chore: white-label for RitualChain#1
Conversation
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 6 potential issues.
Bugbot Autofix prepared fixes for all 6 issues found in the latest run.
- ✅ Fixed: E2E Redis container name mismatch
- Updated docker-compose.yml Dragonfly container_name to ritualchain-dragonfly so e2e docker exec calls reach the running Redis instance.
- ✅ Fixed: Feedback source type not migrated
- Added SQL migration 0126 to rewrite quackback rows to ritualchain and taught ensureRitualChainFeedbackSource to rename any legacy source at startup.
- ✅ Fixed: Stored embed nodes no longer parse
- Added legacy quackbackEmbed node support in the editor, sanitizer normalization, HTML parsing, and embed hydration for data-quackback-embed placeholders.
- ✅ Fixed: Zendesk app setting key renamed
- Zendesk sidebar client now falls back to metadata.settings.quackback_url when ritualchain_url is unset.
- ✅ Fixed: SSO DNS verification host renamed
- Domain verification now checks both _ritualchain-verify and legacy _quackback-verify TXT hosts, with UI showing either record.
- ✅ Fixed: Encryption HKDF labels changed
- decrypt() now retries with legacy quackback HKDF salt and info strings when decryption with ritualchain labels fails.
Or push these changes by commenting:
@cursor push 1fb4b58412
You can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
| // The portal-access decision is cached under 'settings:tenant'. Drop it so | ||
| // the dev server evaluates the new visibility on the next request. | ||
| execFileSync('docker', ['exec', 'quackback-dragonfly', 'redis-cli', 'del', 'settings:tenant'], { | ||
| execFileSync('docker', ['exec', 'ritualchain-dragonfly', 'redis-cli', 'del', 'settings:tenant'], { |
There was a problem hiding this comment.
E2E Redis container name mismatch
Medium Severity
E2e helpers run docker exec against ritualchain-dragonfly, but local docker-compose.yml still names the Dragonfly service quackback-dragonfly. Magic-link rate-limit flushing and tenant-settings cache invalidation fail silently or error during e2e and local dev.
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
| await sql` | ||
| INSERT INTO feedback_sources (id, source_type, delivery_mode, name, enabled) | ||
| VALUES (${id}, 'quackback', 'passive', 'Quackback', true) | ||
| VALUES (${id}, 'ritualchain', 'passive', 'RitualChain', true) |
There was a problem hiding this comment.
Feedback source type not migrated
High Severity
Scripts and runtime logic now treat the passive native source as ritualchain, while existing databases still store quackback on feedback_sources and raw_feedback_items. Startup can add a second source, backfills miss legacy rows, and pipeline checks like sourceType === 'ritualchain' no longer match historical data.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
| return [ | ||
| { | ||
| tag: 'div[data-quackback-embed]', | ||
| tag: 'div[data-ritualchain-embed]', |
There was a problem hiding this comment.
Stored embed nodes no longer parse
High Severity
TipTap embeds were renamed to ritualchainEmbed with data-ritualchain-embed placeholders, without compatibility for saved quackbackEmbed JSON or data-quackback-embed HTML. Existing posts, changelog entries, and chat content lose embed cards after upgrade.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
|
|
||
| const apiKey = metadata.settings.api_key | ||
| const baseUrl = metadata.settings.quackback_url | ||
| const baseUrl = metadata.settings.ritualchain_url |
There was a problem hiding this comment.
Zendesk app setting key renamed
Medium Severity
The sidebar client reads metadata.settings.ritualchain_url only. Zendesk installations still configured with quackback_url no longer receive a base URL, breaking API calls until each app instance is reconfigured.
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
| <p>Add this DNS TXT record, then click Verify:</p> | ||
| <code className="block break-all"> | ||
| _quackback-verify.{domain.name} = qb-domain-verify={domain.verificationToken} | ||
| _ritualchain-verify.{domain.name} = qb-domain-verify={domain.verificationToken} |
There was a problem hiding this comment.
SSO DNS verification host renamed
Medium Severity
Domain verification instructions and server lookup use _ritualchain-verify TXT records. Tenants who already published _quackback-verify records cannot pass verification or re-verify until DNS is updated, which can block SSO changes after upgrade.
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.
| const info = 'quackback:v1:integration-platform-credentials' | ||
| const key = Buffer.from(hkdfSync('sha256', secretKey, 'quackback-encryption-salt-v1', info, 32)) | ||
| const info = 'ritualchain:v1:integration-platform-credentials' | ||
| const key = Buffer.from(hkdfSync('sha256', secretKey, 'ritualchain-encryption-salt-v1', info, 32)) |
There was a problem hiding this comment.
Encryption HKDF labels changed
High Severity
Integration credential encryption now derives keys with ritualchain HKDF salt and info strings. Ciphertext written under the previous quackback labels cannot be decrypted after upgrade, breaking SSO and integration secrets until credentials are re-entered.
Reviewed by Cursor Bugbot for commit c2d80a2. Configure here.



White-label all Quackback branding → RitualChain branding. Product name, org references, domain (quackback.io → ritual.net), and internal package scopes updated.
Note
High Risk
Widget SDK, webhook consumers, and stored content/encryption keyed on old names may break without coordinated migrations; encryption salt/info changes can invalidate existing platform credentials until re-seeded.
Overview
Replaces Quackback with RitualChain across the product: user-facing copy, docs, legal/CLA, GitHub and cloud URLs (
ritual.net), and monorepo package scopes (@quackback/*→@ritualchain/*).Several identifiers change behavior, not just labels. Rich-text embeds use the TipTap node
ritualchainEmbedanddata-ritualchain-embedplaceholders (feature flagritualchainEmbeds). Outbound webhooks documentX-RitualChain-*headers instead ofX-Quackback-*. The widget iframe protocol usesritualchain:*postMessagetypes andritualchain:anon-tokenlocalStorage keys. Integration credential encryption uses new HKDF info/salt strings; scripts and backfills treat feedbacksource_typeritualchain(replacingquackback). E2E and Docker helpers targetritualchain-dragonflyand updated branding assertions.Reviewed by Cursor Bugbot for commit c2d80a2. Bugbot is set up for automated code reviews on this repo. Configure here.