docs: changes for v5.1.0#109
Conversation
📝 WalkthroughWalkthroughAdded Tailscale authentication and OIDC integration guides, expanded OIDC and access-control documentation, documented proxy client-IP configuration, refreshed configuration and v5.1.0 release references, added browser-based client generation, and updated site presentation. ChangesDocumentation and site refresh
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant User
participant Tinyauth
participant Tailscale
User->>Tinyauth: Open protected application
Tinyauth->>Tailscale: Validate user through Tailscale API
Tailscale-->>Tinyauth: Return user identity
Tinyauth-->>User: Complete authenticated login
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (5)
src/pages/index.astro (1)
114-114: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick winConsider hosting the certification mark image locally and adding a height attribute.
The certification mark is loaded from an external URL (
openid.net) while the hero image is already served locally from/tinyauth-dark.png. Hosting the certification mark locally would avoid a dependency on an external server. Additionally, the<img>haswidth="200"but noheightattribute, which can cause layout shift before the image loads.♻️ Proposed improvements
-<img alt="OpenID Connect™ Certified" width="200" src="https://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg" /> +<img alt="OpenID Connect™ Certified" width="200" height="75" loading="lazy" src="/oidc-certified-mark.jpg" />🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/pages/index.astro` at line 114, Update the certification mark image in the page markup to use a locally hosted asset instead of the external openid.net URL, and add an explicit height attribute alongside the existing width to reserve its rendered dimensions.src/content/docs/docs/guides/access-controls.mdx (1)
104-122: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winThe policy examples don't illustrate the policy behavior.
Both the allow-by-default and deny-by-default examples reference the same domain label (
tinyauth.apps.myapp.config.domain: myapp.example.com) which was already shown in the Discovery section above. Neither example shows an actual ACL configuration (e.g.,users.alloworusers.block) to demonstrate how the policy changes what's permitted. Consider adding a concrete ACL label to each example to make the behavioral difference clear.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/content/docs/docs/guides/access-controls.mdx` around lines 104 - 122, Update the allow-by-default and deny-by-default examples in the access-controls documentation to include concrete ACL Docker labels, such as users.allow or users.block, alongside the existing domain label. Show configurations that clearly demonstrate the different policy behavior while preserving the surrounding policy explanations.src/content/docs/docs/guides/oidc.mdx (1)
86-86: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winAdd punctuation before "however" to fix run-on sentence.
"Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence" is a run-on. Use a semicolon or period before "however."
✏️ Proposed fix
- Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file: + Tinyauth's core idea is to be a stateless application; however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file:🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/content/docs/docs/guides/oidc.mdx` at line 86, Update the sentence in the OIDC guide by adding a semicolon or period before “however” to separate the two independent clauses, while preserving the existing meaning and subsequent storage guidance.src/content/docs/docs/integrations/tailscale.mdx (1)
75-77: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winExternal image URL from Tailscale's Next.js CDN is fragile.
The
srcURL (https://tailscale.com/_next/image?url=...) is a Next.js image optimization endpoint with a hashed filename (sign-up-oidc.b699a417.png). If Tailscale rebuilds their site, the hash changes and this image breaks silently. Consider downloading the image and hosting it locally under/public/screenshots/tailscale/, consistent with the screenshots in the Tailscale authentication guide.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/content/docs/docs/integrations/tailscale.mdx` around lines 75 - 77, Replace the fragile Tailscale Next.js CDN URL in the “Tailscale Sign-up with OIDC” image with a locally hosted asset under /public/screenshots/tailscale/. Preserve the existing image dimensions and alt text, and reference the downloaded image through the project’s standard public-asset path.src/content/docs/docs/guides/tailscale.mdx (1)
14-18: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winMention
TINYAUTH_AUTH_TRUSTEDPROXIESfor proxy setups
Add a short note under the proxy warning that if a reverse proxy forwards the client IP, Tinyauth also needs that proxy listed inTINYAUTH_AUTH_TRUSTEDPROXIES; otherwise Tailscale detection can still see the proxy IP.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/content/docs/docs/guides/tailscale.mdx` around lines 14 - 18, Update the Tailscale proxy warning in the documentation to add a short note about configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse proxy that forwards the client IP, so Tailscale detection does not use the proxy IP.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/content/docs/docs/about.mdx`:
- Line 18: Update the rewritten use-cases text in the about documentation:
correct “environemnts” to “environments” and “granual” to “granular,” and insert
a comma before “which” in the non-restrictive clause.
In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 98-102: Update the Access Control Policy documentation to correct
“opiton” to “option” and clarify that the policy can be configured through
either the TINYAUTH_AUTH_ACLS_POLICY environment variable or the
--auth.acls.policy CLI flag.
In `@src/content/docs/docs/guides/oidc.mdx`:
- Around line 43-71: The Supported claims documentation incorrectly categorizes
groups as an OpenID Connect Core 1.0 standard claim. Update the claims
description near the Supported claims section to identify groups as a
non-standard extension, or exclude it from the standard-claims list while
preserving its documented support.
In `@src/content/docs/docs/guides/tailscale.mdx`:
- Line 16: In the Tailscale guide text, replace the misspelled word “defers”
with “differs” in the sentence describing variation between proxies, leaving the
rest of the sentence unchanged.
In `@src/content/docs/docs/reference/changelog.mdx`:
- Line 17: Update the v5.1.0 changelog subsection headings New Features,
Improvements, Fixes, and Technical from h2 to h3, matching the existing v5.0.7
structure and preserving version headers as the higher-level headings.
---
Nitpick comments:
In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 104-122: Update the allow-by-default and deny-by-default examples
in the access-controls documentation to include concrete ACL Docker labels, such
as users.allow or users.block, alongside the existing domain label. Show
configurations that clearly demonstrate the different policy behavior while
preserving the surrounding policy explanations.
In `@src/content/docs/docs/guides/oidc.mdx`:
- Line 86: Update the sentence in the OIDC guide by adding a semicolon or period
before “however” to separate the two independent clauses, while preserving the
existing meaning and subsequent storage guidance.
In `@src/content/docs/docs/guides/tailscale.mdx`:
- Around line 14-18: Update the Tailscale proxy warning in the documentation to
add a short note about configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse
proxy that forwards the client IP, so Tailscale detection does not use the proxy
IP.
In `@src/content/docs/docs/integrations/tailscale.mdx`:
- Around line 75-77: Replace the fragile Tailscale Next.js CDN URL in the
“Tailscale Sign-up with OIDC” image with a locally hosted asset under
/public/screenshots/tailscale/. Preserve the existing image dimensions and alt
text, and reference the downloaded image through the project’s standard
public-asset path.
In `@src/pages/index.astro`:
- Line 114: Update the certification mark image in the page markup to use a
locally hosted asset instead of the external openid.net URL, and add an explicit
height attribute alongside the existing width to reserve its rendered
dimensions.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 3f06885d-5ed0-44f0-8987-8534f9bff686
⛔ Files ignored due to path filters (7)
public/screenshots/oidc/authorize.pngis excluded by!**/*.pngpublic/screenshots/tailscale/tailscale_api_token.pngis excluded by!**/*.pngpublic/screenshots/tailscale/tailscale_keys.pngis excluded by!**/*.pngpublic/screenshots/tailscale/tailscale_login.pngis excluded by!**/*.pngpublic/screenshots/tailscale/tailscale_settings.pngis excluded by!**/*.pngpublic/tinyauth-dark.pngis excluded by!**/*.pngsrc/gen/generated_configuration.mdxis excluded by!**/gen/**
📒 Files selected for processing (14)
.gitignoreastro.config.mjssrc/content/docs/docs/about.mdxsrc/content/docs/docs/guides/access-controls.mdxsrc/content/docs/docs/guides/oidc.mdxsrc/content/docs/docs/guides/tailscale.mdxsrc/content/docs/docs/integrations/tailscale.mdxsrc/content/docs/docs/integrations/zerobyte.mdxsrc/content/docs/docs/reference/changelog.mdxsrc/content/docs/docs/reference/configuration.mdxsrc/pages/index.astrosrc/styles/home.csssrc/styles/theme.csssrc/styles/tools.css
# Conflicts: # astro.config.mjs
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/content/docs/docs/community/kubernetes.mdx`:
- Around line 80-81: Add TINYAUTH_AUTH_TRUSTEDPROXIES to the Kubernetes
Deployment example’s container env configuration, using the Nginx/Istio proxy IP
as its value, so the copy-paste manifest includes the setting required for IP
address ACLs.
In `@src/content/docs/docs/getting-started.mdx`:
- Around line 111-112: Update the Docker deployment guidance in the
getting-started documentation to avoid presenting 172.17.0.0/16 as a universal
trusted proxy range. Either explain how to inspect and configure the actual
Traefik network CIDR, or define a custom Compose subnet and instruct users to
use that subnet for TINYAUTH_AUTH_TRUSTEDPROXIES.
In `@src/content/docs/docs/integrations/beszel.mdx`:
- Line 75: Update the “Display Name” table description to insert a comma before
“for example,” while preserving the existing wording and formatting.
- Around line 57-59: Update the Beszel OAuth setup instructions to correct
“edits controls” to “edit controls” and streamline the surrounding wording to
remove repetitive phrasing while preserving the existing navigation path and
login guidance.
- Around line 87-90: Improve the grammar in the Beszel setup instructions by
replacing the phrase “so as it creates” in the USER_CREATION guidance with
natural wording that clearly explains enabling the setting creates the user.
In `@src/content/docs/docs/reference/changelog.mdx`:
- Line 55: Update the lockdown mode changelog entry to replace “required failed
attempt amount” with “the number of failed attempts required,” while preserving
the rest of the statement.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 36e217af-2cb6-4c5c-952d-09fb4665e05b
⛔ Files ignored due to path filters (6)
public/screenshots/beszel/beszel_collection_controls.pngis excluded by!**/*.pngpublic/screenshots/beszel/beszel_create_provider.pngis excluded by!**/*.pngpublic/screenshots/beszel/beszel_external_auths.pngis excluded by!**/*.pngpublic/screenshots/beszel/beszel_login.pngis excluded by!**/*.pngpublic/screenshots/beszel/beszel_providers.pngis excluded by!**/*.pngpublic/screenshots/beszel/beszel_system_users.pngis excluded by!**/*.png
📒 Files selected for processing (12)
astro.config.mjssrc/content/docs/docs/about.mdxsrc/content/docs/docs/community/caddy.mdxsrc/content/docs/docs/community/kubernetes.mdxsrc/content/docs/docs/getting-started.mdxsrc/content/docs/docs/guides/access-controls.mdxsrc/content/docs/docs/guides/advanced.mdxsrc/content/docs/docs/guides/nginx-proxy-manager.mdxsrc/content/docs/docs/guides/oidc.mdxsrc/content/docs/docs/guides/tailscale.mdxsrc/content/docs/docs/integrations/beszel.mdxsrc/content/docs/docs/reference/changelog.mdx
🚧 Files skipped from review as they are similar to previous changes (5)
- src/content/docs/docs/guides/tailscale.mdx
- src/content/docs/docs/about.mdx
- src/content/docs/docs/guides/access-controls.mdx
- astro.config.mjs
- src/content/docs/docs/guides/oidc.mdx
| It is recommended (and required for IP address ACLs) that you also set the `TINYAUTH_AUTH_TRUSTEDPROXIES` environment variable to the IP address of your Nginx/Istio instance so Tinyauth can trust the `X-Real-IP` and `X-Forwarded-For`headers and get the correct client IP. | ||
|
|
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Add the trusted-proxy setting to the Deployment example.
The text says this setting is required for IP ACLs, but the preceding Deployment manifest does not show where to add TINYAUTH_AUTH_TRUSTEDPROXIES. Add it under spec.template.spec.containers[].env or include an explicit follow-up YAML snippet so the copy-paste example is complete.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/community/kubernetes.mdx` around lines 80 - 81, Add
TINYAUTH_AUTH_TRUSTEDPROXIES to the Kubernetes Deployment example’s container
env configuration, using the Nginx/Istio proxy IP as its value, so the
copy-paste manifest includes the setting required for IP address ACLs.
| It is recommended (and required for IP address ACLs) that you set the `TINYAUTH_AUTH_TRUSTEDPROXIES` environment variable (`--auth.trustedproxies` for CLI flags and `auth.trustedProxies` for YAML) to the IP address of your Traefik instance so Tinyauth can trust the `X-Real-IP` and `X-Forwarded-For`headers and get the correct client IP. For a Docker-based deployment, | ||
| `172.17.0.0/16` should work. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Do not hardcode 172.17.0.0/16 without defining that network.
Docker Compose creates a project-specific network and assigns container IPs dynamically; 172.17.0.0/16 is the Engine’s built-in default bridge range, not a guaranteed Compose subnet. (docs.docker.com)
Either document how to inspect and use the actual Traefik network CIDR, or explicitly define a custom Compose subnet before using it in TINYAUTH_AUTH_TRUSTEDPROXIES.
Also applies to: 151-151
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/getting-started.mdx` around lines 111 - 112, Update the
Docker deployment guidance in the getting-started documentation to avoid
presenting 172.17.0.0/16 as a universal trusted proxy range. Either explain how
to inspect and configure the actual Traefik network CIDR, or define a custom
Compose subnet and instruct users to use that subnet for
TINYAUTH_AUTH_TRUSTEDPROXIES.
Source: MCP tools
| Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the | ||
| **Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings` | ||
| (you can log in with your Beszel credentials to PocketBase). |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Fix typographical error and improve phrasing.
The phrase "edits controls" contains a typo, and the surrounding text has repetitive phrasing flagged by static analysis.
📝 Proposed fixes
-Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the
-**Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings`
-(you can log in with your Beszel credentials to PocketBase).
+Next, we need to add the OAuth provider to Beszel. First, toggle the
+**Hide collection create and edit controls** setting under `https://your-beszel-instance.com/_/#/settings`
+(you can log in to PocketBase with your Beszel credentials).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the | |
| **Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings` | |
| (you can log in with your Beszel credentials to PocketBase). | |
| Next, we need to add the OAuth provider to Beszel. First, toggle the | |
| **Hide collection create and edit controls** setting under `https://your-beszel-instance.com/_/#/settings` | |
| (you can log in to PocketBase with your Beszel credentials). |
🧰 Tools
🪛 LanguageTool
[style] ~57-~57: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...ion. ## Beszel Configuration Next, we need to add the OAuth provider to Beszel. First...
(REP_NEED_TO_VB)
[style] ~57-~57: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...th provider to Beszel. Firstly you will need to toggle the **Hide collection create and...
(REP_NEED_TO_VB)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/integrations/beszel.mdx` around lines 57 - 59, Update
the Beszel OAuth setup instructions to correct “edits controls” to “edit
controls” and streamline the surrounding wording to remove repetitive phrasing
while preserving the existing navigation path and login guidance.
Source: Linters/SAST tools
| | - | - | | ||
| | Client ID | The client ID you generated from the previous step. | | ||
| | Client Secret | The client secret you generated from the previous step. | | ||
| | Display Name | Use whatever you like for example, `Tinyauth`. | |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add missing comma.
Add a comma before "for example" to improve readability.
📝 Proposed fix
-| Display Name | Use whatever you like for example, `Tinyauth`. |
+| Display Name | Use whatever you like, for example, `Tinyauth`. |📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| | Display Name | Use whatever you like for example, `Tinyauth`. | | |
| | Display Name | Use whatever you like, for example, `Tinyauth`. | |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/integrations/beszel.mdx` at line 75, Update the
“Display Name” table description to insert a comma before “for example,” while
preserving the existing wording and formatting.
| In case your provider email does not match the Beszel email, you will need to set | ||
| `USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you | ||
| log in with your provider, you will need to go to the `systems` collection and for each system | ||
| also assign your new user account. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Improve grammar and phrasing.
The phrase "so as it creates" is grammatically incorrect.
📝 Proposed fix
-In case your provider email does not match the Beszel email, you will need to set
-`USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you
-log in with your provider, you will need to go to the `systems` collection and for each system
-also assign your new user account.
+If your provider email does not match the Beszel email, you will need to set
+`USER_CREATION=true` in the Beszel docker-compose so that it creates your user. After you
+log in with your provider, you will need to go to the `systems` collection and for each system,
+assign your new user account.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| In case your provider email does not match the Beszel email, you will need to set | |
| `USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you | |
| log in with your provider, you will need to go to the `systems` collection and for each system | |
| also assign your new user account. | |
| If your provider email does not match the Beszel email, you will need to set | |
| `USER_CREATION=true` in the Beszel docker-compose so that it creates your user. After you | |
| log in with your provider, you will need to go to the `systems` collection and for each system, | |
| assign your new user account. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/integrations/beszel.mdx` around lines 87 - 90, Improve
the grammar in the Beszel setup instructions by replacing the phrase “so as it
creates” in the USER_CREATION guidance with natural wording that clearly
explains enabling the setting creates the user.
| - Preserve login parameters throughout the frontend | ||
| - Graceful shutdown on `SIGTERM` | ||
| - Pass through the LDAP mail attribute instead of crafting one when it's available | ||
| - Lockdown mode dynamically scales required failed attempt amount based on configured users |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Clarify the lockdown wording.
“Required failed attempt amount” is awkward and ambiguous. Use “the number of failed attempts required” instead.
Proposed wording
-- Lockdown mode dynamically scales required failed attempt amount based on configured users
+- Lockdown mode dynamically scales the number of failed attempts required based on configured users📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - Lockdown mode dynamically scales required failed attempt amount based on configured users | |
| - Lockdown mode dynamically scales the number of failed attempts required based on configured users |
🧰 Tools
🪛 LanguageTool
[style] ~55-~55: The double modal “required failed” is nonstandard (only accepted in certain dialects). Consider “to be failed”.
Context: ...ckdown mode dynamically scales required failed attempt amount based on configured user...
(NEEDS_FIXED)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/content/docs/docs/reference/changelog.mdx` at line 55, Update the
lockdown mode changelog entry to replace “required failed attempt amount” with
“the number of failed attempts required,” while preserving the rest of the
statement.
Source: Linters/SAST tools
Summary by CodeRabbit