HIMANSHU6001/AgentKit value with
https://github.com/Lamatic/AgentKit). Ensure the same fixes are applied to the
other occurrences noted (lines referenced in the review).

In `@kits/codebase-onboarding-agent/scripts/repo-analyzer_code-node-101_code.ts`:
- Around line 2-5: The current URL regex (url.match
/github\.com\/([^\/]+)\/([^\/]+)/) allows query strings/fragments into the repo
capture (so repo becomes "repo?tab=readme"); update the pattern used where match
is computed to only capture owner and repo up to a slash, question mark, or hash
(e.g. use [^\/?#]+ for both captures and allow optional ".git" outside the
capture), then keep the existing repo cleanup (repo = match[2].replace(/\.git$/,
"")) — or alternatively trim trailing query/fragment parts from match[2] before
applying .replace; adjust the code around the url.match, match, owner, and repo
variables accordingly.

In `@kits/codebase-onboarding-agent/scripts/repo-analyzer_code-node-301_code.ts`:
- Around line 40-49: The repo tree code currently maps apiNode_201.output.tree
into allFiles and filters into filtered without checking whether the GitHub tree
response was truncated; detect the tree truncation flag (e.g., inspect
apiNode_201.output.truncated or the corresponding property on the API response)
when building allFiles/filtered and set or emit a clear reduced-fidelity
indicator (e.g., a warning flag or message returned alongside filtered) so
downstream code (the onboarding output) can surface that the file list is
incomplete; update the logic around allFiles/filtered and the surrounding return
payload to include this truncated status.
- Around line 1-14: The README decoding duplicates the logic in decodeContent;
modify decodeContent to accept an optional maxLen parameter (default 1500) and
use it for the slice, then replace the inline decode in the readme computation
to call decodeContent(readmeRaw, readmeStatus, 3000) (or similar calling
convention) so readmeRaw/readmeStatus/readme reuse the same helper and avoid
duplicated base64/slice logic.

---

Outside diff comments:
In `@kits/codebase-onboarding-agent/apps/AGENTS.md`:
- Around line 1-6: The AGENTS.md currently only contains a Next.js caution
banner and lacks any agent definitions; update AGENTS.md to add concrete agent
entries including: agent names/IDs, responsibility summaries (what each agent
should do), capabilities/inputs/outputs, configuration examples (env vars,
timeouts, model names), usage boundaries and failure modes, and a short runbook
for common tasks; reference the existing banner section (<!--
BEGIN:nextjs-agent-rules --> / <!-- END:nextjs-agent-rules -->) so the new
content follows it and ensure each agent block is clearly marked (e.g., "##
Agent: <AgentName>") and includes example config snippets and permissions
required.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5494325b-6522-420d-9172-1a18e8061572

📥 Commits

Reviewing files that changed from the base of the PR and between 1c720a1 and b882911.

⛔ Files ignored due to path filters (7)

• kits/codebase-onboarding-agent/apps/package-lock.json is excluded by !**/package-lock.json
• kits/codebase-onboarding-agent/apps/public/file.svg is excluded by !**/*.svg
• kits/codebase-onboarding-agent/apps/public/globe.svg is excluded by !**/*.svg
• kits/codebase-onboarding-agent/apps/public/next.svg is excluded by !**/*.svg
• kits/codebase-onboarding-agent/apps/public/vercel.svg is excluded by !**/*.svg
• kits/codebase-onboarding-agent/apps/public/window.svg is excluded by !**/*.svg
• kits/codebase-onboarding-agent/apps/src/app/favicon.ico is excluded by !**/*.ico

📒 Files selected for processing (74)

• kits/codebase-onboarding-agent/.gitignore
• kits/codebase-onboarding-agent/README.md
• kits/codebase-onboarding-agent/agent.md
• kits/codebase-onboarding-agent/apps/.gitignore
• kits/codebase-onboarding-agent/apps/AGENTS.md
• kits/codebase-onboarding-agent/apps/CLAUDE.md
• kits/codebase-onboarding-agent/apps/README.md
• kits/codebase-onboarding-agent/apps/components.json
• kits/codebase-onboarding-agent/apps/eslint.config.mjs
• kits/codebase-onboarding-agent/apps/next.config.ts
• kits/codebase-onboarding-agent/apps/package.json
• kits/codebase-onboarding-agent/apps/postcss.config.mjs
• kits/codebase-onboarding-agent/apps/src/app/actions.ts
• kits/codebase-onboarding-agent/apps/src/app/globals.css
• kits/codebase-onboarding-agent/apps/src/app/layout.tsx
• kits/codebase-onboarding-agent/apps/src/app/page.tsx
• kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/accordion.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/alert-dialog.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/alert.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/aspect-ratio.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/avatar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/badge.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/breadcrumb.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/button.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/calendar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/card.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/chart.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/checkbox.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/collapsible.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/command.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/context-menu.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/dialog.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/drawer.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/dropdown-menu.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/form.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/hover-card.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/input-otp.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/input.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/label.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/menubar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/navigation-menu.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/pagination.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/popover.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/progress.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/radio-group.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/resizable.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/scroll-area.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/select.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/separator.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sheet.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/skeleton.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/slider.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sonner.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/switch.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/table.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/tabs.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/textarea.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/toggle-group.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/toggle.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/tooltip.tsx
• kits/codebase-onboarding-agent/apps/src/hooks/use-mobile.ts
• kits/codebase-onboarding-agent/apps/src/lib/utils.ts
• kits/codebase-onboarding-agent/apps/tsconfig.json
• kits/codebase-onboarding-agent/constitutions/default.md
• kits/codebase-onboarding-agent/flows/repo-analyzer.ts
• kits/codebase-onboarding-agent/lamatic.config.ts
• kits/codebase-onboarding-agent/model-configs/repo-analyzer_instructor-llmnode-246_generative-model-name.ts
• kits/codebase-onboarding-agent/prompts/repo-analyzer_instructor-llmnode-246_system_0.md
• kits/codebase-onboarding-agent/prompts/repo-analyzer_instructor-llmnode-246_user_1.md
• kits/codebase-onboarding-agent/scripts/repo-analyzer_code-node-101_code.ts
• kits/codebase-onboarding-agent/scripts/repo-analyzer_code-node-301_code.ts

[github-actions]

Hi @HIMANSHU6001! 👋

Before this PR can be reviewed by maintainers, please resolve all comments and requested changes from the CodeRabbit automated review.

Steps to follow:

1. Read through all CodeRabbit comments carefully
2. Address each issue raised (or reply explaining why you disagree)
3. Push your fixes as new commits
4. Once all issues are resolved, comment here so we can re-review

This helps keep the review process efficient for everyone. Thank you! 🙏

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx (1)

64-64: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Mission directive: rename this component file to PascalCase.

onboarding-report.tsx sits in components/ but uses kebab-case. Please rename it to OnboardingReport.tsx and update imports for convention consistency.

As per coding guidelines: "Use PascalCase for React component filenames in the components/ directory".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx` at
line 64, Rename the component file from kebab-case to PascalCase: change
onboarding-report.tsx to OnboardingReport.tsx, keeping the exported component
OnboardingReportView unchanged; update all imports that reference
"./onboarding-report" (or similar paths) across the repo to import from
"./OnboardingReport" so module resolution and casing match, and run the
app/build to verify no import errors remain.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx`:
- Line 64: Rename the component file from kebab-case to PascalCase: change
onboarding-report.tsx to OnboardingReport.tsx, keeping the exported component
OnboardingReportView unchanged; update all imports that reference
"./onboarding-report" (or similar paths) across the repo to import from
"./OnboardingReport" so module resolution and casing match, and run the
app/build to verify no import errors remain.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 40a0f11e-60bd-4ac6-a5a8-ab86c51bd5a5

📥 Commits

Reviewing files that changed from the base of the PR and between b882911 and 144902c.

⛔ Files ignored due to path filters (1)

• kits/codebase-onboarding-agent/apps/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (15)

• kits/codebase-onboarding-agent/apps/biome.json
• kits/codebase-onboarding-agent/apps/package.json
• kits/codebase-onboarding-agent/apps/src/app/actions.ts
• kits/codebase-onboarding-agent/apps/src/components/onboarding-report.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/alert.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/breadcrumb.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/drawer.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/hover-card.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/menubar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/popover.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sonner.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/toggle.tsx
• kits/codebase-onboarding-agent/constitutions/default.md
• kits/codebase-onboarding-agent/lamatic.config.ts

[HIMANSHU6001]

I have addressed all the relevant CodeRabbit feedback and incorporated the necessary fixes. Please note that several comments were flagged on files automatically generated/exported by the Lamatic UI; as these are platform-standardized files, I have left them as-is.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

kits/codebase-onboarding-agent/apps/src/app/page.tsx (1)

27-35: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Mission-critical: reject whitespace-only inputs before dispatch.

Your mission: stop empty repo_url / developer_role payloads at the client. required accepts whitespace, but .trim() can produce empty strings and still trigger the server action.

Suggested patch

   async function onSubmit(e: React.FormEvent) {
     e.preventDefault();
+    const trimmedRepoUrl = repoUrl.trim();
+    const trimmedRole = role.trim();
+    const trimmedToken = token.trim();
+
+    if (!trimmedRepoUrl || !trimmedRole) {
+      setState({ kind: "error", message: "Repository URL and developer role are required." });
+      return;
+    }
+
     setState({ kind: "loading" });
     try {
       const res = await runOnboardingAgent({
-        repo_url: repoUrl.trim(),
-        developer_role: role.trim(),
-        ...(token.trim() ? { github_token: token.trim() } : {}),
+        repo_url: trimmedRepoUrl,
+        developer_role: trimmedRole,
+        ...(trimmedToken ? { github_token: trimmedToken } : {}),
       });

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/app/page.tsx` around lines 27 - 35,
In onSubmit, validate the trimmed inputs before calling runOnboardingAgent:
compute const repo = repoUrl.trim() and const developer_role = role.trim() (and
tokenTrim = token.trim() if needed), and if either repo or developer_role is an
empty string, setState to an error state and return early to prevent dispatch;
only call runOnboardingAgent with the trimmed values (and include github_token
only when tokenTrim is non-empty). This ensures whitespace-only values are
rejected client-side and avoids sending empty payload fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@kits/codebase-onboarding-agent/apps/src/app/page.tsx`:
- Around line 27-35: In onSubmit, validate the trimmed inputs before calling
runOnboardingAgent: compute const repo = repoUrl.trim() and const developer_role
= role.trim() (and tokenTrim = token.trim() if needed), and if either repo or
developer_role is an empty string, setState to an error state and return early
to prevent dispatch; only call runOnboardingAgent with the trimmed values (and
include github_token only when tokenTrim is non-empty). This ensures
whitespace-only values are rejected client-side and avoids sending empty payload
fields.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1df25014-31f8-4929-859f-a605557aff53

📥 Commits

Reviewing files that changed from the base of the PR and between 144902c and 0c2bcbf.

📒 Files selected for processing (2)

• kits/codebase-onboarding-agent/apps/src/app/page.tsx
• kits/codebase-onboarding-agent/apps/src/components/OnboardingReport.tsx

💤 Files with no reviewable changes (1)

• kits/codebase-onboarding-agent/apps/src/components/OnboardingReport.tsx

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

kits/codebase-onboarding-agent/apps/src/app/actions.ts (1)

10-14: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mission-critical: lock the target to GitHub on the server.

Right now repo_url accepts any valid URL, and developer_role still accepts whitespace-only input if someone bypasses the client trim. That breaks the kit contract (“public GitHub repository URL”) and forwards arbitrary targets into the Lamatic flow.

🛠️ Suggested patch

 const schema = z.object({
-  repo_url: z.string().url().min(1).max(500),
-  developer_role: z.string().min(1).max(200),
+  repo_url: z.string()
+    .trim()
+    .url()
+    .max(500)
+    .refine((value) => {
+      const url = new URL(value);
+      const parts = url.pathname.split("/").filter(Boolean);
+      return url.hostname === "github.com" && parts.length >= 2;
+    }, "Use a GitHub repository URL like https://github.com/owner/repo"),
+  developer_role: z.string().trim().min(1).max(200),
   github_token: z.string().max(500).optional(),
 });

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/app/actions.ts` around lines 10 - 14,
The current zod schema (schema) allows any valid URL for repo_url and permits
whitespace-only developer_role; update the schema to enforce a GitHub-only
target and to reject blank/whitespace roles by: (1) constrain repo_url to only
GitHub hosts/paths (e.g., validate hostname equals "github.com" and path matches
owner/repo or use a regex check) and ensure it represents an HTTP/HTTPS public
repo URL, and (2) trim and validate developer_role (use a preprocess trim or
z.string().transform to strip whitespace, then require min length > 0 and max
200) so pure-whitespace inputs are rejected. Apply these checks in the same
schema object (repo_url, developer_role) so server-side validation matches the
kit contract.

kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx (2)

100-105: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Mission leak: the reInit listener never gets extracted.

This effect subscribes to both "reInit" and "select", but cleanup removes only "select". If the component remounts or the Embla instance is replaced, stale reInit handlers can accumulate.

Suggested fix

     return () => {
-      api?.off("select", onSelect);
+      api.off("reInit", onSelect);
+      api.off("select", onSelect);
     };

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx` around
lines 100 - 105, The effect subscribes to api events "reInit" and "select" but
only removes the "select" listener in cleanup, causing leaked reInit handlers;
update the cleanup to also call api.off("reInit", onSelect) (i.e., ensure both
api.off("select", onSelect) and api.off("reInit", onSelect) are invoked) where
the current effect registers api.on("reInit", onSelect) and api.on("select",
onSelect) so the Embla/api instance doesn't accumulate stale listeners.

---

72-83: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mission risk: the carousel steals arrow keys from its own controls.

Because this runs on onKeyDownCapture, any nested input, textarea, select, or contenteditable inside a slide loses native arrow-key behavior before it can handle the event. It also hardcodes Left/Right even when orientation="vertical", so vertical carousels are not keyboard-operable as rendered.

Suggested fix

   const handleKeyDown = React.useCallback(
     (event: React.KeyboardEvent<HTMLDivElement>) => {
-      if (event.key === "ArrowLeft") {
+      const target = event.target as HTMLElement;
+      if (
+        target.isContentEditable ||
+        target.closest("input, textarea, select, [contenteditable='true']")
+      ) {
+        return;
+      }
+
+      const prevKey = orientation === "horizontal" ? "ArrowLeft" : "ArrowUp";
+      const nextKey = orientation === "horizontal" ? "ArrowRight" : "ArrowDown";
+
+      if (event.key === prevKey) {
         event.preventDefault();
         scrollPrev();
-      } else if (event.key === "ArrowRight") {
+      } else if (event.key === nextKey) {
         event.preventDefault();
         scrollNext();
       }
     },
-    [scrollPrev, scrollNext],
+    [orientation, scrollPrev, scrollNext],
   );
...
-        onKeyDownCapture={handleKeyDown}
+        onKeyDown={handleKeyDown}

Also applies to: 123-123

kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx (2)

97-107: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mission risk: the global sidebar shortcut hijacks editing shortcuts.

This listener runs for every Ctrl/Cmd+B keypress, even when focus is inside an input, textarea, select, or contenteditable. That breaks a very common formatting/browser shortcut while the user is typing.

Suggested fix

     React.useEffect(() => {
       const handleKeyDown = (event: KeyboardEvent) => {
-        if (event.key === SIDEBAR_KEYBOARD_SHORTCUT && (event.metaKey || event.ctrlKey)) {
+        const target = event.target as HTMLElement | null;
+        if (
+          event.defaultPrevented ||
+          target?.isContentEditable ||
+          target?.closest("input, textarea, select, [contenteditable='true']")
+        ) {
+          return;
+        }
+
+        if (
+          event.key.toLowerCase() === SIDEBAR_KEYBOARD_SHORTCUT &&
+          (event.metaKey || event.ctrlKey)
+        ) {
           event.preventDefault();
           toggleSidebar();
         }
       };

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx` around
lines 97 - 107, The global keydown handler handleKeyDown currently toggles the
sidebar on SIDEBAR_KEYBOARD_SHORTCUT regardless of focus; update handleKeyDown
to ignore the shortcut when the active/focused element is an input, textarea,
select, or contenteditable (or has a parent with contentEditable) so editing
shortcuts aren’t hijacked, then continue to call toggleSidebar() only when focus
is not in those editable elements; keep references to handleKeyDown,
SIDEBAR_KEYBOARD_SHORTCUT, and toggleSidebar so you can locate and modify the
effect in sidebar.tsx.

---

162-169: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Mission risk: the mobile branch drops the div contract.

Sidebar advertises React.ComponentProps<"div">, but on mobile those props are spread onto Sheet, not onto rendered DOM. That means id, data-*, DOM event handlers, and style behave differently by breakpoint.

Suggested fix

   (
     {
       side = "left",
       variant = "sidebar",
       collapsible = "offcanvas",
       className,
+      style,
       children,
       ...props
     },
     ref,
   ) => {
...
     if (isMobile) {
       return (
-        <Sheet open={openMobile} onOpenChange={setOpenMobile} {...props}>
+        <Sheet open={openMobile} onOpenChange={setOpenMobile}>
           <SheetContent
             ref={ref}
             data-sidebar="sidebar"
             data-mobile="true"
             className="w-(--sidebar-width) bg-sidebar p-0 text-sidebar-foreground [&>button]:hidden"
             style={
               {
                 "--sidebar-width": SIDEBAR_WIDTH_MOBILE,
+                ...(style as React.CSSProperties),
               } as React.CSSProperties
             }
             side={side}
+            {...props}
           >
             <SheetHeader className="sr-only">
               <SheetTitle>Sidebar</SheetTitle>
               <SheetDescription>Displays the mobile sidebar.</SheetDescription>
             </SheetHeader>

Also applies to: 189-209

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx` around
lines 162 - 169, Sidebar currently types its props as
React.ComponentProps<"div"> but spreads those props onto <Sheet> for the mobile
branch, causing DOM-only props (id, data-*, event handlers, style) to be
attached to a non-DOM component; update Sidebar to consistently attach DOM props
to the actual rendered div regardless of breakpoint by splitting/renaming
incoming props into sheetProps and divProps (or explicitly extracting
DOM-related props) and spread sheetProps onto <Sheet> while always spreading
divProps onto the DOM element inside the Sheet; modify the prop handling in the
Sidebar function (the props destructuring/block around
side/variant/collapsible/className/children) and the rendering branches
(including the mobile branch around the Sheet usage referenced in the diff and
the other similar block at lines ~189-209) so DOM attributes and event handlers
are never attached to Sheet.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/codebase-onboarding-agent/apps/src/app/page.tsx`:
- Around line 27-44: The onSubmit handler can be re-entered while a run is
in-flight; add a re-entrancy guard so you never start a second run while one is
running: create a submittingRef (useRef<boolean>(false)) and check it at the top
of onSubmit (or check state.kind === "loading") and return early if set; set
submittingRef.current = true immediately when starting the run (right after
setState({ kind: "loading" })) and clear it in the finally block after the await
of runOnboardingAgent, ensuring setState is still used to reflect success/error.
Reference onSubmit, runOnboardingAgent, setState and use a submittingRef to
avoid double-dispatchs from Enter or programmatic submits.

---

Outside diff comments:
In `@kits/codebase-onboarding-agent/apps/src/app/actions.ts`:
- Around line 10-14: The current zod schema (schema) allows any valid URL for
repo_url and permits whitespace-only developer_role; update the schema to
enforce a GitHub-only target and to reject blank/whitespace roles by: (1)
constrain repo_url to only GitHub hosts/paths (e.g., validate hostname equals
"github.com" and path matches owner/repo or use a regex check) and ensure it
represents an HTTP/HTTPS public repo URL, and (2) trim and validate
developer_role (use a preprocess trim or z.string().transform to strip
whitespace, then require min length > 0 and max 200) so pure-whitespace inputs
are rejected. Apply these checks in the same schema object (repo_url,
developer_role) so server-side validation matches the kit contract.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx`:
- Around line 100-105: The effect subscribes to api events "reInit" and "select"
but only removes the "select" listener in cleanup, causing leaked reInit
handlers; update the cleanup to also call api.off("reInit", onSelect) (i.e.,
ensure both api.off("select", onSelect) and api.off("reInit", onSelect) are
invoked) where the current effect registers api.on("reInit", onSelect) and
api.on("select", onSelect) so the Embla/api instance doesn't accumulate stale
listeners.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx`:
- Around line 97-107: The global keydown handler handleKeyDown currently toggles
the sidebar on SIDEBAR_KEYBOARD_SHORTCUT regardless of focus; update
handleKeyDown to ignore the shortcut when the active/focused element is an
input, textarea, select, or contenteditable (or has a parent with
contentEditable) so editing shortcuts aren’t hijacked, then continue to call
toggleSidebar() only when focus is not in those editable elements; keep
references to handleKeyDown, SIDEBAR_KEYBOARD_SHORTCUT, and toggleSidebar so you
can locate and modify the effect in sidebar.tsx.
- Around line 162-169: Sidebar currently types its props as
React.ComponentProps<"div"> but spreads those props onto <Sheet> for the mobile
branch, causing DOM-only props (id, data-*, event handlers, style) to be
attached to a non-DOM component; update Sidebar to consistently attach DOM props
to the actual rendered div regardless of breakpoint by splitting/renaming
incoming props into sheetProps and divProps (or explicitly extracting
DOM-related props) and spread sheetProps onto <Sheet> while always spreading
divProps onto the DOM element inside the Sheet; modify the prop handling in the
Sidebar function (the props destructuring/block around
side/variant/collapsible/className/children) and the rendering branches
(including the mobile branch around the Sheet usage referenced in the diff and
the other similar block at lines ~189-209) so DOM attributes and event handlers
are never attached to Sheet.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5d46b663-fcb0-49d9-b226-5029dac95544

📥 Commits

Reviewing files that changed from the base of the PR and between 0c2bcbf and a234d3c.

📒 Files selected for processing (5)

• kits/codebase-onboarding-agent/apps/src/app/actions.ts
• kits/codebase-onboarding-agent/apps/src/app/page.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx
• kits/codebase-onboarding-agent/apps/src/hooks/use-mobile.ts

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kits/codebase-onboarding-agent/apps/src/app/actions.ts`:
- Around line 10-13: The repo_url schema currently uses includes("github.com")
which is bypassable; update the repo_url validation (inside the schema z.object)
to parse the string as a URL (e.g., via a z.preprocess or z.string().refine) and
enforce that the hostname is exactly "github.com" (allowing optional
"www.github.com" if desired) and that the pathname matches exactly
"/<owner>/<repo>" (i.e., split pathname by "/" and require exactly two non-empty
segments, no extra segments or trailing paths like /issues); return a clear
custom error message like "Must be a github repo URL in the form
github.com/owner/repo" when validation fails. Ensure this change targets the
repo_url field inside the existing schema variable so other fields
(developer_role, github_token) are unchanged.

In `@kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx`:
- Around line 200-216: The computed mobile CSS var is being lost because
{...props} (which may include a style) is spread after the computed style on
SheetContent; move the props spread before the style prop or explicitly merge
user style so the computed "--sidebar-width": SIDEBAR_WIDTH_MOBILE cannot be
overwritten. Concretely, in the SheetContent JSX (symbol: SheetContent) either
place {...props} before style or destructure props (const { style: userStyle,
...rest } = props) and then pass <SheetContent {...rest} style={{
"--sidebar-width": SIDEBAR_WIDTH_MOBILE, ...userStyle }} ...> so
SIDEBAR_WIDTH_MOBILE always wins while preserving other user style entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 787d690a-6a9a-436f-a6ae-844b7bab9854

📥 Commits

Reviewing files that changed from the base of the PR and between a234d3c and 456bbd3.

📒 Files selected for processing (4)

• kits/codebase-onboarding-agent/apps/src/app/actions.ts
• kits/codebase-onboarding-agent/apps/src/app/page.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/carousel.tsx
• kits/codebase-onboarding-agent/apps/src/components/ui/sidebar.tsx

[akshatvirmani]

/validate

[github-actions]

📡 Running Studio validation — results will appear here shortly.

[github-actions]

:robot_face: AgentKit Structural Validation

New Contributions Detected

• Kit: kits/codebase-onboarding-agent

Check Results

Check	Status
No edits to existing kits	✅ Pass
Required root files present	✅ Pass
Flow .ts files present	✅ Pass
lamatic.config.ts valid	✅ Pass
No changes outside kits/	✅ Pass

---

🎉 All checks passed! This contribution follows the AgentKit structure.

[github-actions]

Failure recorded at 2026-06-03T15:49:01Z UTC. If this PR is not fixed within 4 weeks it will be automatically closed.

[akshatvirmani]

/validate

[github-actions]

📡 Running Studio validation — results will appear here shortly.

[github-actions]

📡 Running Studio validation — results will appear here shortly.