Previous memoization stored a single boolean at module scope. In any
Node context where the same module instance might be reused across
requests (VitePress SSG, dev server, preview server with `navigator`
polyfilled per request), the first request's UA would silently leak
into subsequent calls.
In production this code is browser-only — Cloud Run's Hono server
doesn't import `botDetect.ts`, and Cloudflare Pages serves the bundle
as static files with one fresh module instance per browser tab — so
the bug was theoretical. But the UA-keyed memo costs nothing extra
and removes the foot-gun: a long-lived process now invalidates the
cache automatically when a different UA shows up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Four items from gemini and claude reviews:
- botDetect.ts: Memoize isBot() result. navigator.userAgent is immutable
for the page lifetime, so re-running the isbot regex on every Turnstile
pre-mint debounce and post-submit re-mint check is wasted work. SSR
fallback is intentionally not cached so a module instance reused across
SSR/CSR still reaches the real UA check on first CSR call.
- usePackRequest.ts: Disambiguate the "submit-path NOT gated" comment —
it was confusing because the new post-submit re-mint also lives inside
submitRequest's finally. Reworded to "click-path acquireTurnstileToken"
to make clear which call site is intentionally skipped.
- usePackRequest.ts: Update the userTouched comment to reflect autofill
reality — modern Chromium/Firefox DO fire input events on autofill, so
the rationale ("autofill doesn't trigger") was already stale. The new
isBot() guard covers the gap for well-behaved crawler UAs.
- usePackRequest.ts: Add English glosses for the Japanese CF dashboard
labels (提示チャレンジ / 未解決) so non-Japanese-reading maintainers can
follow the comment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace hand-rolled bot regex with the isbot package (~6.5 KB ESM,
zero deps) to match server-side detection. Eliminates divergence
between client and server bot detection logic.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move throttle state inside factory function (gemini)
- Rename inner function to botGuardHandler to avoid shadowing (gemini)
- Add requestId fallback to 'unknown' for undefined case (coderabbit)
- Remove bare 'bot'/'spider'/'crawler' from client regex to prevent
false positives on legitimate devices like Cubot phones (devin)
- Update server package-lock.json with isbot dependency (devin)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Applebot and other JS-capable crawlers were visiting permalink URLs
(repomix.com/?repo=xxx), executing the frontend JS which auto-triggers
POST /api/pack on mount. This caused massive parallel git clone
operations that exceeded the 1024 MiB memory limit on Cloud Run,
resulting in OOM crash loops.
- Add server-side botGuardMiddleware using `isbot` package to reject
bot requests to /api/* with 403 before they consume resources
- Add frontend bot detection to skip auto-pack execution in onMounted
when the user agent is a known crawler
- Place bot guard before rate limiter to avoid counting bot requests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix type error in validateUrlParameters format validation
- Add proper error handling for URL length limit violations
- Add comprehensive JSDoc documentation for public functions
- Improve user experience with better error reporting
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add console warning when both 'format' and 'style' are specified
- Prefer 'format' parameter over 'style' for consistency
- Improve user experience by clearly indicating parameter precedence
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace 'any' with 'unknown' for better type safety
- Convert forEach to for...of loop for better performance
- Use proper type casting with unknown intermediate step
- Revert tooltip colors back to original styling (#333 background, white text)
- Fix all biome lint warnings
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Extract URL parameter constants to eliminate duplication
- Create centralized key mapping for include/ignore patterns
- Extract shouldShowReset logic to reusable utility function
- Add URL parameter validation with length limits and format checks
- Improve error handling for URL operations with try-catch
- Add proper return types and error reporting for updateUrlParameters
- Enhance auto-execution error handling with async/await
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implement comprehensive URL query parameter functionality for Repomix web interface
to enable easy sharing and bookmarking of configurations.
Features:
- Parse URL parameters on page load and apply settings automatically
- Update URL only when Pack button is pressed (not real-time)
- Exclude default values from URL parameters to keep URLs clean
- Reset functionality with icon-only button next to Pack button
- Hover tooltip for reset button explaining functionality
- Support for all pack options: format, patterns, boolean flags
- Auto-pack when valid repository URL is provided via parameters
Changes:
- Add urlParams.ts utility for parsing and updating URL parameters
- Update usePackOptions to initialize from URL parameters
- Modify usePackRequest to handle URL parameter logic
- Add reset button with tooltip next to Pack button (appears after Pack execution)
- Remove previous reset button from options panel
- Implement smart URL generation (only non-default values included)
Examples:
- Basic: ?repo=https://github.com/user/repo&format=markdown
- Advanced: ?repo=https://github.com/user/repo&include=**/*.cs&compress=trueResolves#764🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Kazuki Yamada