Skip to content

🎨 Palette: Add proper ARIA pressed attributes to filter buttons#538

Draft
EffortlessSteven wants to merge 2 commits into
mainfrom
jules-2635188942588217288-63b16eaa
Draft

🎨 Palette: Add proper ARIA pressed attributes to filter buttons#538
EffortlessSteven wants to merge 2 commits into
mainfrom
jules-2635188942588217288-63b16eaa

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member
  • 💡 What: Added dynamic aria-pressed states to the AC Coverage filter buttons in both UI templates (crates/app-http/src/platform/ui.rs and crates/http-platform/src/ui.rs).
  • 🎯 Why: To properly communicate to screen reader users which filter (All, Passing, Failing, Unknown) is currently active.
  • 📸 Before/After: Visual appearance is unchanged, but DOM reflects correct ARIA states.
  • ♿ Accessibility: Improved screen reader support by communicating active button states programmatically.

PR created automatically by Jules for task 2635188942588217288 started by @EffortlessSteven

💡 What: Added dynamic `aria-pressed` states to the AC Coverage filter buttons in both UI templates (`crates/app-http/src/platform/ui.rs` and `crates/http-platform/src/ui.rs`).
🎯 Why: To properly communicate to screen reader users which filter (All, Passing, Failing, Unknown) is currently active.
📸 Before/After: Visual appearance is unchanged, but DOM reflects correct ARIA states.
♿ Accessibility: Improved screen reader support by communicating active button states programmatically.
@google-labs-jules

Copy link
Copy Markdown

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@EffortlessSteven, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 5 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: aa524e2f-9370-4f3c-ab72-4fe0b34c41ee

📥 Commits

Reviewing files that changed from the base of the PR and between 4344d4b and 466a3a9.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • crates/adapters-db-sqlx/Cargo.toml
  • release_evidence/v0.0.0-test.md

Walkthrough

Two UI modules (crates/app-http/src/platform/ui.rs and crates/http-platform/src/ui.rs) add aria-pressed state tracking to coverage filter buttons. The "All" button initializes with aria-pressed="true"; others start "false". The filterData JS handler now synchronizes aria-pressed alongside the active CSS class.

Coverage Filter ARIA State

Layer / File(s) Summary
Filter button markup
crates/app-http/src/platform/ui.rs, crates/http-platform/src/ui.rs
Initial HTML sets aria-pressed="true" on "All" and aria-pressed="false" on "Passing", "Failing", and "Unknown" buttons.
JS filter logic ARIA sync
crates/app-http/src/platform/ui.rs, crates/http-platform/src/ui.rs
filterData now resets aria-pressed="false" on all .filter-btn elements and sets aria-pressed="true" on the newly selected button.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A button pressed, a state declared,
aria-pressed now true or false,
The filter buttons, ARIA-aware,
Hop along accessibility halls.
No screen reader left behind! 🌟

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the accessibility-focused ARIA pressed state update to the filter buttons.
Description check ✅ Passed The description matches the UI accessibility changes and explains the purpose clearly.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch jules-2635188942588217288-63b16eaa

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request improves accessibility in the coverage view by adding and updating the aria-pressed attributes on the filter buttons. The feedback recommends fixing inconsistent indentation in the modified JavaScript blocks and adding defensive null checks when retrieving the active button element to prevent potential runtime TypeError exceptions.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +691 to +698
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
document.getElementById('filter-' + status).classList.add('active');
const activeBtn = document.getElementById('filter-' + status);
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The indentation on the comment at line 691 is inconsistent with the rest of the block. Additionally, to prevent potential runtime TypeError exceptions if the element with ID 'filter-' + status is not found in the DOM, we should add a defensive null check before accessing classList and calling setAttribute.

Suggested change
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
document.getElementById('filter-' + status).classList.add('active');
const activeBtn = document.getElementById('filter-' + status);
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
const activeBtn = document.getElementById('filter-' + status);
if (activeBtn) {
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');
}

Comment on lines +766 to +773
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
const activeBtn = document.getElementById('filter-' + status);
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The indentation in this block is inconsistent with the rest of the function (which uses 8 spaces for statements). Additionally, we should add a defensive null check for activeBtn to prevent potential runtime TypeError exceptions if the element is not found in the DOM.

Suggested change
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
const activeBtn = document.getElementById('filter-' + status);
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
const activeBtn = document.getElementById('filter-' + status);
if (activeBtn) {
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');
}

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/app-http/src/platform/ui.rs`:
- Around line 691-698: The coverage filter button/aria-pressed DOM update logic
is duplicated in app-http and should live only in the http-platform UI source.
Remove the platform-specific markup/script behavior from app-http and source it
from crates/http-platform/src/ui.rs instead, keeping app-http limited to route
aggregation; use the existing coverage filter UI code paths around the filter
button update logic to locate and delete the duplicate implementation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9c91a4d7-904f-40f3-8bd5-48af728f7016

📥 Commits

Reviewing files that changed from the base of the PR and between 3debe49 and 4344d4b.

📒 Files selected for processing (2)
  • crates/app-http/src/platform/ui.rs
  • crates/http-platform/src/ui.rs

Comment on lines +691 to +698
// Update active button and aria-pressed attributes
document.querySelectorAll('.filter-btn').forEach(btn => {
btn.classList.remove('active');
btn.setAttribute('aria-pressed', 'false');
});
document.getElementById('filter-' + status).classList.add('active');
const activeBtn = document.getElementById('filter-' + status);
activeBtn.classList.add('active');
activeBtn.setAttribute('aria-pressed', 'true');

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift

Keep the coverage filter UI logic in http-platform only.

This PR adds another copy of platform-specific markup/script behavior in app-http, so future accessibility fixes will keep drifting across the two crates. Please source this coverage UI from crates/http-platform/src/ui.rs and keep app-http limited to route aggregation. As per coding guidelines, "Do not add specific endpoint logic to app-http; put endpoint logic in the appropriate http-* crate instead".

Also applies to: 806-809

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/app-http/src/platform/ui.rs` around lines 691 - 698, The coverage
filter button/aria-pressed DOM update logic is duplicated in app-http and should
live only in the http-platform UI source. Remove the platform-specific
markup/script behavior from app-http and source it from
crates/http-platform/src/ui.rs instead, keeping app-http limited to route
aggregation; use the existing coverage filter UI code paths around the filter
button update logic to locate and delete the duplicate implementation.

Source: Coding guidelines

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

Test Results

283 tests   245 ✅  10m 52s ⏱️
 25 suites   38 💤
  1 files      0 ❌

Results for commit 466a3a9.

♻️ This comment has been updated with latest results.

🚨 Severity: High
💡 Vulnerability: Several vulnerabilities were detected by `cargo deny`:
- RUSTSEC-2026-0190: Unsoundness in `Error::downcast_mut()` in `anyhow` crate.
- RUSTSEC-2026-0066, RUSTSEC-2026-0112, RUSTSEC-2026-0113, RUSTSEC-2026-0145: Insufficient validation and desynchronization in `astral-tokio-tar`.
- RUSTSEC-2026-0049, RUSTSEC-2026-0098, RUSTSEC-2026-0099, RUSTSEC-2026-0104: Certificate constraint matching issues and reachable panics in `rustls-webpki`.
🎯 Impact: These vulnerabilities could lead to undefined behavior, parser differentials, malicious directory permission modifications, or bypassed revocation checks.
🔧 Fix: Updated vulnerable dependencies (`anyhow`, `astral-tokio-tar`, `rustls-webpki`). Also bumped `testcontainers` to version `0.27.3` in `crates/adapters-db-sqlx/Cargo.toml` as it was blocking the update to a patched version of `astral-tokio-tar`.
✅ Verification: Ran `cargo deny check` to ensure all advisories are resolved, and `cargo xtask selftest` to verify tests and build continue to pass successfully.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant