feat: per-response and general widget feedback#284
Merged
Conversation
Widget: thumbs up/down under each assistant reply (sentiment only, one-vote-lock, keyed to a new per-response request_id) plus a Send-feedback footer link opening a free-text modal for general feedback. Backend: anonymous POST /feedback (worker already proxies to it) writing to a new feedback_log table in the existing metrics.db (auto-created via CREATE TABLE IF NOT EXISTS; rides the osa-data volume). request_id is now exposed on the chat/ask done event and ChatResponse/AskResponse. page_url is scheme-validated to prevent stored XSS in the admin view. Admin: GET /metrics/feedback (per-community scoped key, strictly confined) and a Feedback panel on the status dashboard. Tested: 23 new tests (db/queries + endpoint scoping); ruff clean. Closes #282
Contributor
Preview Deployment
This preview will be updated automatically when you push new commits. |
Contributor
Dashboard Preview
This preview will be updated automatically when you push new commits. |
- FeedbackEntry: narrow to Literal types + __post_init__ enforcing the per-type invariants at the storage layer (last checkpoint before SQLite); add CHECK constraints + a UNIQUE index on feedback_id to the schema. - feedback.py: move sentiment/comment normalization into a mode=before validator (drop object.__setattr__); remove the unreachable manual whitelist checks and the dead try/except (write_feedback never raises). - write_feedback: acquire the connection inside the try so it honors its never-raises contract on a connect failure. - Widget: submitResponseFeedback now awaits the POST and rolls back the optimistic vote (with an error) if it fails, instead of silently dropping. - Tests: replace the mock-based fixture with a DATA_DIR env fixture; add __post_init__ invariant tests, write-failure counter + CRITICAL escalation, comments_only/offset/limit-floor coverage, data:/ftp page_url rejection, general-sentiment-stripping, request_id round-trip, cross-community admin aggregation; fix the no-op test_limit_clamped. - Docs/comments: db module docstring, warning SSE event, request_id wording, widget/dashboard comment and error-message fixes.
Member
Author
PR review (pr-review-toolkit, 5 agents, sonnet) — findings addressed in c1d823cCorrectness / security
Tests (no mocks)
Docs/comments: db module docstring, Skipped (by design, noted): discriminated-union split for FeedbackRequest (the |
This was referenced Jun 5, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a feedback channel to the OSA chat widget and surfaces it to community admins.
request_id) plus a Send-feedback footer link opening a free-text modal for general feedback.POST /feedback(the Cloudflare worker already proxies to it) writing to a newfeedback_logtable in the existingmetrics.db(auto-created viaCREATE TABLE IF NOT EXISTS; rides theosa-datavolume).request_idis exposed on the chat/askdoneevent andChatResponse/AskResponse.page_urlis scheme-validated to prevent stored XSS in the admin view.GET /metrics/feedback(per-community scoped key, strictly confined) and a Feedback panel on the status dashboard.Closes #282
Test plan
node --checkvalid; full api+metrics suite green (the only 2 failing tests in the repo are pre-existing .env-contamination failures, unrelated).