🧹 [Code Health] Fix swallowed errors in validators.ts catch blocks

[is0692vs]

🎯 What: Updated empty catch blocks in getTrustedFontOrigins and isTrustedFontUrl within src/lib/validators.ts to capture and log the errors using the centralized logger.
💡 Why: Empty catch blocks hide potential issues and make debugging difficult. Logging these errors improves visibility and maintainability without altering the fallback behavior.
✅ Verification: Ensured src/lib/logger.ts exists, verified type checking with tsc --noEmit, and confirmed all tests and lint rules pass.
✨ Result: Errors during URL parsing are now explicitly logged as warnings instead of being silently ignored.

---

PR created automatically by Jules for task 11368467773991883867 started by @is0692vs

Greptile Summary

空の catch ブロックに logger.warn を追加することで、getTrustedFontOrigins と isTrustedFontUrl でのエラーが無言で握りつぶされる問題を修正しています。フォールバック動作は変更なく、デバッグ時の可視性が向上します。

• getTrustedFontOrigins: 不正な APP_URL 環境変数を検出した際に警告ログを出力するよう変更。
• isTrustedFontUrl: URL パースに失敗した際に警告ログを出力するよう変更。ただし url と allowedOrigin のどちらが原因かはログメッセージから判断できない。

Confidence Score: 4/5

空の catch ブロックにログ出力を追加するだけの変更で、フォールバック動作は維持されており、マージしても安全です。

変更内容はシンプルで影響範囲が小さく、既存のフォールバック挙動は維持されています。インポート後の空行不足とログメッセージの曖昧さという軽微なスタイル上の課題はありますが、動作上の問題はありません。

特に注意が必要なファイルはありませんが、src/lib/validators.ts の isTrustedFontUrl catch ブロックのログメッセージは、どちらのパラメータが問題を引き起こしたか特定できるよう改善の余地があります。

Important Files Changed

Filename	Overview
src/lib/validators.ts	空の catch ブロックを logger.warn に置き換え、エラーの可視性を向上。インポート後の空行不足とログメッセージの曖昧さという軽微なスタイル課題あり。

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["isTrustedFontUrl(url, allowedOrigin?)"] --> B["new URL(url)"]
    B -->|パース成功| C{HTTPSか？}
    C -->|No| D["return false"]
    C -->|Yes| E{JSDelivr Noto Font?}
    E -->|Yes| F["return true"]
    E -->|No| G{allowedOrigin あり？}
    G -->|No| H["return false"]
    G -->|Yes| I["new URL(allowedOrigin)"]
    I -->|パース成功| J{origin 一致 & 信頼済み？}
    J -->|Yes| K["return true"]
    J -->|No| H
    B -->|パース失敗| L["logger.warn(..., err)"]
    I -->|パース失敗| L
    L --> M["return false"]

Loading

Prompt To Fix All With AI

Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
src/lib/validators.ts:1-3
インポート文の直後に空行がありません。TypeScript の一般的なスタイルガイドでは、インポートブロックと最初のコードブロック（JSDoc コメントを含む）の間に空行を入れることが推奨されています。

```suggestion
import { logger } from "./logger";

/**
 * Validates a GitHub username.
```

### Issue 2 of 2
src/lib/validators.ts:125-128
`isTrustedFontUrl` の catch ブロックは `new URL(url)`（101行目）と `new URL(allowedOrigin)`（115行目）の両方で発生した例外を捕捉します。現在のログメッセージ `"Invalid URL provided to isTrustedFontUrl."` は `url` が不正であるかのように読めますが、`allowedOrigin` が不正な場合も同じメッセージが出力されます。どちらのパラメータが原因かをデバッグ時に把握しやすくするため、より具体的なメッセージにすると良いでしょう。

```suggestion
  } catch (err) {
    logger.warn("Invalid URL provided to isTrustedFontUrl (url or allowedOrigin is malformed).", err);
    return false;
  }
```

_{Reviews (1): Last reviewed commit: "🧹 [Code Health] Fix swallowed errors in..." | Re-trigger Greptile}

Greptile also left 2 inline comments on this PR.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
github-user-summary	Ignored		Jun 6, 2026 3:25am

[coderabbitai]

Warning

Review limit reached

@is0692vs, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 47 minutes and 59 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: dd0e4860-7206-44dc-b3e6-1815241cc4d6

📥 Commits

Reviewing files that changed from the base of the PR and between 4e9c001 and ef9a11e.

📒 Files selected for processing (2)

• src/lib/__tests__/validators.test.ts
• src/lib/validators.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jules-11368467773991883867-26948e02

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces logging to catch blocks in src/lib/validators.ts to capture errors during URL parsing and configuration handling. The reviewer recommends reverting the logging change in isTrustedFontUrl because logging every invalid URL input can lead to log pollution and potential log-flooding vulnerabilities if the input is user-controlled.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Logging a warning for every invalid URL passed to isTrustedFontUrl can lead to log pollution and potential log-flooding vulnerabilities if the input is user-controlled. Since new URL(url) throwing an error is the standard way to detect invalid URLs in JavaScript/TypeScript, an invalid URL is an expected validation failure rather than an exceptional system warning.

It is recommended to revert this change for isTrustedFontUrl and keep the silent catch block, as returning false is the correct and fully handled outcome for invalid inputs.

  } catch {
    return false;
  }

[greptile-apps]

インポート文の直後に空行がありません。TypeScript の一般的なスタイルガイドでは、インポートブロックと最初のコードブロック（JSDoc コメントを含む）の間に空行を入れることが推奨されています。

Suggested change

	import { logger } from "./logger";
	/**
	* Validates a GitHub username.
	import { logger } from "./logger";
	/**
	* Validates a GitHub username.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/lib/validators.ts
Line: 1-3

Comment:
インポート文の直後に空行がありません。TypeScript の一般的なスタイルガイドでは、インポートブロックと最初のコードブロック（JSDoc コメントを含む）の間に空行を入れることが推奨されています。

```suggestion
import { logger } from "./logger";

/**
 * Validates a GitHub username.
```

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

isTrustedFontUrl の catch ブロックは new URL(url)（101行目）と new URL(allowedOrigin)（115行目）の両方で発生した例外を捕捉します。現在のログメッセージ "Invalid URL provided to isTrustedFontUrl." は url が不正であるかのように読めますが、allowedOrigin が不正な場合も同じメッセージが出力されます。どちらのパラメータが原因かをデバッグ時に把握しやすくするため、より具体的なメッセージにすると良いでしょう。

Suggested change

	} catch (err) {
	logger.warn("Invalid URL provided to isTrustedFontUrl.", err);
	return false;
	}
	} catch (err) {
	logger.warn("Invalid URL provided to isTrustedFontUrl (url or allowedOrigin is malformed).", err);
	return false;
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/lib/validators.ts
Line: 125-128

Comment:
`isTrustedFontUrl` の catch ブロックは `new URL(url)`（101行目）と `new URL(allowedOrigin)`（115行目）の両方で発生した例外を捕捉します。現在のログメッセージ `"Invalid URL provided to isTrustedFontUrl."` は `url` が不正であるかのように読めますが、`allowedOrigin` が不正な場合も同じメッセージが出力されます。どちらのパラメータが原因かをデバッグ時に把握しやすくするため、より具体的なメッセージにすると良いでしょう。

```suggestion
  } catch (err) {
    logger.warn("Invalid URL provided to isTrustedFontUrl (url or allowedOrigin is malformed).", err);
    return false;
  }
```

How can I resolve this? If you propose a fix, please make it concise.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!