Avoid further complaint on api/v2/diagnostics endpoint

[ildyria]

Summary by CodeRabbit

• New Features
  • Diagnostics endpoint is now publicly accessible without authentication, enabling troubleshooting without logging in.
  • Diagnostics responses are designed to exclude sensitive information and provide anonymized results.
• Documentation
  • Updated security documentation to clarify the public, non-sensitive, anonymized nature of the diagnostics endpoint.
• Bug Fixes
  • Updated the diagnostics UI to correctly read and display the returned error details from the diagnostics response.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: eb7408f3-3685-4a7b-aa32-46b32eab64d3

📥 Commits

Reviewing files that changed from the base of the PR and between c85e515 and c97f451.

📒 Files selected for processing (2)

• app/Http/Resources/Diagnostics/Errors.php
• resources/js/lychee.d.ts

---

📝 Walkthrough

Walkthrough

A new Errors Laravel Data resource wraps the diagnostics errors endpoint response, adding a _note field and explicit X-Auth-Required/X-Security-Policy headers to the JsonResponse. The frontend TypeScript type definition, service return type, and Vue component are updated to match the new { _note, errors } response shape. SECURITY.md is updated to document that the endpoint is intentionally public.

Changes

Diagnostics Errors Resource and Response Reshaping

Layer / File(s)	Summary
Errors resource class and controller response rework app/Http/Resources/Diagnostics/Errors.php, app/Http/Controllers/Admin/DiagnosticsController.php	New Errors Data class defines _note and errors fields with TypeScript generation enabled. DiagnosticsController::errors() now wraps collected ErrorLine data in this resource and returns a JsonResponse with X-Auth-Required: false and X-Security-Policy headers.
TypeScript types, service return type, and Vue component adaptation resources/js/lychee.d.ts, resources/js/services/diagnostics-service.ts, resources/js/components/diagnostics/ErrorsDiagnostics.vue	App.Http.Resources.Diagnostics.Errors type added to lychee.d.ts; site_logo field repositioned in InitConfig. DiagnosticsService.errors() return type updated to Diagnostics.Errors. Vue load() reads errors from response.data.errors instead of response.data.
SECURITY.md public endpoint documentation SECURITY.md	New section documents that api/v2/Diagnostics is intentionally unauthenticated, returns anonymized data only, and exists to help users diagnose issues without logging in.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 A note on the endpoint, public and clear,
No secrets escape it — no reason to fear!
The headers proclaim it: auth not required,
The frontend now reads what the resource inspired.
With _note and errors all bundled up tight,
The diagnostics hop out into the light! ✨

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b0ca2680-24ba-4304-b07d-9dc727a1a1b1

📥 Commits

Reviewing files that changed from the base of the PR and between 622a75f and c85e515.

📒 Files selected for processing (6)

• SECURITY.md
• app/Http/Controllers/Admin/DiagnosticsController.php
• app/Http/Resources/Diagnostics/Errors.php
• resources/js/components/diagnostics/ErrorsDiagnostics.vue
• resources/js/lychee.d.ts
• resources/js/services/diagnostics-service.ts

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.44%. Comparing base (7d541c9) to head (c97f451).
⚠️ Report is 1 commits behind head on master.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.