ralph: #5 — Design Bootstrap Test Cases — create YAML case files for 10+ universal coding tasks

[jharris1679]

Issue

Closes #5

Status: ✓ verified

Build, tests, and lint all pass locally.

Summary

Automated implementation by Ralph (rlmkit + MiniMax M2.5).
Review the changes carefully — this was generated by a local model.

Summary by CodeRabbit

Release Notes

New Features

• Added 13 new educational exercises covering API documentation, authentication, error handling, input validation, logging, performance optimization, security vulnerabilities, code refactoring, race conditions, and unit testing
• Provides practical examples in JavaScript/Node.js, Python, and TypeScript to help developers identify and fix common code quality issues
• Each exercise includes sample code demonstrating both the problem and expected improvements

[coderabbitai]

Walkthrough

This PR adds 13 new bootstrap test case configurations in YAML format, each containing sample code and metadata for coding exercises. Cases span JavaScript (Node.js) and Python, covering security vulnerabilities, performance issues, code quality problems, error handling, concurrency bugs, and testing scenarios. Total of 1,145 lines added across files in cases/bootstrap/.

Changes

Cohort / File(s)	Summary
Security & Validation cases/bootstrap/sql-injection.yaml, cases/bootstrap/authentication.yaml, cases/bootstrap/input-validation.yaml	New bootstrap cases demonstrating SQL injection vulnerabilities, unauthenticated endpoints, and missing input validation with intentional flaws to be fixed.
Performance & Concurrency cases/bootstrap/performance-optimization.yaml, cases/bootstrap/memory-leak.yaml, cases/bootstrap/race-condition.yaml, cases/bootstrap/refactor-long-functions.yaml	Bootstrap cases highlighting performance bottlenecks (N+1 queries), memory leaks, race conditions in multithreaded code, and long function refactoring opportunities.
Code Quality & Documentation cases/bootstrap/code-readability.yaml, cases/bootstrap/component-extraction.yaml, cases/bootstrap/logging.yaml, cases/bootstrap/api-documentation.yaml	Cases focused on improving code readability with poor naming, identifying duplicated components, adding structured logging, and documenting API endpoints.
Testing & Type Safety cases/bootstrap/error-handling.yaml, cases/bootstrap/unit-test-generation.yaml, cases/bootstrap/typescript-types.yaml	Bootstrap cases for implementing error handling patterns, writing unit tests for calculator operations, and adding TypeScript type annotations to untyped JavaScript code.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Poem

🐰 Thirteen test cases, all shiny and new,
Security holes and long functions too,
From race conditions to queries so slow,
Bootstrap your coding skills—let learning flow! ✨

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: creating YAML case files for 10+ universal coding tasks, which directly matches the PR content showing 13 bootstrap test cases added.
Linked Issues check	✅ Passed	All 15 bootstrap cases from issue #5 are addressed: error-handling, sql-injection, input-validation, performance-optimization, unit-test-generation, typescript-types, component-extraction, race-condition, code-readability, logging, memory-leak, authentication, api-documentation, refactor-long-functions, with clear problem statements and sample code for each.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #5 objectives: 13 bootstrap YAML files with sample code demonstrating the specified coding tasks. No unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ralph/issue-5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In `@cases/bootstrap/api-documentation.yaml`:
- Line 16: The Run command in the api-documentation exercise currently uses an
inappropriate build step ("Run: npm run build"); update the Run field in
cases/bootstrap/api-documentation.yaml to a command that actually verifies or
serves the documentation (for example start the server with node api_server.js,
run a docs generator like npm run docs or openapi-generator-cli, or a script
that launches the documentation preview). Edit the Run entry so it invokes the
verification/preview workflow (e.g. node api_server.js or the project's docs
generation script) instead of a generic build command to make the exercise
runnable for students.

In `@cases/bootstrap/component-extraction.yaml`:
- Around line 22-27: There's a typo in the YAML tags list: replace the incorrect
tag value "dpry" with the correct "dry" under the tags key so the tags array
contains "javascript", "refactoring", "code-quality", and "dry"; update the
entry "dpry" to "dry" in the tags block to fix the typo.

In `@cases/bootstrap/error-handling.yaml`:
- Around line 40-50: The fetchUserData function is incorrect because https.get
is callback-based and the current function returns the ClientRequest instead of
the parsed body; wrap the https.get flow in a Promise (or convert to
async/await) inside fetchUserData, accumulate chunks from res.on('data'),
resolve with JSON.parse(body) on res.on('end'), and reject the Promise on
request 'error' or JSON parse errors so callers can try/catch; update references
to fetchUserData and the https.get/res.on handlers accordingly.
- Around line 29-36: The code imports fs.promises but calls fs.readFileSync in
getUserProfile, causing a TypeError; replace the import const fs =
require('fs').promises; with the base module const fs = require('fs'); so
fs.readFileSync is available (or alternatively switch getUserProfile to use
fs.promises.readFile and make it async), ensuring the function name
getUserProfile and the read call (fs.readFileSync / fs.promises.readFile) are
updated consistently.

In `@cases/bootstrap/memory-leak.yaml`:
- Line 68: The main-module guard uses __filename === require.main.path which is
incorrect because require.main.path is a directory and the condition is always
false; update the demo guard in the file to use the standard Node idiom (e.g.,
check require.main === module or compare require.main.filename to __filename) so
the demo block (the code guarded by the current if using __filename and
require.main.path) actually executes when the file is run directly; replace the
incorrect condition with one of these correct checks and ensure any null-safe
access to require.main is handled.

🧹 Nitpick comments (2)

cases/bootstrap/input-validation.yaml (1)

34-47: Plaintext password stored in user object — potentially misleading for a security-focused exercise.

registerUser destructures password and includes it verbatim in the returned user object (line 41). For an exercise categorized under "security," this sets a bad example. Consider either hashing the password in the scaffold (e.g., using crypto.createHash) or adding a prompt bullet point about not storing plaintext passwords.

cases/bootstrap/race-condition.yaml (1)

30-31: Unused import time adds noise to the exercise.

time is imported but never used in the code. Remove it to keep the exercise code focused.

Proposed fix

       import threading
-      import time
       from typing import List

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Run command npm run build is inappropriate for a documentation exercise.

This exercise asks students to add API documentation (JSDoc, OpenAPI, etc.). The run command should reflect how to verify the documentation or start the server, not build it. Consider something like node api_server.js or a documentation generation command.

🤖 Prompt for AI Agents

In `@cases/bootstrap/api-documentation.yaml` at line 16, The Run command in the
api-documentation exercise currently uses an inappropriate build step ("Run: npm
run build"); update the Run field in cases/bootstrap/api-documentation.yaml to a
command that actually verifies or serves the documentation (for example start
the server with node api_server.js, run a docs generator like npm run docs or
openapi-generator-cli, or a script that launches the documentation preview).
Edit the Run entry so it invokes the verification/preview workflow (e.g. node
api_server.js or the project's docs generation script) instead of a generic
build command to make the exercise runnable for students.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in tag: dpry should be dry.

 tags:
   - javascript
   - refactoring
   - code-quality
-  - dpry
+  - dry

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	tags:
	- javascript
	- refactoring
	- code-quality
	- dpry
	tags:
	- javascript
	- refactoring
	- code-quality
	- dry

🤖 Prompt for AI Agents

In `@cases/bootstrap/component-extraction.yaml` around lines 22 - 27, There's a
typo in the YAML tags list: replace the incorrect tag value "dpry" with the
correct "dry" under the tags key so the tags array contains "javascript",
"refactoring", "code-quality", and "dry"; update the entry "dpry" to "dry" in
the tags block to fix the typo.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

fs.readFileSync is not available on fs.promises.

Line 29 imports require('fs').promises, but line 35 calls fs.readFileSync, which only exists on the base fs module. This will throw TypeError: fs.readFileSync is not a function — an unintentional bug unrelated to the exercise's error-handling goal.

Since the exercise focuses on adding try-catch around synchronous I/O, import the base fs module instead:

Proposed fix

-      const fs = require('fs').promises;
+      const fs = require('fs');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const fs = require('fs').promises;
	const https = require('https');
	// Function to read user profile
	function getUserProfile(userId) {
	const filePath = `/data/users/${userId}.json`;
	const data = fs.readFileSync(filePath, 'utf-8');
	return JSON.parse(data);
	const fs = require('fs');
	const https = require('https');
	// Function to read user profile
	function getUserProfile(userId) {
	const filePath = `/data/users/${userId}.json`;
	const data = fs.readFileSync(filePath, 'utf-8');
	return JSON.parse(data);

🤖 Prompt for AI Agents

In `@cases/bootstrap/error-handling.yaml` around lines 29 - 36, The code imports
fs.promises but calls fs.readFileSync in getUserProfile, causing a TypeError;
replace the import const fs = require('fs').promises; with the base module const
fs = require('fs'); so fs.readFileSync is available (or alternatively switch
getUserProfile to use fs.promises.readFile and make it async), ensuring the
function name getUserProfile and the read call (fs.readFileSync /
fs.promises.readFile) are updated consistently.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

fetchUserData is fundamentally broken beyond the error-handling scope.

https.get is callback-based — return data on line 49 returns the ClientRequest object, not the parsed response body. A student adding try-catch alone cannot make this function work correctly; it needs to be restructured as a Promise or use async/await.

For an "easy" difficulty exercise focused on error handling, consider either simplifying this to a synchronous example or explicitly noting in the prompt that the async pattern also needs fixing. Alternatively, bump the difficulty to "medium."

🤖 Prompt for AI Agents

In `@cases/bootstrap/error-handling.yaml` around lines 40 - 50, The fetchUserData
function is incorrect because https.get is callback-based and the current
function returns the ClientRequest instead of the parsed body; wrap the
https.get flow in a Promise (or convert to async/await) inside fetchUserData,
accumulate chunks from res.on('data'), resolve with JSON.parse(body) on
res.on('end'), and reject the Promise on request 'error' or JSON parse errors so
callers can try/catch; update references to fetchUserData and the
https.get/res.on handlers accordingly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Bug: incorrect main-module guard — demo block will never execute.

require.main.path returns the directory of the main module, not its filename. This condition will always be false, so the demo block is dead code.

Use the standard Node.js idiom instead:

-      if (__filename === require.main.path) {
+      if (require.main === module) {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (__filename === require.main.path) {
	if (require.main === module) {

🤖 Prompt for AI Agents

In `@cases/bootstrap/memory-leak.yaml` at line 68, The main-module guard uses
__filename === require.main.path which is incorrect because require.main.path is
a directory and the condition is always false; update the demo guard in the file
to use the standard Node idiom (e.g., check require.main === module or compare
require.main.filename to __filename) so the demo block (the code guarded by the
current if using __filename and require.main.path) actually executes when the
file is run directly; replace the incorrect condition with one of these correct
checks and ensure any null-safe access to require.main is handled.