Add all bridges

[kubo6472]

tested on my vercel, resolves #10

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added redeploy capability for bridge instances.
  • Added "View on Fly" link and Copy button for bridge actions.
  • Added support for FacebookGo and Signal bridges; replaced Instagram with InstagramGo; removed Twitter support.

• Bug Fixes

  • Improved code input handling with whitespace normalization.
  • Enhanced error handling for deployment failures.

• Documentation

  • Updated Fly login instructions to reference organization deploy tokens.
  • Updated repository link in Welcome component.

• Chores

  • Added Dependabot configuration for weekly dependency updates.
  • Updated core dependencies (Next.js, GraphQL, PostCSS).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

This PR adds support for new bridges (instagramgo, facebookgo, signal), implements a redeploy feature for bridge instances, updates authentication documentation for org deploy tokens, adds Dependabot configuration, and bumps dependency versions.

Changes

Cohort / File(s)	Summary
Dependabot Setup .github/dependabot.yml	New configuration file for automated dependency updates; enables weekly Yarn updates at repository root.
Redeploy Feature app/api/deploy/route.ts, app/components/BridgeInstance.tsx	Adds redeploy capability to API route and UI component; redeploy flow fetches machines, validates response, updates image to ghcr.io/beeper/bridge-manager. Enhances delete flow with error handling; adds "View on Fly" link and Copy button to BridgeInstance UI.
Bridge Configuration app/components/BridgeDeploy.tsx	Updates bridge mapping: replaces instagram with instagramgo, adds facebookgo and signal, removes twitter.
Authentication & UI app/components/BeeperLogin.tsx, app/components/FlyLogin.tsx	BeeperLogin adds whitespace normalization on code input and changes input type from number to text with numeric hints; FlyLogin updates instructions and labels to reference org deploy tokens instead of personal access tokens.
Documentation app/components/Welcome.tsx	Updates open-source repository link from beeper/self-host-web to kubo6472/beeper-selfhost.
Dependencies package.json	Adds packageManager field; bumps graphql (^16.7.1 → ^16.8.1), next (^14.2.4 → ^14.2.32), and postcss (8.4.27 → 8.4.31).

Sequence Diagram

sequenceDiagram
    participant User as BridgeInstance UI
    participant API as /api/deploy Route
    participant Fly as Fly Machines API
    participant Beeper as Beeper API

    User->>API: POST /api/deploy (redeploy: true, appName, flyToken)
    API->>Fly: GET /apps/{appName}/machines
    Fly-->>API: List of machines
    API->>Fly: POST /apps/{appName}/machines/{machineId}/updates
    Note over Fly: Update image to ghcr.io/beeper/bridge-manager
    Fly-->>API: Update response
    loop Poll for completion
        API->>Beeper: GET /api/apps/{appName}/bridges
        Beeper-->>API: Bridge status
        Note over API: Check if app is registered
    end
    API-->>User: Success response with appName
    Note over User: Show updated status or error message

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Redeploy flow logic in app/api/deploy/route.ts — involves new API call sequencing to Fly machines and polling logic; verify error handling and response validation
• BridgeInstance redeploy state management — ensure redeploying state correctly prevents concurrent actions and error messages display properly
• Bridge mapping changes — verify all new bridges (instagramgo, facebookgo, signal) are correctly configured and existing references updated
• Dependency version bumps — check for breaking changes or required configuration updates with Next.js (14.2.4 → 14.2.32) and GraphQL upgrades

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR includes scope creep: Dependabot configuration, dependency version bumps, redeploy functionality, token normalization, and repository link updates are beyond the stated objective of adding bridges.	Separate out-of-scope changes (Dependabot, dependencies, redeploy feature, token changes, repo link) into a dedicated PR to maintain focus on the bridge additions.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'Add all bridges' is vague and generic, not providing meaningful information about the specific bridges being added (Instagram, Facebook, Signal).	Consider a more specific title like 'Add Instagram, Facebook, and Signal bridges' to clearly convey the actual changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description mentions testing and resolving issue #10, which is related to the changeset about adding new bridges.
Linked Issues check	✅ Passed	The PR successfully addresses issue #10 by adding Signal bridge support and new meta bridges (Instagram Go and Facebook Go), with corresponding UI updates.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between db0eee9 and d493906.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (8)

• .github/dependabot.yml (1 hunks)
• app/api/deploy/route.ts (4 hunks)
• app/components/BeeperLogin.tsx (3 hunks)
• app/components/BridgeDeploy.tsx (2 hunks)
• app/components/BridgeInstance.tsx (2 hunks)
• app/components/FlyLogin.tsx (1 hunks)
• app/components/Welcome.tsx (1 hunks)
• package.json (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

app/api/deploy/route.ts (1)

app/api/bridges/route.ts (1)

• POST (4-63)

🔇 Additional comments (9)

app/components/FlyLogin.tsx (1)

15-19: LGTM! Clear documentation improvement.

The update to reference "org deploy token" with a direct link to the tokens page improves user guidance and aligns with Fly.io's authentication best practices.

.github/dependabot.yml (1)

1-11: LGTM! Standard Dependabot configuration.

The Dependabot setup is correctly configured for yarn with weekly updates, which will help keep dependencies current and secure.

package.json (2)

5-5: Good addition for dependency management.

The packageManager field helps ensure consistent package manager versions across environments when using Corepack.

---

19-22: Dependency versions are secure and verified.

All three versions are legitimate, secure releases:

• graphql@16.8.1: Fixes CVE-2023-26144 (DoS vulnerability)
• next@14.2.32: Fixes CVE-2025-57822 (SSRF in Middleware) and CVE-2025-57752 (image optimization cache issue from 14.2.31)
• postcss@8.4.31: Fixes CVE-2023-44270 (parsing/injection vulnerability)

The Next.js update from 14.2.4 to 14.2.32 is a patch-level change within the same minor version (28 patch updates), not a significant version jump. No breaking changes are expected from these security-focused patch updates.

app/components/BeeperLogin.tsx (2)

36-37: Good UX improvement for code input handling.

Stripping whitespace allows users to paste codes formatted with spaces (like "123 456") and have them work correctly.

---

85-91: Better input type for numeric codes.

Changing from type="number" to type="text" with inputMode="numeric" is the correct approach for verification codes, as it prevents invalid characters (e, +, -, .) while still showing the numeric keyboard on mobile devices.

app/components/BridgeInstance.tsx (1)

57-62: Nice UX enhancements.

The Copy button for the bot handle and the View on Fly link provide helpful shortcuts for users to interact with their deployed bridges.

app/api/deploy/route.ts (1)

51-203: LGTM! Existing deploy logic preserved.

The formatting changes don't affect the deployment logic, and the flow remains intact with proper error handling and deployment verification.

app/components/BridgeDeploy.tsx (1)

47-49: Verify new bridge names are supported by the backend.

The bridge mapping now includes instagramgo, facebookgo, and signal (replacing the old instagram entry). Ensure these bridge identifiers match what the ghcr.io/beeper/bridge-manager container expects and are properly supported. Verify the changes are used consistently throughout the codebase and that no stale references to the old instagram bridge remain.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Redeploy logic needs improvements for robustness.

The redeploy implementation has several concerns:

1. Line 27: Always uses the first machine without validation - if multiple machines exist, is this intentional?

2. Line 38: The hardcoded image "ghcr.io/beeper/bridge-manager" has no version tag:

   • Docker may use cached images instead of pulling the latest
   • Consider using a specific tag or :latest explicitly
   • No guarantee the image will actually update

3. No deployment verification: Unlike the main deploy flow (lines 182-200), the redeploy returns immediately without confirming the machine restarted or is running the new image

4. Line 37: Spreading ...machine.config could be risky if the config schema has changed between bridge-manager versions

Consider these improvements:

 // If redeploy flag is passed, update existing machine to latest image
 if (redeploy) {
     const res_list = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines`, {
         method: 'GET',
         headers: {
             'Authorization': `Bearer ${flyToken}`,
             'Content-Type': 'application/json',
         }
     })

     if (res_list.status !== 200) {
         const list_data = await res_list.json()
         return NextResponse.json({ error: JSON.stringify(list_data) }, { status: 500 })
     }

     const machines = await res_list.json()
     if (!machines || machines.length === 0) {
         return NextResponse.json({ error: `No machines found for app ${appName}` }, { status: 404 })
     }

     const machine = machines[0]

     const update_res = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines/${machine.id}`, {
         method: 'POST',
         headers: {
             'Authorization': `Bearer ${flyToken}`,
             'Content-Type': 'application/json',
         },
         body: JSON.stringify({
             config: {
                 ...machine.config,
-                image: "ghcr.io/beeper/bridge-manager"
+                image: "ghcr.io/beeper/bridge-manager:latest"
             }
         })
     })

     if (update_res.status !== 200) {
         const update_data = await update_res.json()
         return NextResponse.json({ error: JSON.stringify(update_data) }, { status: 500 })
     }
+
+    // TODO: Consider adding verification that the machine restarted successfully

     return NextResponse.json({ success: true })
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// If redeploy flag is passed, update existing machine to latest image
	if (redeploy) {
	const res_list = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines`, {
	method: 'GET',
	headers: {
	'Authorization': `Bearer ${flyToken}`,
	'Content-Type': 'application/json',
	}
	})
	if (res_list.status !== 200) {
	const list_data = await res_list.json()
	return NextResponse.json({ error: JSON.stringify(list_data) }, { status: 500 })
	}
	const machines = await res_list.json()
	if (!machines || machines.length === 0) {
	return NextResponse.json({ error: `No machines found for app ${appName}` }, { status: 404 })
	}
	const machine = machines[0]
	const update_res = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines/${machine.id}`, {
	method: 'POST',
	headers: {
	'Authorization': `Bearer ${flyToken}`,
	'Content-Type': 'application/json',
	},
	body: JSON.stringify({
	config: {
	...machine.config,
	image: "ghcr.io/beeper/bridge-manager"
	}
	})
	})
	if (update_res.status !== 200) {
	const update_data = await update_res.json()
	return NextResponse.json({ error: JSON.stringify(update_data) }, { status: 500 })
	}
	return NextResponse.json({ success: true })
	}
	// If redeploy flag is passed, update existing machine to latest image
	if (redeploy) {
	const res_list = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines`, {
	method: 'GET',
	headers: {
	'Authorization': `Bearer ${flyToken}`,
	'Content-Type': 'application/json',
	}
	})
	if (res_list.status !== 200) {
	const list_data = await res_list.json()
	return NextResponse.json({ error: JSON.stringify(list_data) }, { status: 500 })
	}
	const machines = await res_list.json()
	if (!machines || machines.length === 0) {
	return NextResponse.json({ error: `No machines found for app ${appName}` }, { status: 404 })
	}
	const machine = machines[0]
	const update_res = await fetch(`https://api.machines.dev/v1/apps/${appName}/machines/${machine.id}`, {
	method: 'POST',
	headers: {
	'Authorization': `Bearer ${flyToken}`,
	'Content-Type': 'application/json',
	},
	body: JSON.stringify({
	config: {
	...machine.config,
	image: "ghcr.io/beeper/bridge-manager:latest"
	}
	})
	})
	if (update_res.status !== 200) {
	const update_data = await update_res.json()
	return NextResponse.json({ error: JSON.stringify(update_data) }, { status: 500 })
	}
	// TODO: Consider adding verification that the machine restarted successfully
	return NextResponse.json({ success: true })
	}

🤖 Prompt for AI Agents

In app/api/deploy/route.ts around lines 7 to 49, the redeploy branch is fragile:
it unconditionally picks the first machine, injects a hardcoded untagged image,
blindly spreads machine.config, and returns before verifying the update. Fix by
selecting the correct machine (validate if multiple exist and choose by
role/name or surface an error if ambiguous), require or append an explicit image
tag (or accept a tag param) instead of a bare registry string, build the new
config by copying only known-safe fields rather than blind ...machine.config
spreading, perform the machine update call and then poll the machine status
endpoint (with a short retry/backoff and a timeout) to verify the machine
restarted and is running the new image, and propagate detailed error responses
if selection, update, or verification fails.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Improve redeploy error handling and user feedback.

The redeploy implementation has a few issues:

1. The redeploying state is cleared even when an error occurs (line 47), which hides the error state from the user's perspective
2. There's no success feedback after a successful redeploy
3. The errorMessage from previous operations might still be displayed

Consider these improvements:

 async function redeployBridge() {
     setRedeploying(true)
+    setErrorMessage("") // Clear previous errors

     const res = await fetch("/api/deploy", {
         method: "POST",
         headers: {
             "Content-Type": "application/json"
         },
         body: JSON.stringify({
             redeploy: true,
             appName: name,
             flyToken: flyToken
         })
     })

     if (res.status !== 200) {
         const error_data = await res.json()
         setErrorMessage(error_data.error)
+        setRedeploying(false)
+        return
     }

+    // Success feedback
+    setErrorMessage("") // Clear any errors
+    // Consider adding success state/message
     setRedeploying(false)
 }

🤖 Prompt for AI Agents

In app/components/BridgeInstance.tsx around lines 27 to 48, improve redeploy
error handling by: clear any prior errorMessage before starting the request,
wrap the fetch in try/catch/finally, set a success message (e.g. "Redeploy
started") when res.status === 200, set errorMessage from the response in the
catch/failed branch, and move setRedeploying(false) into finally so redeploying
is only cleared after success or error handling is complete.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Confirm canonical GitHub URL (personal fork vs upstream).

Line 22 changes the “open‑source at” link to https://github.com/kubo6472/beeper-selfhost/, which appears to be a personal fork rather than the upstream project. For users of the main repo, this may be confusing and could send them to the wrong source of truth.

Unless the canonical project has actually moved to that URL, consider keeping (or switching back to) the upstream org repo instead:

-                <p className="mt-5">This site is open-source at <a target="_blank" href={"https://github.com/kubo6472/beeper-selfhost/"} rel="noopener noreferrer">https://github.com/kubo6472/beeper-selfhost</a>. This webpage is being auto-deployed, however, you can run it from the GitHub if you prefer. Just follow the instructions in the README.</p>
+                <p className="mt-5">This site is open-source at <a target="_blank" href={"https://github.com/beeper/self-host-web"} rel="noopener noreferrer">https://github.com/beeper/self-host-web</a>. This webpage is being auto-deployed, however, you can run it from the GitHub if you prefer. Just follow the instructions in the README.</p>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<p className="mt-5">This site is open-source at <a target="_blank" href={"https://github.com/kubo6472/beeper-selfhost/"} rel="noopener noreferrer">https://github.com/kubo6472/beeper-selfhost</a>. This webpage is being auto-deployed, however, you can run it from the GitHub if you prefer. Just follow the instructions in the README.</p>
	<p className="mt-5">This site is open-source at <a target="_blank" href={"https://github.com/beeper/self-host-web"} rel="noopener noreferrer">https://github.com/beeper/self-host-web</a>. This webpage is being auto-deployed, however, you can run it from the GitHub if you prefer. Just follow the instructions in the README.</p>

🤖 Prompt for AI Agents

In app/components/Welcome.tsx around line 22, the "open-source at" link points
to a personal fork (https://github.com/kubo6472/beeper-selfhost/) rather than
the upstream canonical repository; verify which repository is intended (upstream
org vs this fork) and then update the href and visible URL to the canonical
upstream repo if the project hasn't moved, or add a short note clarifying that
this is a personal fork if that was intentional so users are directed to the
correct source of truth.