Skip to content

feat: LLM diagram modification + comprehensive code review#1

Merged
dizzikim-dev merged 2 commits into
mainfrom
feat/llm-diagram-modification
Feb 9, 2026
Merged

feat: LLM diagram modification + comprehensive code review#1
dizzikim-dev merged 2 commits into
mainfrom
feat/llm-diagram-modification

Conversation

@dizzikim-dev
Copy link
Copy Markdown
Owner

@dizzikim-dev dizzikim-dev commented Feb 9, 2026

Summary

  • LLM 다이어그램 수정 기능: 자연어로 기존 다이어그램을 수정하는 /api/modify 엔드포인트 및 파서 파이프라인 (contextBuilder, diffApplier, responseValidator, prompts)
  • NextAuth 인증 시스템: Credentials + Google + GitHub OAuth, JWT 세션, Prisma 스키마, 대시보드/관리자 페이지
  • Infrastructure Knowledge Graph (IKG): Phase 1-3 (types, sourceRegistry, relationships, patterns, antipatterns, failures, performance, contextEnricher)
  • 종합 코드 리뷰 (10 PRs): IKG Phase 4-5 삭제 (~7,732 lines), deprecated 코드 정리, 타입 안전성 개선, usePromptParser 훅 분리, 디자인 토큰 마이그레이션, 대형 컴포넌트 분할

Key Changes (132 files, +23,501 / -1,638)

New Features:

  • /api/modify — LLM-based diagram modification with diff application
  • /api/auth, /api/diagrams, /api/admin — Auth & CRUD API routes
  • Dashboard (/dashboard), Admin (/admin/users), Auth pages (/auth/login, /auth/register)
  • Security: LLM security controls (OWASP Top 10), change risk assessor, rate limiter improvements
  • LLM shared modules: providers, jsonParser, fallbackTemplates, rateLimitHeaders, llmMetrics

Refactoring (Code Review):

  • Deleted unused IKG Phase 4-5 code (8 source + 8 test files, ~7,732 lines)
  • Split usePromptParser (419→137 lines) into 3 hooks (useLocalParser, useLLMModifier, useParserContext)
  • Split PluginManager (481→323) + SecurityAuditPanel (465→130) into smaller components
  • Migrated 110 hardcoded colors → zinc design tokens
  • Replaced JSON.parse(JSON.stringify()) with structuredClone()
  • Added Zod validation to API routes
  • Removed deprecated parsePrompt(), getAnimationEngine(), jsdom devDep
  • Fixed PluginContext updateTrigger anti-pattern
  • Enabled vitest fileParallelism

Test plan

  • npx tsc --noEmit — 0 TypeScript errors
  • npx vitest run — 57 test files, 1,660 tests passing
  • All existing functionality preserved (no breaking changes to public APIs)
  • Manual: verify auth flow (login/register/OAuth)
  • Manual: verify diagram CRUD on dashboard

🤖 Generated with Claude Code

dizzikim-dev and others added 2 commits February 9, 2026 20:31
@dizzikim-dev @claude
feat: code cleanup + NextAuth account system
8a70510 
Stream A (code cleanup):
- Remove immer dependency, convert console.log → createLogger()
- Extract shared LLM modules (providers, jsonParser, fallbackTemplates, rateLimitHeaders)
- Add parser pipeline JSDoc documentation
- Add rateLimiter tests

Stream B (auth system):
- NextAuth.js v5 with JWT sessions, Credentials + Google + GitHub OAuth
- Prisma schema: User, Account, Session, Diagram, DiagramVersion models
- Auth API routes, register endpoint, Edge Middleware
- Login/Register UI, UserMenu component, SessionProvider
- Diagram CRUD API with auto-save hook
- User dashboard with diagram management
- Admin user management with role change

Infrastructure Knowledge Graph (all 5 phases + GPT feedback improvements):
- 18 source files, 15 test files, 489 tests
- LLM security controls, change risk assessor, gold set benchmarks
- Zod migration, LLM call metrics

65 test files, 1,975 tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dizzikim-dev @claude
refactor: comprehensive code review — 10 PRs across 3 phases
85483b7 
Phase 1 (Critical):
- A-1: Delete unused IKG Phase 4-5 code (~7,732 lines, 17 files)
- B-1: Fix PluginContext updateTrigger anti-pattern
- C-1: Add Zod validation to API routes (parse, llm)

Phase 2 (Quality):
- A-2: Delete deprecated code (parsePrompt, getAnimationEngine)
- A-3: Replace unsafe type assertions with runtime validation, structuredClone
- B-2: Split usePromptParser (419→137 lines + 3 specialized hooks)
- C-2: Migrate 110 hardcoded colors to zinc design tokens

Phase 3 (Optimization):
- A-4: Remove unused jsdom devDep, enable vitest fileParallelism
- B-3: Split PluginManager (481→323) and SecurityAuditPanel (465→130)

Result: 49 files changed, ~356 insertions, ~8,859 deletions
All 57 test files pass (1,660 tests), 0 TypeScript errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@dizzikim-dev dizzikim-dev merged commit 93fbc7f into main Feb 9, 2026
0 of 2 checks passed
dizzikim-dev added a commit that referenced this pull request Feb 23, 2026
@dizzikim-dev @claude
feat(security): migrate rate limiter to Redis with fail-closed fallback
752d9c9 
Replace in-memory Map rate limiter with a store abstraction supporting
both Redis (Upstash) and in-memory backends. Redis persists rate limit
state across serverless cold starts, closing the #1 security gap.

Key changes:
- Add RateLimitStoreInterface with InMemoryRateLimitStore and RedisRateLimitStore
- Factory auto-selects Redis when UPSTASH_REDIS_REST_URL is configured
- Fail-closed: production (VERCEL=true) rejects requests if Redis fails (503)
- Dev mode: falls back to in-memory silently
- All rate limit functions now async (checkRateLimit, clearRateLimit, etc.)
- All 7 caller sites updated to await async rate limit calls
- 34 tests covering both stores, Redis mock operations, and fail-closed behavior
- Type declarations for @upstash/redis (stub until package installed)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dizzikim-dev