Skip to content

docs: changes for v5.1.0#109

Open
steveiliop56 wants to merge 24 commits into
mainfrom
feat/v5.1.0
Open

docs: changes for v5.1.0#109
steveiliop56 wants to merge 24 commits into
mainfrom
feat/v5.1.0

Conversation

@steveiliop56

@steveiliop56 steveiliop56 commented Jul 12, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features
    • Added new Tailscale and Tailscale OIDC integration documentation, including setup and login flow guidance.
    • Added a new access control policy documentation model (allow-by-default vs deny-by-default).
    • Expanded OIDC server documentation, capabilities, and configuration tips.
    • Added Beszel OpenID Connect integration and browser-based OIDC client setup for Zerobyte.
  • Documentation
    • Added trusted-proxy requirements across common deployment guides and clarified proxy/header behavior.
    • Updated configuration reference rendering and consolidated documentation notes.
    • Refreshed “about” use-case wording and added API documentation guidance.
  • Chores
    • Updated ignore rules for IDE project files.
  • Style
    • Refined homepage layout and tool/theme styling.

@dosubot dosubot Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Jul 12, 2026
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Added Tailscale authentication and OIDC integration guides, expanded OIDC and access-control documentation, documented proxy client-IP configuration, refreshed configuration and v5.1.0 release references, added browser-based client generation, and updated site presentation.

Changes

Documentation and site refresh

Layer / File(s) Summary
Tailscale authentication and OIDC guides
src/content/docs/docs/guides/tailscale.mdx, src/content/docs/docs/integrations/tailscale.mdx, astro.config.mjs
Added Tailscale authentication setup, proxy requirements, credentials, OIDC client configuration, tailnet sign-up instructions, and sidebar entries.
Navigation, OIDC, and access-control guidance
src/content/docs/docs/guides/access-controls.mdx, src/content/docs/docs/guides/oidc.mdx, src/content/docs/docs/guides/advanced.mdx, src/content/docs/docs/about.mdx
Documented ACL policy behavior, certified OIDC capabilities, persistence, standalone provider configuration, API stability, and suitable use cases.
Proxy and client-IP configuration guidance
src/content/docs/docs/community/*, src/content/docs/docs/getting-started.mdx, src/content/docs/docs/guides/nginx-proxy-manager.mdx
Added trusted-proxy settings and forwarded client-IP header guidance for supported proxy deployments.
Reference and integration documentation
src/content/docs/docs/reference/*, src/content/docs/docs/integrations/beszel.mdx, src/content/docs/docs/integrations/zerobyte.mdx
Switched configuration documentation to generated content, added Beszel and browser-based Zerobyte setup, and added the v5.1.0 changelog.
Browser tool and site presentation
src/pages/index.astro, src/styles/*.css
Updated homepage certification branding, layout spacing, tool typography, focus styling, and page bottom spacing.
Repository housekeeping
.gitignore
Added the IDE settings directory to ignored files.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant Tinyauth
  participant Tailscale
  User->>Tinyauth: Open protected application
  Tinyauth->>Tailscale: Validate user through Tailscale API
  Tailscale-->>Tinyauth: Return user identity
  Tinyauth-->>User: Complete authenticated login
Loading

Possibly related PRs

Suggested reviewers: rycochet

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title is related to the PR, but it is too generic to clearly describe the main documentation changes for v5.1.0. Use a more specific title that names the primary updates, such as the new Tailscale and OIDC documentation for v5.1.0.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (5)
src/pages/index.astro (1)

114-114: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Consider hosting the certification mark image locally and adding a height attribute.

The certification mark is loaded from an external URL (openid.net) while the hero image is already served locally from /tinyauth-dark.png. Hosting the certification mark locally would avoid a dependency on an external server. Additionally, the <img> has width="200" but no height attribute, which can cause layout shift before the image loads.

♻️ Proposed improvements
-<img alt="OpenID Connect™ Certified" width="200" src="https://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg" />
+<img alt="OpenID Connect™ Certified" width="200" height="75" loading="lazy" src="/oidc-certified-mark.jpg" />
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/index.astro` at line 114, Update the certification mark image in
the page markup to use a locally hosted asset instead of the external openid.net
URL, and add an explicit height attribute alongside the existing width to
reserve its rendered dimensions.
src/content/docs/docs/guides/access-controls.mdx (1)

104-122: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

The policy examples don't illustrate the policy behavior.

Both the allow-by-default and deny-by-default examples reference the same domain label (tinyauth.apps.myapp.config.domain: myapp.example.com) which was already shown in the Discovery section above. Neither example shows an actual ACL configuration (e.g., users.allow or users.block) to demonstrate how the policy changes what's permitted. Consider adding a concrete ACL label to each example to make the behavioral difference clear.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/access-controls.mdx` around lines 104 - 122,
Update the allow-by-default and deny-by-default examples in the access-controls
documentation to include concrete ACL Docker labels, such as users.allow or
users.block, alongside the existing domain label. Show configurations that
clearly demonstrate the different policy behavior while preserving the
surrounding policy explanations.
src/content/docs/docs/guides/oidc.mdx (1)

86-86: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add punctuation before "however" to fix run-on sentence.

"Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence" is a run-on. Use a semicolon or period before "however."

✏️ Proposed fix
- Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file:
+ Tinyauth's core idea is to be a stateless application; however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/oidc.mdx` at line 86, Update the sentence in the
OIDC guide by adding a semicolon or period before “however” to separate the two
independent clauses, while preserving the existing meaning and subsequent
storage guidance.
src/content/docs/docs/integrations/tailscale.mdx (1)

75-77: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

External image URL from Tailscale's Next.js CDN is fragile.

The src URL (https://tailscale.com/_next/image?url=...) is a Next.js image optimization endpoint with a hashed filename (sign-up-oidc.b699a417.png). If Tailscale rebuilds their site, the hash changes and this image breaks silently. Consider downloading the image and hosting it locally under /public/screenshots/tailscale/, consistent with the screenshots in the Tailscale authentication guide.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/integrations/tailscale.mdx` around lines 75 - 77,
Replace the fragile Tailscale Next.js CDN URL in the “Tailscale Sign-up with
OIDC” image with a locally hosted asset under /public/screenshots/tailscale/.
Preserve the existing image dimensions and alt text, and reference the
downloaded image through the project’s standard public-asset path.
src/content/docs/docs/guides/tailscale.mdx (1)

14-18: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Mention TINYAUTH_AUTH_TRUSTEDPROXIES for proxy setups
Add a short note under the proxy warning that if a reverse proxy forwards the client IP, Tinyauth also needs that proxy listed in TINYAUTH_AUTH_TRUSTEDPROXIES; otherwise Tailscale detection can still see the proxy IP.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/tailscale.mdx` around lines 14 - 18, Update the
Tailscale proxy warning in the documentation to add a short note about
configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse proxy that forwards
the client IP, so Tailscale detection does not use the proxy IP.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/docs/about.mdx`:
- Line 18: Update the rewritten use-cases text in the about documentation:
correct “environemnts” to “environments” and “granual” to “granular,” and insert
a comma before “which” in the non-restrictive clause.

In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 98-102: Update the Access Control Policy documentation to correct
“opiton” to “option” and clarify that the policy can be configured through
either the TINYAUTH_AUTH_ACLS_POLICY environment variable or the
--auth.acls.policy CLI flag.

In `@src/content/docs/docs/guides/oidc.mdx`:
- Around line 43-71: The Supported claims documentation incorrectly categorizes
groups as an OpenID Connect Core 1.0 standard claim. Update the claims
description near the Supported claims section to identify groups as a
non-standard extension, or exclude it from the standard-claims list while
preserving its documented support.

In `@src/content/docs/docs/guides/tailscale.mdx`:
- Line 16: In the Tailscale guide text, replace the misspelled word “defers”
with “differs” in the sentence describing variation between proxies, leaving the
rest of the sentence unchanged.

In `@src/content/docs/docs/reference/changelog.mdx`:
- Line 17: Update the v5.1.0 changelog subsection headings New Features,
Improvements, Fixes, and Technical from h2 to h3, matching the existing v5.0.7
structure and preserving version headers as the higher-level headings.

---

Nitpick comments:
In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 104-122: Update the allow-by-default and deny-by-default examples
in the access-controls documentation to include concrete ACL Docker labels, such
as users.allow or users.block, alongside the existing domain label. Show
configurations that clearly demonstrate the different policy behavior while
preserving the surrounding policy explanations.

In `@src/content/docs/docs/guides/oidc.mdx`:
- Line 86: Update the sentence in the OIDC guide by adding a semicolon or period
before “however” to separate the two independent clauses, while preserving the
existing meaning and subsequent storage guidance.

In `@src/content/docs/docs/guides/tailscale.mdx`:
- Around line 14-18: Update the Tailscale proxy warning in the documentation to
add a short note about configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse
proxy that forwards the client IP, so Tailscale detection does not use the proxy
IP.

In `@src/content/docs/docs/integrations/tailscale.mdx`:
- Around line 75-77: Replace the fragile Tailscale Next.js CDN URL in the
“Tailscale Sign-up with OIDC” image with a locally hosted asset under
/public/screenshots/tailscale/. Preserve the existing image dimensions and alt
text, and reference the downloaded image through the project’s standard
public-asset path.

In `@src/pages/index.astro`:
- Line 114: Update the certification mark image in the page markup to use a
locally hosted asset instead of the external openid.net URL, and add an explicit
height attribute alongside the existing width to reserve its rendered
dimensions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3f06885d-5ed0-44f0-8987-8534f9bff686

📥 Commits

Reviewing files that changed from the base of the PR and between 499682c and 724bb6d.

⛔ Files ignored due to path filters (7)
  • public/screenshots/oidc/authorize.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_api_token.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_keys.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_login.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_settings.png is excluded by !**/*.png
  • public/tinyauth-dark.png is excluded by !**/*.png
  • src/gen/generated_configuration.mdx is excluded by !**/gen/**
📒 Files selected for processing (14)
  • .gitignore
  • astro.config.mjs
  • src/content/docs/docs/about.mdx
  • src/content/docs/docs/guides/access-controls.mdx
  • src/content/docs/docs/guides/oidc.mdx
  • src/content/docs/docs/guides/tailscale.mdx
  • src/content/docs/docs/integrations/tailscale.mdx
  • src/content/docs/docs/integrations/zerobyte.mdx
  • src/content/docs/docs/reference/changelog.mdx
  • src/content/docs/docs/reference/configuration.mdx
  • src/pages/index.astro
  • src/styles/home.css
  • src/styles/theme.css
  • src/styles/tools.css

Comment thread src/content/docs/docs/about.mdx Outdated
Comment thread src/content/docs/docs/guides/access-controls.mdx
Comment thread src/content/docs/docs/guides/oidc.mdx
Comment thread src/content/docs/docs/guides/tailscale.mdx Outdated
Comment thread src/content/docs/docs/reference/changelog.mdx Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/docs/community/kubernetes.mdx`:
- Around line 80-81: Add TINYAUTH_AUTH_TRUSTEDPROXIES to the Kubernetes
Deployment example’s container env configuration, using the Nginx/Istio proxy IP
as its value, so the copy-paste manifest includes the setting required for IP
address ACLs.

In `@src/content/docs/docs/getting-started.mdx`:
- Around line 111-112: Update the Docker deployment guidance in the
getting-started documentation to avoid presenting 172.17.0.0/16 as a universal
trusted proxy range. Either explain how to inspect and configure the actual
Traefik network CIDR, or define a custom Compose subnet and instruct users to
use that subnet for TINYAUTH_AUTH_TRUSTEDPROXIES.

In `@src/content/docs/docs/integrations/beszel.mdx`:
- Line 75: Update the “Display Name” table description to insert a comma before
“for example,” while preserving the existing wording and formatting.
- Around line 57-59: Update the Beszel OAuth setup instructions to correct
“edits controls” to “edit controls” and streamline the surrounding wording to
remove repetitive phrasing while preserving the existing navigation path and
login guidance.
- Around line 87-90: Improve the grammar in the Beszel setup instructions by
replacing the phrase “so as it creates” in the USER_CREATION guidance with
natural wording that clearly explains enabling the setting creates the user.

In `@src/content/docs/docs/reference/changelog.mdx`:
- Line 55: Update the lockdown mode changelog entry to replace “required failed
attempt amount” with “the number of failed attempts required,” while preserving
the rest of the statement.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 36e217af-2cb6-4c5c-952d-09fb4665e05b

📥 Commits

Reviewing files that changed from the base of the PR and between 724bb6d and 5aba190.

⛔ Files ignored due to path filters (6)
  • public/screenshots/beszel/beszel_collection_controls.png is excluded by !**/*.png
  • public/screenshots/beszel/beszel_create_provider.png is excluded by !**/*.png
  • public/screenshots/beszel/beszel_external_auths.png is excluded by !**/*.png
  • public/screenshots/beszel/beszel_login.png is excluded by !**/*.png
  • public/screenshots/beszel/beszel_providers.png is excluded by !**/*.png
  • public/screenshots/beszel/beszel_system_users.png is excluded by !**/*.png
📒 Files selected for processing (12)
  • astro.config.mjs
  • src/content/docs/docs/about.mdx
  • src/content/docs/docs/community/caddy.mdx
  • src/content/docs/docs/community/kubernetes.mdx
  • src/content/docs/docs/getting-started.mdx
  • src/content/docs/docs/guides/access-controls.mdx
  • src/content/docs/docs/guides/advanced.mdx
  • src/content/docs/docs/guides/nginx-proxy-manager.mdx
  • src/content/docs/docs/guides/oidc.mdx
  • src/content/docs/docs/guides/tailscale.mdx
  • src/content/docs/docs/integrations/beszel.mdx
  • src/content/docs/docs/reference/changelog.mdx
🚧 Files skipped from review as they are similar to previous changes (5)
  • src/content/docs/docs/guides/tailscale.mdx
  • src/content/docs/docs/about.mdx
  • src/content/docs/docs/guides/access-controls.mdx
  • astro.config.mjs
  • src/content/docs/docs/guides/oidc.mdx

Comment on lines +80 to +81
It is recommended (and required for IP address ACLs) that you also set the `TINYAUTH_AUTH_TRUSTEDPROXIES` environment variable to the IP address of your Nginx/Istio instance so Tinyauth can trust the `X-Real-IP` and `X-Forwarded-For`headers and get the correct client IP.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Add the trusted-proxy setting to the Deployment example.

The text says this setting is required for IP ACLs, but the preceding Deployment manifest does not show where to add TINYAUTH_AUTH_TRUSTEDPROXIES. Add it under spec.template.spec.containers[].env or include an explicit follow-up YAML snippet so the copy-paste example is complete.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/community/kubernetes.mdx` around lines 80 - 81, Add
TINYAUTH_AUTH_TRUSTEDPROXIES to the Kubernetes Deployment example’s container
env configuration, using the Nginx/Istio proxy IP as its value, so the
copy-paste manifest includes the setting required for IP address ACLs.

Comment on lines +111 to +112
It is recommended (and required for IP address ACLs) that you set the `TINYAUTH_AUTH_TRUSTEDPROXIES` environment variable (`--auth.trustedproxies` for CLI flags and `auth.trustedProxies` for YAML) to the IP address of your Traefik instance so Tinyauth can trust the `X-Real-IP` and `X-Forwarded-For`headers and get the correct client IP. For a Docker-based deployment,
`172.17.0.0/16` should work.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Do not hardcode 172.17.0.0/16 without defining that network.

Docker Compose creates a project-specific network and assigns container IPs dynamically; 172.17.0.0/16 is the Engine’s built-in default bridge range, not a guaranteed Compose subnet. (docs.docker.com)

Either document how to inspect and use the actual Traefik network CIDR, or explicitly define a custom Compose subnet before using it in TINYAUTH_AUTH_TRUSTEDPROXIES.

Also applies to: 151-151

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/getting-started.mdx` around lines 111 - 112, Update the
Docker deployment guidance in the getting-started documentation to avoid
presenting 172.17.0.0/16 as a universal trusted proxy range. Either explain how
to inspect and configure the actual Traefik network CIDR, or define a custom
Compose subnet and instruct users to use that subnet for
TINYAUTH_AUTH_TRUSTEDPROXIES.

Source: MCP tools

Comment on lines +57 to +59
Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the
**Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings`
(you can log in with your Beszel credentials to PocketBase).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix typographical error and improve phrasing.

The phrase "edits controls" contains a typo, and the surrounding text has repetitive phrasing flagged by static analysis.

📝 Proposed fixes
-Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the
-**Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings`
-(you can log in with your Beszel credentials to PocketBase).
+Next, we need to add the OAuth provider to Beszel. First, toggle the
+**Hide collection create and edit controls** setting under `https://your-beszel-instance.com/_/#/settings`
+(you can log in to PocketBase with your Beszel credentials).
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Next, we need to add the OAuth provider to Beszel. Firstly you will need to toggle the
**Hide collection create and edits controls** toggle under `https://your-beszel-instance.com/_/#/settings`
(you can log in with your Beszel credentials to PocketBase).
Next, we need to add the OAuth provider to Beszel. First, toggle the
**Hide collection create and edit controls** setting under `https://your-beszel-instance.com/_/#/settings`
(you can log in to PocketBase with your Beszel credentials).
🧰 Tools
🪛 LanguageTool

[style] ~57-~57: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...ion. ## Beszel Configuration Next, we need to add the OAuth provider to Beszel. First...

(REP_NEED_TO_VB)


[style] ~57-~57: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...th provider to Beszel. Firstly you will need to toggle the **Hide collection create and...

(REP_NEED_TO_VB)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/integrations/beszel.mdx` around lines 57 - 59, Update
the Beszel OAuth setup instructions to correct “edits controls” to “edit
controls” and streamline the surrounding wording to remove repetitive phrasing
while preserving the existing navigation path and login guidance.

Source: Linters/SAST tools

| - | - |
| Client ID | The client ID you generated from the previous step. |
| Client Secret | The client secret you generated from the previous step. |
| Display Name | Use whatever you like for example, `Tinyauth`. |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Add missing comma.

Add a comma before "for example" to improve readability.

📝 Proposed fix
-| Display Name | Use whatever you like for example, `Tinyauth`. |
+| Display Name | Use whatever you like, for example, `Tinyauth`. |
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
| Display Name | Use whatever you like for example, `Tinyauth`. |
| Display Name | Use whatever you like, for example, `Tinyauth`. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/integrations/beszel.mdx` at line 75, Update the
“Display Name” table description to insert a comma before “for example,” while
preserving the existing wording and formatting.

Comment on lines +87 to +90
In case your provider email does not match the Beszel email, you will need to set
`USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you
log in with your provider, you will need to go to the `systems` collection and for each system
also assign your new user account.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Improve grammar and phrasing.

The phrase "so as it creates" is grammatically incorrect.

📝 Proposed fix
-In case your provider email does not match the Beszel email, you will need to set
-`USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you
-log in with your provider, you will need to go to the `systems` collection and for each system
-also assign your new user account.
+If your provider email does not match the Beszel email, you will need to set
+`USER_CREATION=true` in the Beszel docker-compose so that it creates your user. After you
+log in with your provider, you will need to go to the `systems` collection and for each system,
+assign your new user account.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
In case your provider email does not match the Beszel email, you will need to set
`USER_CREATION=true` in the Beszel docker-compose so as it creates your user. After you
log in with your provider, you will need to go to the `systems` collection and for each system
also assign your new user account.
If your provider email does not match the Beszel email, you will need to set
`USER_CREATION=true` in the Beszel docker-compose so that it creates your user. After you
log in with your provider, you will need to go to the `systems` collection and for each system,
assign your new user account.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/integrations/beszel.mdx` around lines 87 - 90, Improve
the grammar in the Beszel setup instructions by replacing the phrase “so as it
creates” in the USER_CREATION guidance with natural wording that clearly
explains enabling the setting creates the user.

- Preserve login parameters throughout the frontend
- Graceful shutdown on `SIGTERM`
- Pass through the LDAP mail attribute instead of crafting one when it's available
- Lockdown mode dynamically scales required failed attempt amount based on configured users

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Clarify the lockdown wording.

“Required failed attempt amount” is awkward and ambiguous. Use “the number of failed attempts required” instead.

Proposed wording
-- Lockdown mode dynamically scales required failed attempt amount based on configured users
+- Lockdown mode dynamically scales the number of failed attempts required based on configured users
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- Lockdown mode dynamically scales required failed attempt amount based on configured users
- Lockdown mode dynamically scales the number of failed attempts required based on configured users
🧰 Tools
🪛 LanguageTool

[style] ~55-~55: The double modal “required failed” is nonstandard (only accepted in certain dialects). Consider “to be failed”.
Context: ...ckdown mode dynamically scales required failed attempt amount based on configured user...

(NEEDS_FIXED)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/reference/changelog.mdx` at line 55, Update the
lockdown mode changelog entry to replace “required failed attempt amount” with
“the number of failed attempts required,” while preserving the rest of the
statement.

Source: Linters/SAST tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:XXL This PR changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant