Reviewing files that changed from the base of the PR and between 67c2fcb and 8e950b8.

• .github/codecov.yml (1 hunks)
• .github/pull_request_template.md (1 hunks)
• .github/site/coverpage.md (1 hunks)
• .github/site/homepage.md (1 hunks)
• .github/site/index.html (1 hunks)
• .github/site/index.mjs (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/doc.yml (1 hunks)
• README.md (1 hunks)
• src/app-background/compose_action_notifier.ts (1 hunks)
• src/app-background/menu_handler.ts (1 hunks)
• src/root/background.ts (3 hunks)
• src/root/startup/startup_background.ts (0 hunks)
• src/thunderbird/background_util/alarm_heart.ts (1 hunks)

• src/root/startup/startup_background.ts

src/app-background/menu_handler.ts (1)

19-20: Clear documentation of design rationale.

The added comments provide helpful context about why the initialization logic uses a simple approach rather than more sophisticated alternatives, and specifically calls out real corner cases (like UI language changes). This is useful for future maintainers who might otherwise attempt to "improve" this logic.

src/app-background/compose_action_notifier.ts (1)

4-4: Clear and appropriate documentation.

The added JSDoc comment accurately describes the class responsibility. No functional changes.

.github/workflows/build.yml (1)

5-5: Branch filter update looks reasonable.

The pattern change from wip/** to ['coderabbit**', 'gh-**'] appropriately excludes CodeRabbit auto-fix branches and GitHub Pages-related branches from CI runs. This aligns with avoiding CI overhead on automated branches.

.github/pull_request_template.md (1)

1-10: PR template improvements are appropriate.

The additions enhance governance: the dual-licensing acknowledgment ensures contributor awareness, and the CodeRabbit directive enables automated reviews. These changes align with the PR's broader infrastructure updates.

README.md (1)

271-277: External link updates improve clarity and reliability.

The license badge links now point to official license pages, and the Thunderbird reference link directs to the ESR download page—both improvements that enhance user experience and align with the documented ESR requirement.

.github/codecov.yml (1)

1-18: Component-based coverage tracking improves observability.

The new component_management configuration provides granular coverage tracking across app, ghosttext, and infra components. The path glob patterns clearly delineate responsibility areas, and setting project/patch statuses to informational prevents false negatives on coverage.

.github/workflows/doc.yml (1)

53-57: The review comment is incorrect; all required files and directories exist.

The workflow steps on lines 53-57 will execute successfully:

• Line 54 (mv build/doc/ ...): The build/doc/ directory is generated at runtime by the yarn run doc step (line 48), which runs TypeDoc. This is standard TypeDoc behavior and the directory will exist when line 54 executes.

• Line 57 (mv *.md doc/ ext/ ...): All sources exist in the repository:

  • Markdown files: BUILDING.md, CONTRIBUTING.md, README.md ✓
  • doc/ directory: contains documentation ✓
  • ext/ directory: contains extension assets ✓

The workflow trigger (lines 7-10) only activates when these paths change, so they are guaranteed to exist during execution. No defensive flags or conditional checks are needed.

Likely an incorrect or invalid review comment.

src/root/background.ts (3)

7-7: LGTM: Import added for type safety.

The Alarm type import supports the new typed onAlarm function signature.

---

38-40: LGTM: Top-level alarm handler.

The top-level onAlarm function correctly satisfies MV3 requirements for event listener registration.

---

62-62: Listener registration is correct but see ordering issue above.

The top-level registration satisfies MV3 requirements, but the ready() call ordering needs to be fixed (see comment on lines 32-33).

.github/site/index.mjs (5)

1-1: Verify Mermaid is loaded before this script executes.

This assumes window.mermaid exists. Given the script loading order issue in index.html, ensure this script executes after mermaid.min.js loads (see comment on index.html:14-17).

---

5-15: Note: executeScript: true security consideration.

Setting executeScript: true allows JavaScript in markdown code blocks to execute. Ensure all documentation content is from trusted sources to prevent XSS risks.

---

22-30: LGTM: Search index configuration.

The search paths cover key documentation files appropriately.

---

31-40: Consider escaping HTML entities in Mermaid code blocks.

The code parameter is directly interpolated into HTML without escaping. While the documentation is from trusted sources, escaping would prevent issues if code contains </pre> or other HTML.

   markdown: {
     renderer: {
       code(code, lang) {
         if (lang === "mermaid") {
-          return `<pre class="mermaid">${code}</pre>`;
+          // Escape HTML entities to prevent breaking out of <pre>
+          const escaped = code.replace(/[&<>"']/g, (c) => {
+            const escapes = { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' };
+            return escapes[c];
+          });
+          return `<pre class="mermaid">${escaped}</pre>`;
         }
         return this.origin.code.apply(this, arguments);

Wait, actually Mermaid needs to parse the raw code, so we shouldn't escape it. Mermaid will handle the rendering safely. Let me reconsider...

Actually, looking at Mermaid documentation, the recommended way is to put the code inside a <pre class="mermaid"> tag, and Mermaid will safely process it. So the current implementation is correct. Mermaid itself handles any potential issues with the content.

---

41-45: LGTM: Mermaid plugin integration.

The plugin correctly triggers Mermaid rendering after each route loads.

src/thunderbird/background_util/alarm_heart.ts (3)

2-4: LGTM: Import and documentation added.

The Alarm type import and doc comment correctly describe the class purpose.

---

11-17: LGTM: Improved readiness verification.

The ready() method correctly verifies that the callback is actually registered using hasListener(), which is more robust than the previous assumeReady() approach. The MV3 requirement is well-documented.

---

19-26: LGTM: Assertion enforces correct initialization.

The assertion at line 20 will catch initialization errors (such as the ordering issue in background.ts), which is good defensive programming.

Reviewing files that changed from the base of the PR and between 9d188da and c7e64b7.

• .github/codecov.yml (1 hunks)
• .github/site/coverpage.md (1 hunks)
• .github/site/homepage.md (1 hunks)
• .github/site/index.html (1 hunks)
• .github/site/index.mjs (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/doc.yml (1 hunks)
• README.md (2 hunks)

• .github/workflows/build.yml
• .github/codecov.yml
• .github/site/index.mjs

README.md (3)

65-67: Excellent accessibility improvements to button images.

Adding explicit alt attributes with descriptive text ("Gray button", "Blue button", "Red button") improves screen reader support and follows WCAG best practices. The alt text is concise and contextually useful for users navigating with assistive technologies.

---

271-272: Updated license badge links to official sources.

The links now correctly point to the official Mozilla Public License 2.0 and GNU GPL-3.0 license pages, replacing any outdated or redirect URLs. This ensures users can easily access authoritative license information.

---

277-277: Thunderbird link now points to official ESR download page.

The reference link correctly directs to the official Thunderbird ESR download page, which aligns with the requirement stated in line 15 specifying Thunderbird 140 ESR support.

.github/site/index.html (1)

11-11: Verify that Docsify configuration is set before library initialization.

Based on a past review, there was a critical issue with script loading order where window.$docsify configuration was set after Docsify's library loaded. The current file shows only the module script; please verify that index.mjs dynamically loads Docsify in the correct order, or that configuration is inline before the library script.

If index.mjs loads Docsify dynamically, ensure it sets window.$docsify before creating and appending the Docsify script tag. If you're loading Docsify from a CDN, it should appear after the configuration is set in the DOM.

Can you confirm that the Docsify library is loaded after configuration is defined?