Skip to content

chore(lp-2026): restore custom-domain route (final cutover step)#12

Merged
YasunoriMATSUOKA merged 6 commits into
mainfrom
chore/lp-2026-restore-custom-domain
Jul 2, 2026
Merged

chore(lp-2026): restore custom-domain route (final cutover step)#12
YasunoriMATSUOKA merged 6 commits into
mainfrom
chore/lp-2026-restore-custom-domain

Conversation

@YasunoriMATSUOKA

Copy link
Copy Markdown
Member

Summary

Re-enables the hackathon-2026.nemtus.com custom-domain route in
apps/hackathon-lp-2026/wrangler.toml that PR #11 temporarily commented out for the
Vercel → Cloudflare cutover.

Merge order (important)

This is the final step of the cutover. Merge it only after:

  1. PR feat(lp-2026): Next.js 16 hackathon LP, static-exported to Cloudflare Workers #11 is merged (this PR's diff collapses to the single routes re-enable once it is).
  2. The Worker nemtus-hackathon-lp-2026 is set up in Workers Builds (Root directory
    apps/hackathon-lp-2026, Build command pnpm build) and verified on its *.workers.dev
    URL
    .
  3. The old Vercel DNS record for hackathon-2026.nemtus.com has been deleted in the
    Cloudflare DNS tab (so there's no conflicting record).

Merging this then triggers a Workers Builds deploy that attaches
hackathon-2026.nemtus.com to the Worker and provisions the edge certificate.

Verify after merge

curl -sI https://hackathon-2026.nemtus.com/ | grep -iE 'server|cf-ray'
# expect: server: cloudflare + cf-ray present (and no x-vercel-* headers)

Then remove the domain from the Vercel project and retire the Vercel deployment.

🤖 Generated with Claude Code

YasunoriMATSUOKA and others added 6 commits July 2, 2026 22:05
…lare Workers

- Add the v0-generated Next.js 16 app-router LP (React 19, Tailwind v4, shadcn/ui,
  framer-motion; pnpm) under apps/hackathon-lp-2026, hosted like the other years on a
  Cloudflare Workers Static Assets Worker via Workers Builds.
- next.config.mjs: output: 'export' (fully client-rendered, no server features) -> build
  emits ./out, served by the assets-only wrangler.toml (name nemtus-hackathon-lp-2026,
  custom domain hackathon-2026.nemtus.com; the aggregator already links there).
- Fix the v0 lockfile's broken motion resolution: it pinned framer-motion@12.23.24 with
  motion-dom@12.42.2, which dropped the "activeAnimations" export framer-motion imports,
  breaking the build. Pin motion-dom to 12.23.23 via pnpm.overrides.
- .npmrc ignore-scripts=false to override the inherited root hardening for this pnpm app.

Verified: pnpm build succeeds; out/ has index.html/404.html/_next (215 files, max asset
1.78MiB < 25MiB limit); wrangler deploy --dry-run reads out/ cleanly. Build artifacts
(node_modules/.next/out) are gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…it/e2e/audit/socket)

Tooling for apps/hackathon-lp-2026 (pnpm, standalone):
- ESLint 9 flat config (typescript-eslint + react + react-hooks + @next/next) — passes
- Prettier (.prettierrc) + format / format:check — codebase formatted to a baseline
- type:check (tsc --noEmit): fixed the 5 v0 type errors centrally in hooks/use-in-view
  (generic ref + amount->threshold), so they are caught rather than masked here
- Vitest + Testing Library (jsdom) — 14 guardrail tests: constants invariants, cn(),
  useInView behavior, Entry CTA gating on IS_HACKATHON_ENDED (both states), FAQ accordion
- Playwright e2e against the static export (out/) — 4 tests: title, key sections,
  entry inert while ended, FAQ interaction, no JS runtime errors

Scripts: lint / format / format:check / type:check / test / e2e / preview.

CI: .github/workflows/ci-hackathon-lp-2026.yml (path-filtered, pnpm) with jobs:
- verify: audit (--audit-level=high) + frozen install + lint + format:check + type:check
  + build + unit
- e2e: playwright (chromium)
- socket: runs `socket ci` when SOCKET_SECURITY_API_KEY is set, else no-op
Deployment stays with Cloudflare Workers Builds (Git integration) — CI is checks only.

Security: bumped next 16.0.10 -> 16.2.10 (clears 9 Next SSR/middleware advisories that do
not apply to a static export); allowlisted the remaining transitive lodash `_.template`
advisory (GHSA-r5fr-rjxr-66jc via recharts, unreachable in this static LP) through
pnpm.auditConfig.ignoreGhsas so audit stays green and still blocks NEW high vulns.

Storybook deferred: the vitest component/interaction tests + playwright e2e already cover
the interactive behavior; a full Storybook harness adds limited value for this LP.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…p secret job

Mirror nemtus/symbol-rest-api-client's token-free Socket setup instead of the
API-key-based `socket ci` job:
- Socket Firewall Free (SocketDev/action@…, mode: firewall-free — no token) wraps
  the pnpm install in the verify and e2e jobs (`sfw pnpm install --frozen-lockfile`),
  blocking confirmed-malicious packages at fetch time.
- Add repo-root socket.yml for the Socket GitHub App (PR dependency-risk comments),
  with monorepo trigger paths (npm workspace + standalone npm apps + the pnpm 2026 app).
- Remove the socket job that required SOCKET_SECURITY_API_KEY.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ydration)

- app/globals.css: fix BlinkMacMacSystemFont -> BlinkMacSystemFont (font fallback typo)
- footer: (c) 2025 -> 2026
- circuit-background: move Math.random() grid generation from module scope into a
  client-only useEffect/useState, avoiding a static-export hydration mismatch/flicker

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…loudflare cutover

hackathon-2026.nemtus.com currently points at Vercel via an existing Cloudflare DNS
record. Keeping the custom_domain route active would make the first Workers Builds
deploy fail on a DNS conflict, so comment it out to deploy to *.workers.dev for safe
verification. Restored by a follow-up PR once the Vercel DNS record is deleted.
…DNS cutover)

Re-enable the hackathon-2026.nemtus.com custom_domain route disabled during the cutover.
Merge this AFTER: (1) the Worker is verified on *.workers.dev, and (2) the old Vercel DNS
record for hackathon-2026.nemtus.com has been deleted in Cloudflare. The next Workers
Builds deploy then attaches the domain to this Worker and provisions the edge certificate.
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@YasunoriMATSUOKA, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 58 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f5801321-d65c-4bb4-9802-1e3a2f14259c

📥 Commits

Reviewing files that changed from the base of the PR and between fbc788f and 6c4e9ca.

⛔ Files ignored due to path filters (42)
  • apps/hackathon-lp-2026/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • apps/hackathon-lp-2026/public/Jaguar.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/SP_Astar_Color_Black.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/SP_SEKKA_SHIRETOKO.jpeg is excluded by !**/*.jpeg
  • apps/hackathon-lp-2026/public/SP_as_logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/apple-icon.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/Astar_logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/BitcoinLogo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/CosmosLogo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/NEM_Logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/Symbol_Logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/avalanche_logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/eth.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/mona.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/soneiumLogo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/cryptlogo/suilogo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/goto.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/hayakawa_profile.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/icon-dark-32x32.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/icon-light-32x32.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/icon.svg is excluded by !**/*.svg
  • apps/hackathon-lp-2026/public/images/Daoka.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/chaintokyo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/design-mode/logo_hacktus_%EF%BD%82_2026S.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/logo-hacktus-fabi.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/pleasanter.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/sp-gox-logo-w.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/sp-hatchet-avatar.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/sp-one-line-full-color-light.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/sp-progate.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/images/sp-wavee2.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/kuramochi.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/logo-hacktus-2026.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/mizuki.jpg is excluded by !**/*.jpg
  • apps/hackathon-lp-2026/public/placeholder-logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/placeholder-logo.svg is excluded by !**/*.svg
  • apps/hackathon-lp-2026/public/placeholder-user.jpg is excluded by !**/*.jpg
  • apps/hackathon-lp-2026/public/placeholder.jpg is excluded by !**/*.jpg
  • apps/hackathon-lp-2026/public/placeholder.svg is excluded by !**/*.svg
  • apps/hackathon-lp-2026/public/sp_fushiginayado.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/sp_tss_logo.png is excluded by !**/*.png
  • apps/hackathon-lp-2026/public/takahashi.png is excluded by !**/*.png
📒 Files selected for processing (109)
  • .github/workflows/ci-hackathon-lp-2026.yml
  • apps/hackathon-lp-2026/.gitignore
  • apps/hackathon-lp-2026/.npmrc
  • apps/hackathon-lp-2026/.prettierignore
  • apps/hackathon-lp-2026/.prettierrc.json
  • apps/hackathon-lp-2026/README.md
  • apps/hackathon-lp-2026/app/globals.css
  • apps/hackathon-lp-2026/app/layout.tsx
  • apps/hackathon-lp-2026/app/page.tsx
  • apps/hackathon-lp-2026/components.json
  • apps/hackathon-lp-2026/components/about.tsx
  • apps/hackathon-lp-2026/components/circuit-background.tsx
  • apps/hackathon-lp-2026/components/entry.tsx
  • apps/hackathon-lp-2026/components/faq.tsx
  • apps/hackathon-lp-2026/components/final-cta.tsx
  • apps/hackathon-lp-2026/components/footer.tsx
  • apps/hackathon-lp-2026/components/hero.tsx
  • apps/hackathon-lp-2026/components/highlights.tsx
  • apps/hackathon-lp-2026/components/judges.tsx
  • apps/hackathon-lp-2026/components/multi-chain.tsx
  • apps/hackathon-lp-2026/components/navigation.tsx
  • apps/hackathon-lp-2026/components/nemtus-info.tsx
  • apps/hackathon-lp-2026/components/participation-flow.tsx
  • apps/hackathon-lp-2026/components/prizes.tsx
  • apps/hackathon-lp-2026/components/results.tsx
  • apps/hackathon-lp-2026/components/schedule.tsx
  • apps/hackathon-lp-2026/components/sponsors.tsx
  • apps/hackathon-lp-2026/components/theme-provider.tsx
  • apps/hackathon-lp-2026/components/themes.tsx
  • apps/hackathon-lp-2026/components/ui/accordion.tsx
  • apps/hackathon-lp-2026/components/ui/alert-dialog.tsx
  • apps/hackathon-lp-2026/components/ui/alert.tsx
  • apps/hackathon-lp-2026/components/ui/aspect-ratio.tsx
  • apps/hackathon-lp-2026/components/ui/avatar.tsx
  • apps/hackathon-lp-2026/components/ui/badge.tsx
  • apps/hackathon-lp-2026/components/ui/breadcrumb.tsx
  • apps/hackathon-lp-2026/components/ui/button-group.tsx
  • apps/hackathon-lp-2026/components/ui/button.tsx
  • apps/hackathon-lp-2026/components/ui/calendar.tsx
  • apps/hackathon-lp-2026/components/ui/card.tsx
  • apps/hackathon-lp-2026/components/ui/carousel.tsx
  • apps/hackathon-lp-2026/components/ui/chart.tsx
  • apps/hackathon-lp-2026/components/ui/checkbox.tsx
  • apps/hackathon-lp-2026/components/ui/collapsible.tsx
  • apps/hackathon-lp-2026/components/ui/command.tsx
  • apps/hackathon-lp-2026/components/ui/context-menu.tsx
  • apps/hackathon-lp-2026/components/ui/dialog.tsx
  • apps/hackathon-lp-2026/components/ui/drawer.tsx
  • apps/hackathon-lp-2026/components/ui/dropdown-menu.tsx
  • apps/hackathon-lp-2026/components/ui/empty.tsx
  • apps/hackathon-lp-2026/components/ui/field.tsx
  • apps/hackathon-lp-2026/components/ui/form.tsx
  • apps/hackathon-lp-2026/components/ui/hover-card.tsx
  • apps/hackathon-lp-2026/components/ui/input-group.tsx
  • apps/hackathon-lp-2026/components/ui/input-otp.tsx
  • apps/hackathon-lp-2026/components/ui/input.tsx
  • apps/hackathon-lp-2026/components/ui/item.tsx
  • apps/hackathon-lp-2026/components/ui/kbd.tsx
  • apps/hackathon-lp-2026/components/ui/label.tsx
  • apps/hackathon-lp-2026/components/ui/menubar.tsx
  • apps/hackathon-lp-2026/components/ui/navigation-menu.tsx
  • apps/hackathon-lp-2026/components/ui/pagination.tsx
  • apps/hackathon-lp-2026/components/ui/popover.tsx
  • apps/hackathon-lp-2026/components/ui/progress.tsx
  • apps/hackathon-lp-2026/components/ui/radio-group.tsx
  • apps/hackathon-lp-2026/components/ui/resizable.tsx
  • apps/hackathon-lp-2026/components/ui/scroll-area.tsx
  • apps/hackathon-lp-2026/components/ui/select.tsx
  • apps/hackathon-lp-2026/components/ui/separator.tsx
  • apps/hackathon-lp-2026/components/ui/sheet.tsx
  • apps/hackathon-lp-2026/components/ui/sidebar.tsx
  • apps/hackathon-lp-2026/components/ui/skeleton.tsx
  • apps/hackathon-lp-2026/components/ui/slider.tsx
  • apps/hackathon-lp-2026/components/ui/sonner.tsx
  • apps/hackathon-lp-2026/components/ui/spinner.tsx
  • apps/hackathon-lp-2026/components/ui/switch.tsx
  • apps/hackathon-lp-2026/components/ui/table.tsx
  • apps/hackathon-lp-2026/components/ui/tabs.tsx
  • apps/hackathon-lp-2026/components/ui/textarea.tsx
  • apps/hackathon-lp-2026/components/ui/toast.tsx
  • apps/hackathon-lp-2026/components/ui/toaster.tsx
  • apps/hackathon-lp-2026/components/ui/toggle-group.tsx
  • apps/hackathon-lp-2026/components/ui/toggle.tsx
  • apps/hackathon-lp-2026/components/ui/tooltip.tsx
  • apps/hackathon-lp-2026/components/ui/use-mobile.tsx
  • apps/hackathon-lp-2026/components/ui/use-toast.ts
  • apps/hackathon-lp-2026/e2e/home.spec.ts
  • apps/hackathon-lp-2026/eslint.config.mjs
  • apps/hackathon-lp-2026/hooks/use-in-view.tsx
  • apps/hackathon-lp-2026/hooks/use-mobile.ts
  • apps/hackathon-lp-2026/hooks/use-toast.ts
  • apps/hackathon-lp-2026/lib/constants.ts
  • apps/hackathon-lp-2026/lib/utils.ts
  • apps/hackathon-lp-2026/next.config.mjs
  • apps/hackathon-lp-2026/package.json
  • apps/hackathon-lp-2026/playwright.config.ts
  • apps/hackathon-lp-2026/postcss.config.mjs
  • apps/hackathon-lp-2026/styles/globals.css
  • apps/hackathon-lp-2026/test/constants.test.ts
  • apps/hackathon-lp-2026/test/entry-open.test.tsx
  • apps/hackathon-lp-2026/test/entry.test.tsx
  • apps/hackathon-lp-2026/test/faq.test.tsx
  • apps/hackathon-lp-2026/test/use-in-view.test.tsx
  • apps/hackathon-lp-2026/test/utils.test.ts
  • apps/hackathon-lp-2026/tsconfig.json
  • apps/hackathon-lp-2026/vitest.config.ts
  • apps/hackathon-lp-2026/vitest.setup.ts
  • apps/hackathon-lp-2026/wrangler.toml
  • socket.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/lp-2026-restore-custom-domain

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm framer-motion is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/hackathon-lp-2026/package.jsonnpm/framer-motion@12.23.24

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/framer-motion@12.23.24. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm jiti is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/hackathon-lp-2026/pnpm-lock.yamlnpm/@tailwindcss/postcss@4.2.0npm/eslint@9.39.4npm/vitest@4.1.9npm/@vitejs/plugin-react@6.0.3npm/jiti@2.6.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jiti@2.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm recharts is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/hackathon-lp-2026/package.jsonnpm/recharts@2.15.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/recharts@2.15.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@YasunoriMATSUOKA YasunoriMATSUOKA merged commit 6cb2029 into main Jul 2, 2026
4 checks passed
@YasunoriMATSUOKA YasunoriMATSUOKA deleted the chore/lp-2026-restore-custom-domain branch July 2, 2026 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant