Skip to content

Nik/spaces #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nikgraf wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Nik/spaces #582

nikgraf wants to merge 2 commits into from

Conversation

@nikgraf
Copy link
Collaborator

@nikgraf nikgraf commented Jan 19, 2026

No description provided.

@nikgraf nikgraf requested a review from Copilot January 19, 2026 08:52
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for distinguishing between PERSONAL and DAO space types in the hypergraph package. It introduces a type field to the PublicSpace schema and adds filtering capability by space type.

Changes:

  • Added type field (either 'PERSONAL' or 'DAO') to PublicSpace schema and query results
  • Refactored query construction from three static parameterized queries to dynamic query building based on filters
  • Added spaceType filter option to FindManyPublicFilter allowing filtering by space type, optionally combined with existing member/editor filters

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
.changeset/add-space-type.md Documents the new type field and spaceType filter in the changeset
.claude/settings.local.json Adds additional allowed bash commands for development tooling
packages/hypergraph/src/space/find-many-public.ts Adds type field to schema, implements dynamic query building with spaceType filter support
packages/hypergraph/test/space/find-many-public.test.ts Updates tests to include type field and adds test case for DAO type parsing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/hypergraph/src/space/find-many-public.ts
Comment on lines +130 to +163
const buildFilterString = (filter?: FindManyPublicFilter): string | undefined => {
const conditions: string[] = [];

if (filter?.memberId) {
conditions.push(`members: {some: {memberSpaceId: {is: "${filter.memberId}"}}}`);
}

if (filter?.editorId) {
conditions.push(`editors: {some: {memberSpaceId: {is: "${filter.editorId}"}}}`);
}

if (filter?.spaceType) {
conditions.push(`type: {is: ${filter.spaceType}}`);
}

if (conditions.length === 0) {
return undefined;
}

return `filter: {${conditions.join(', ')}}`;
};

const buildSpacesQuery = (filter?: FindManyPublicFilter): string => {
const filterString = buildFilterString(filter);
const filterClause = filterString ? `(${filterString})` : '';

return `
query spaces {
spaces${filterClause} {
${spaceFields}
}
}
`;
};
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new buildFilterString and buildSpacesQuery functions lack test coverage. Consider adding tests to verify that:

  1. The spaceType filter generates the correct GraphQL query syntax
  2. Combinations of filters work correctly (e.g., memberId + spaceType, editorId + spaceType)
  3. Edge cases like undefined or only spaceType filters are handled properly

This is important since these functions dynamically construct GraphQL queries and any errors could result in invalid queries being sent to the server.

Copilot uses AI. Check for mistakes.
packages/hypergraph/src/space/find-many-public.ts
Comment on lines +133 to +138
if (filter?.memberId) {
conditions.push(`members: {some: {memberSpaceId: {is: "${filter.memberId}"}}}`);
}

if (filter?.editorId) {
conditions.push(`editors: {some: {memberSpaceId: {is: "${filter.editorId}"}}}`);
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The memberId and editorId values are directly interpolated into the GraphQL query string without validation or escaping. The previous implementation used GraphQL variables (with $accountId parameter), which is safer as it prevents potential injection attacks. Consider either:

  1. Returning to the parameterized query approach with variables, or
  2. Adding explicit validation/sanitization of these string values before interpolation

This is particularly important since these IDs could come from user input or external sources.

Copilot uses AI. Check for mistakes.
packages/hypergraph/src/space/find-many-public.ts
Comment on lines +141 to +142
if (filter?.spaceType) {
conditions.push(`type: {is: ${filter.spaceType}}`);
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spaceType value is directly interpolated into the GraphQL query string without runtime validation. While the TypeScript type restricts it to 'PERSONAL' or 'DAO', there's no runtime check to ensure the value is valid before it's used in the query. Consider adding validation using the SpaceTypeSchema to ensure type safety at runtime, similar to how the PublicSpaceSchema is used for decoding. This will prevent potential issues if the value is manipulated at runtime or comes from an untyped source.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nikgraf