feat: add support siwa feedback system for closed support tickets

[GiselleNessi]

---

PR-Codex overview

This PR introduces a feedback submission feature for support tickets within the dashboard application. It allows users to rate their experience and provide comments when a ticket is closed.

Detailed summary

• Added submitSupportFeedback function in feedback.ts for handling feedback submission.
• Integrated feedback submission into SupportCaseDetails.tsx.
• Implemented star rating system for feedback.
• Added feedback input field with character limit.
• Stored submitted ticket IDs in localStorage to prevent duplicate submissions.
• Displayed success or error messages based on feedback submission outcome.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • 5‑star rating with optional comments for closed support cases and a Send Feedback action.
  • Thank‑you message shown after submission; rating hidden for that ticket.

• Improvements

  • Sends feedback to backend with validation and length limits.
  • Accessible star controls with clear visual states and success notification.
  • Remembers submitted feedback per ticket to prevent duplicate prompts and guards against missing browser features.

[changeset-bot]

⚠️ No Changeset found

Latest commit: d982eca

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[coderabbitai]

Walkthrough

Adds end-user CSAT feedback to support tickets: a 5‑star rating with optional text input in SupportCaseDetails (shown for closed tickets, persisted per-ticket in localStorage). Introduces a server action submitSupportFeedback that posts validated feedback to an external SIWA CSAT endpoint using a service API key.

Changes

Cohort / File(s)	Summary
Support feedback UI apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx	Adds 0–5 star rating UI, optional text input, local state for rating, feedback, and feedbackSubmitted; SSR-safe localStorage persistence of submitted ticket IDs; handleStarClick and handleSendFeedback calling submitSupportFeedback; success/error toasts and a post-submission thank-you message; ARIA labels and filled-star visuals.
Support feedback API (server action) apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts	Adds submitSupportFeedback(data: FeedbackData) with "use server"; defines FeedbackData (rating, feedback, optional ticketId); reads SIWA_URL/NEXT_PUBLIC_SIWA_URL and SERVICE_AUTH_KEY_SIWA; validates rating (1–5) and truncates feedback to 1000 chars; POSTs to {siwaUrl}/v1/csat/saveCSATFeedback with x-service-api-key; returns { success: true } or { error: string } and logs failures.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant UI as SupportCaseDetails (Client)
  participant SA as submitSupportFeedback (Server)
  participant SIWA as SIWA CSAT API

  rect rgba(224,240,255,0.35)
    U->>UI: Select stars, enter optional text, click "Send Feedback"
    UI->>SA: submitSupportFeedback({ ticketId, rating, feedback })
  end

  alt SIWA configured
    SA->>SIWA: POST /v1/csat/saveCSATFeedback<br/>headers: Content-Type, x-service-api-key<br/>body: { ticket_id, rating, feedback }
    alt Success (2xx)
      SIWA-->>SA: 200 OK
      SA-->>UI: { success: true }
      UI->>UI: Persist ticketId in localStorage
      UI-->>U: Show success / thank-you
    else Failure (!2xx)
      SIWA-->>SA: Error status + text
      SA-->>UI: { error }
      UI-->>U: Show error toast
    end
  else Missing SIWA config
    SA-->>UI: { error: "SIWA URL not configured" }
    UI-->>U: Show error toast
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ff00113 and 282de02.

📒 Files selected for processing (2)

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx (4 hunks)
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch gi/support-siwa-feedback

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
thirdweb-www	Ready	Preview	Comment	Aug 27, 2025 10:15am

4 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Skipped			Aug 27, 2025 10:15am
nebula	Skipped			Aug 27, 2025 10:15am
thirdweb_playground	Skipped			Aug 27, 2025 10:15am
wallet-ui	Skipped			Aug 27, 2025 10:15am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.53%. Comparing base (e651d0a) to head (d982eca).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7916   +/-   ##
=======================================
  Coverage   56.53%   56.53%           
=======================================
  Files         904      904           
  Lines       58592    58592           
  Branches     4143     4143           
=======================================
  Hits        33126    33126           
  Misses      25360    25360           
  Partials      106      106           

Flag	Coverage Δ
packages	56.53% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	64.06 KB (0%)	1.3 s (0%)	298 ms (+140.41% 🔺)	1.6 s
thirdweb (cjs)	357.05 KB (0%)	7.2 s (0%)	964 ms (+6.38% 🔺)	8.2 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	64 ms (+721.72% 🔺)	178 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	45 ms (+1328.07% 🔺)	55 ms
thirdweb/react (minimal + tree-shaking)	19.15 KB (0%)	383 ms (0%)	45 ms (+113.33% 🔺)	428 ms

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (9)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (3)

1-2: Add server-only guard without breaking the server action directive

Keep "use server" as the very first statement, then import the server-only guard to prevent accidental client bundling.

 "use server";
 
+import "server-only";

---

25-33: Add timeout and avoid leaking raw backend errors to users

• Add an AbortController with a sane timeout to avoid hung requests.
• Log detailed backend errors server-side; return a generic error to the client to avoid leaking internals.

-    const response = await fetch(`${siwaUrl}/v1/csat/saveCSATFeedback`, {
+    const ac = new AbortController();
+    const timeout = setTimeout(() => ac.abort(), 10_000);
+    const response = await fetch(`${siwaUrl}/v1/csat/saveCSATFeedback`, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "x-service-api-key": process.env.SERVICE_AUTH_KEY_SIWA || "",
       },
-      body: JSON.stringify(payload),
+      body: JSON.stringify(payload),
+      signal: ac.signal,
     });
 
     if (!response.ok) {
       const errorText = await response.text();
-      return { error: `API Server error: ${response.status} - ${errorText}` };
+      console.error("SIWA CSAT error:", response.status, errorText);
+      return { error: "Unable to submit feedback at this time. Please try again later." };
     }
 
     return { success: true };
   } catch (error) {
     console.error("Feedback submission error:", error);
     return {
       error: `Failed to submit feedback: ${error instanceof Error ? error.message : "Unknown error"}`,
     };
-  }
+  } finally {
+    // @ts-ignore - timeout may be undefined if we refactor above; keep safe
+    if (typeof timeout !== "undefined") clearTimeout(timeout);
+  }

Also applies to: 34-37, 39-46

---

3-11: Rename local FeedbackData to SupportFeedbackPayload to avoid collisions

• In apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts
  • Replace the interface FeedbackData { … } with

  export type SupportFeedbackPayload = {
    rating: number;
    feedback: string;
    ticketId?: string;
  };

  • Update the function signature to

  -export async function submitSupportFeedback(
  -  data: FeedbackData,
  -): Promise<{ success: true } | { error: string }> {
  +export async function submitSupportFeedback(
  +  data: SupportFeedbackPayload,
  +): Promise<{ success: true } | { error: string }> {

• No other FeedbackData declarations exist in the dashboard codebase; the only other FeedbackData is in packages/nebula/src/client/types.gen.ts (a different shape).
• All call sites (e.g. the literal passed in SupportCaseDetails.tsx at line 66) continue to work without modification.

This change prevents confusion with the generated type and follows our guideline to use descriptive type aliases for payloads.

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx (6)

41-54: Harden localStorage access and add in-flight state for feedback

• JSON.parse can throw; guard against corrupted storage.
• Add an isSubmittingFeedback flag now to prevent double submissions and to disable the send button.

   // rating/feedback
   const [rating, setRating] = useState(0);
   const [feedback, setFeedback] = useState("");
+  const [isSubmittingFeedback, setIsSubmittingFeedback] = useState(false);
   const [feedbackSubmitted, setFeedbackSubmitted] = useState(() => {
     // Check if feedback has already been submitted for this ticket
     if (typeof window !== "undefined") {
-      const submittedTickets = JSON.parse(
-        localStorage.getItem("feedbackSubmittedTickets") || "[]",
-      );
-      return submittedTickets.includes(ticket.id);
+      try {
+        const raw = localStorage.getItem("feedbackSubmittedTickets") || "[]";
+        const submittedTickets = JSON.parse(raw);
+        return Array.isArray(submittedTickets) && submittedTickets.includes(ticket.id);
+      } catch {
+        // Corrupted storage – treat as not submitted
+        return false;
+      }
     }
     return false;
   });

---

55-57: Simplify star click logic (use 1–5 directly)

Avoid off-by-one mental overhead by passing the natural star value.

-const handleStarClick = (starIndex: number) => {
-  setRating(starIndex + 1);
-};
+const handleStarClick = (starValue: number) => {
+  setRating(starValue);
+};
@@
-  onClick={() => handleStarClick(starValue - 1)}
+  onClick={() => handleStarClick(starValue)}

Also applies to: 219-226

---

59-99: Prevent duplicate submissions; trim input before send

Add an in-flight lock and trim the feedback to avoid sending whitespace-only content.

-  const handleSendFeedback = async () => {
+  const handleSendFeedback = async () => {
+    if (isSubmittingFeedback) return;
     if (rating === 0) {
       toast.error("Please select a rating");
       return;
     }
 
     try {
+      setIsSubmittingFeedback(true);
       const result = await submitSupportFeedback({
-        rating,
-        feedback,
+        rating,
+        feedback: feedback.trim(),
         ticketId: ticket.id,
       });
 
       if ("error" in result) {
         throw new Error(result.error);
       }
 
       toast.success("Thank you for your feedback!");
       setRating(0);
       setFeedback("");
       setFeedbackSubmitted(true);
@@
-    } catch (error) {
+    } catch (error) {
       console.error("Failed to submit feedback:", error);
       toast.error("Failed to submit feedback. Please try again.");
-    }
+    } finally {
+      setIsSubmittingFeedback(false);
+    }
   };

---

219-243: A11y and design tokens for the star rating

• Use a radiogroup/radio pattern with aria-checked for screen readers.
• Avoid inline hex colors; use Tailwind + design tokens with currentColor.
• Remove invalid svg attributes (rx on svg does nothing here).

-            <div className="flex gap-2 mb-6 mt-4">
+            <div className="flex gap-2 mb-6 mt-4" role="radiogroup" aria-label="Ticket satisfaction rating">
               {[1, 2, 3, 4, 5].map((starValue) => (
                 <button
                   key={`star-${starValue}`}
                   type="button"
-                  onClick={() => handleStarClick(starValue - 1)}
-                  className="transition-colors"
+                  role="radio"
+                  aria-checked={starValue <= rating}
+                  onClick={() => handleStarClick(starValue)}
+                  className={cn(
+                    "transition-colors",
+                    starValue <= rating ? "text-primary" : "text-muted-foreground",
+                  )}
                   aria-label={`Rate ${starValue} out of 5 stars`}
                 >
                   <svg
-                    width="32"
-                    height="32"
+                    width="32"
+                    height="32"
                     viewBox="0 0 24 24"
-                    fill={starValue <= rating ? "#ff00aa" : "none"}
-                    stroke={starValue <= rating ? "#ff00aa" : "#666"}
-                    strokeWidth={starValue <= rating ? "2" : "1"}
-                    className="hover:fill-pink-500 hover:stroke-pink-500 rounded-sm"
-                    rx="2"
+                    fill="currentColor"
+                    stroke="currentColor"
+                    strokeWidth={starValue <= rating ? "2" : "1"}
+                    className="rounded-sm"
                     aria-hidden="true"
                   >
                     <polygon points="12,2 15.09,8.26 22,9.27 17,14.14 18.18,21.02 12,17.77 5.82,21.02 7,14.14 2,9.27 8.91,8.26" />
                   </svg>
                 </button>
               ))}
             </div>

---

245-259: Use UI primitives and tokens for consistency; disable the button while submitting

• Replace raw textarea with AutoResizeTextarea and design tokens.
• Replace custom button with Button from the design system.

-            <div className="relative">
-              <textarea
-                value={feedback}
-                onChange={(e) => setFeedback(e.target.value)}
-                placeholder="Optional: Tell us how we can improve."
-                className="text-muted-foreground text-sm w-full bg-black text-white rounded-lg p-4 pr-28 min-h-[100px] resize-none border border-[#262626] focus:border-[#262626] focus:outline-none placeholder-[#A1A1A1]"
-              />
-              <button
-                type="button"
-                onClick={handleSendFeedback}
-                className="absolute mb-2 bottom-3 right-3 bg-white text-black px-4 py-2 rounded-full text-sm font-medium hover:bg-gray-100 transition-colors"
-              >
-                Send Feedback
-              </button>
-            </div>
+            <div className="relative">
+              <AutoResizeTextarea
+                value={feedback}
+                onChange={(e) => setFeedback(e.target.value)}
+                placeholder="Optional: Tell us how we can improve."
+                className="text-sm w-full bg-card text-foreground rounded-lg pr-28 min-h-[100px] border border-border focus-visible:ring-0"
+              />
+              <Button
+                type="button"
+                onClick={handleSendFeedback}
+                className="absolute mb-2 bottom-3 right-3 rounded-full text-sm"
+                size="sm"
+                disabled={isSubmittingFeedback}
+              >
+                {isSubmittingFeedback ? <Spinner className="size-4" /> : "Send Feedback"}
+              </Button>
+            </div>

---

81-93: Guard writes to localStorage the same way (try/catch; validate shape)

Mirrors the read-guard to avoid breaking the store if it gets corrupted.

       if (typeof window !== "undefined") {
-        const submittedTickets = JSON.parse(
-          localStorage.getItem("feedbackSubmittedTickets") || "[]",
-        );
-        if (!submittedTickets.includes(ticket.id)) {
-          submittedTickets.push(ticket.id);
-          localStorage.setItem(
-            "feedbackSubmittedTickets",
-            JSON.stringify(submittedTickets),
-          );
-        }
+        try {
+          const raw = localStorage.getItem("feedbackSubmittedTickets") || "[]";
+          const submittedTickets = JSON.parse(raw);
+          const arr = Array.isArray(submittedTickets) ? submittedTickets : [];
+          if (!arr.includes(ticket.id)) {
+            arr.push(ticket.id);
+            localStorage.setItem("feedbackSubmittedTickets", JSON.stringify(arr));
+          }
+        } catch {
+          // reset to a sane default
+          localStorage.setItem("feedbackSubmittedTickets", JSON.stringify([ticket.id]));
+        }
       }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 34239ea and 4961d28.

📒 Files selected for processing (2)

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx (3 hunks)
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx
• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

🧬 Code graph analysis (2)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx (1)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1)

• submitSupportFeedback (9-46)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1)

packages/nebula/src/client/types.gen.ts (1)

• FeedbackData (3426-3431)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/_components/SupportCaseDetails.tsx (2)

23-23: LGTM: importing the server action directly into a client component

This is a valid Next pattern; the action remains server-executed. Keep secrets on the server side only (already true in the current wiring).

---

263-269: LGTM: post-submission acknowledgement copy

Clear, concise, and consistent with the flow.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (2)

13-19: Env var selection looks good; consider trimming trailing slashes to avoid // in URLs

This implements the earlier feedback to prefer a server-only var and fail fast if missing — nice.

-    const siwaUrl =
-      process.env.SIWA_URL ?? process.env.NEXT_PUBLIC_SIWA_URL ?? "";
+    const siwaUrl = (process.env.SIWA_URL ?? process.env.NEXT_PUBLIC_SIWA_URL ?? "")
+      .replace(/\/+$/, "");

This prevents accidental double slashes when building ${siwaUrl}/v1/csat/saveCSATFeedback.

---

20-23: Fail-fast on missing API key is correct

Matches earlier guidance to avoid sending empty secrets. Good.

🧹 Nitpick comments (9)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (9)

1-2: Add server-only guard import to harden against accidental client usage

Since this module accesses server-only env vars, also import "server-only" (keep "use server" as the first statement). Referencing the retrieved learning about server-only secrets.

 "use server";
+import "server-only";
 

---

3-7: Prefer a type alias and avoid name collision with existing FeedbackData in packages/nebula

Guidelines favor type aliases over interfaces. Also, there’s already a generated type named FeedbackData in packages/nebula/src/client/types.gen.ts with a different shape, which can cause confusion and accidental imports. Rename locally to a more specific alias.

-interface FeedbackData {
-  rating: number;
-  feedback: string;
-  ticketId?: string;
-}
+export type SupportFeedbackInput = {
+  rating: number;
+  feedback: string;
+  ticketId?: string;
+};

If you keep the current name, please confirm no collisions/ambiguous imports occur where both are in scope. The nebula one appears at packages/nebula/src/client/types.gen.ts:3425-3430.

---

9-12: Give the result a named alias and update the param type after the rename

Small readability win and easier reuse by consumers.

-export async function submitSupportFeedback(
-  data: FeedbackData,
-): Promise<{ success: true } | { error: string }> {
+export type SubmitSupportFeedbackResult = { success: true } | { error: string };
+
+export async function submitSupportFeedback(
+  data: SupportFeedbackInput,
+): Promise<SubmitSupportFeedbackResult> {

---

25-29: Align error message with validation (integer vs. rounding)

Message says “integer,” but non-integers currently pass and are rounded later. Either enforce integers or relax the message. I recommend enforcing integers for a 1–5 star widget.

-    if (!Number.isFinite(data.rating) || data.rating < 1 || data.rating > 5) {
+    if (
+      !Number.isFinite(data.rating) ||
+      data.rating < 1 ||
+      data.rating > 5 ||
+      !Number.isInteger(data.rating)
+    ) {
       return { error: "Rating must be an integer between 1 and 5." };
     }

---

30-34: Input normalization is solid; minor text normalization options (optional)

Optional: normalize line endings to “\n” and strip zero-width spaces to reduce noise upstream.

-    const normalizedFeedback = (data.feedback ?? "")
-      .toString()
-      .trim()
-      .slice(0, 1000); // hard cap length
+    const normalizedFeedback = (data.feedback ?? "")
+      .toString()
+      .replace(/\r\n?/g, "\n") // normalize CRLF/CR
+      .replace(/[\u200B-\u200D\uFEFF]/g, "") // strip zero-widths
+      .trim()
+      .slice(0, 1000); // hard cap length

---

35-39: Narrow payload types and keep ticket_id trimmed

Typing the payload prevents accidental shape drift and trims a possibly empty ticket id.

-    const payload = {
-      rating: Math.round(data.rating),
-      feedback: normalizedFeedback,
-      ticket_id: data.ticketId || null,
-    };
+    const ticketId =
+      typeof data.ticketId === "string" ? data.ticketId.trim() : null;
+    const payload: { rating: number; feedback: string; ticket_id: string | null } = {
+      rating: data.rating, // if you keep rounding, revert to Math.round(...)
+      feedback: normalizedFeedback,
+      ticket_id: ticketId || null,
+    };

---

41-48: Add a fetch timeout and disable caching for robustness

Server-side fetches to external services should be bounded. AbortSignal.timeout keeps the diff minimal; cache: "no-store" avoids any caching surprises.

-    const response = await fetch(`${siwaUrl}/v1/csat/saveCSATFeedback`, {
+    const response = await fetch(`${siwaUrl}/v1/csat/saveCSATFeedback`, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "x-service-api-key": apiKey,
       },
+      cache: "no-store",
+      signal: AbortSignal.timeout(8000),
       body: JSON.stringify(payload),
     });

---

50-53: Parse JSON error bodies when available and bound error length

More user-friendly and avoids dumping long HTML bodies.

-    if (!response.ok) {
-      const errorText = await response.text();
-      return { error: `API Server error: ${response.status} - ${errorText}` };
-    }
+    if (!response.ok) {
+      const contentType = response.headers.get("content-type") || "";
+      let errorText: string;
+      if (contentType.includes("application/json")) {
+        try {
+          const errJson: any = await response.json();
+          errorText = (errJson?.message || errJson?.error || JSON.stringify(errJson));
+        } catch {
+          errorText = await response.text();
+        }
+      } else {
+        errorText = await response.text();
+      }
+      const bounded = errorText.slice(0, 300);
+      return { error: `API Server error: ${response.status} - ${bounded}` };
+    }

---

55-62: Consider a generic user-facing error while logging details server-side

Current message may surface internal fetch errors to users. Optional: return a generic message to the UI and keep details in logs.

-    return {
-      error: `Failed to submit feedback: ${error instanceof Error ? error.message : "Unknown error"}`,
-    };
+    return { error: "Failed to submit feedback. Please try again later." };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4961d28 and ff00113.

📒 Files selected for processing (1)

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

🧠 Learnings (1)

📚 Learning: 2025-07-18T19:20:32.530Z

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/*.{ts,tsx} : Accessing server-only environment variables or secrets.

Applied to files:

• apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts

🧬 Code graph analysis (1)

apps/dashboard/src/app/(app)/team/[team_slug]/(team)/~/support/apis/feedback.ts (1)

packages/nebula/src/client/types.gen.ts (1)

• FeedbackData (3426-3431)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Lint Packages
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: Analyze (javascript)

[GiselleNessi]

Merge activity

• Aug 27, 10:07 AM UTC: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.

[jnsdls]

because this is stored in local storage only this means that if I open the support page on a second device suddenly every closed ticket will prompt me to report feedback, that's a problem

we might need a way to persistently store which ticket has feedback associated to it already, maybe SIWA can add the relevant API since it's storing it anyways?

[jnsdls]

as mentioned above, we just can't use localstorage for this