Skip to content

Add offline search + Ask AI coming-soon, resolve all npm audit vulnerabilities#16

Merged
salevine merged 3 commits into
mainfrom
docs/initial-help-center
Jun 15, 2026
Merged

Add offline search + Ask AI coming-soon, resolve all npm audit vulnerabilities#16
salevine merged 3 commits into
mainfrom
docs/initial-help-center

Conversation

@salevine

@salevine salevine commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds the two search-related features from appsmith-docs, adapted for Kite, and clears the repo's npm audit vulnerabilities.

Search (works now)

  • Offline search via @easyops-cn/docusaurus-search-local — builds the index from Markdown at build time. Chosen over Algolia so search works immediately with no external index or live-site crawl to provision.
  • Presented through a segmented navbar control (swizzled theme/SearchBar wrapping the original search bar).

Ask AI (coming soon)

  • An intentional "coming soon" placeholder dialog — no OpenAI key or serverless function. Cleanly isolated (AskAIComingSoon) so it can be swapped for a real assistant later by changing one import.

Dependency hygiene

  • npm audit fix (non-breaking) bumped @docusaurus/* 3.9.2 → 3.10.1 within the existing range and cleared the critical shell-quote advisory among others.
  • Added npm overrides pinning the two remaining vulnerable, build/dev-only transitive deps to patched releases: serialize-javascript ^7.0.5 and uuid ^11.1.1.
  • npm audit now reports 0 vulnerabilities. (Merging clears the Dependabot alerts on main.)

Review

A multi-agent council reviewed the change (architecture, security, QA, UX, product, DX, performance) → APPROVE WITH RISKS, all findings resolved or tracked. A targeted security re-review of the dependency change → APPROVE (override targets verified legitimate, integrity-matched, zero new transitive deps).

Fixes applied from review: inlined the robot icon so currentColor works in dark mode, neutral-styled the "Soon" badge for AA contrast, added dialog focus management, and documented the search caveat.

Verification

  • npm run build succeeds and generates search-index.json + the /search route.
  • npm start dev server boots and compiles (exercises the overridden uuid via sockjs).
  • Navbar renders a single search control; Ask AI dialog opens/closes (Escape, click-outside, button).
  • npm audit → 0 vulnerabilities.

Notes for reviewers

  • Search results require a production build: npm run build && npm run serve. The index is not generated under npm start (documented in the README) — the dev search box opens but returns no results in dev. This is expected plugin behavior.
  • After pulling this branch, run npm install then npm run clear if you hit a webpack ChunkLoadError from a stale cache/tab.

🤖 Generated with Claude Code

salevine and others added 2 commits June 13, 2026 17:14
@salevine @claude
docs: add offline search and Ask AI coming-soon control
9e75e09 
Add a segmented navbar search control adapted from appsmith-docs:

- Search: powered by the offline @easyops-cn/docusaurus-search-local
  plugin, which builds the index from Markdown at build time. Chosen
  over Algolia so search works immediately with no external index or
  live-site crawl.
- Ask AI: an intentional "coming soon" placeholder (no OpenAI key or
  serverless function), cleanly isolated for a later swap.

Swizzles theme/SearchBar to wrap the original search bar, inlines the
robot icon so it recolors via currentColor in dark mode, and documents
that the search index only builds via `npm run build` (not `npm start`).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@salevine @claude
chore(deps): resolve all npm audit vulnerabilities
f8f0b1c 
- npm audit fix (non-breaking) bumped @docusaurus/* 3.9.2 -> 3.10.1
  (within the existing ^3.9.2 range) and patched leaf deps, clearing
  the critical shell-quote advisory and others (49 -> 24).
- Added npm overrides pinning the two remaining vulnerable transitive
  build/dev-only deps to their patched releases:
  - serialize-javascript ^7.0.5 (high; via webpack copy/minimizer plugins)
  - uuid ^11.1.1 (moderate; via webpack-dev-server -> sockjs)

npm audit now reports 0 vulnerabilities. Verified: production build
succeeds and still generates the search index, and the dev server
(npm start, which exercises the overridden uuid via sockjs) boots and
compiles cleanly.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vercel

vercel Bot commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
kite-docs Ready Ready Preview, Comment Jun 15, 2026 2:46pm

Request Review

@salevine salevine requested a review from wyattwalter June 13, 2026 21:34
@salevine salevine merged commit 6b85292 into main Jun 15, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wyattwalter wyattwalter wyattwalter approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@salevine @wyattwalter