dep updates, fix idle breakout, privacy policy, refinements

[Inglan]

Summary by CodeRabbit

• New Features

  • Added a Privacy Policy page and a Privacy Policy item in main navigation.
  • Tracker dialog now includes a Privacy Policy link and updated “PostHog” branding.

• Bug Fixes

  • Idle Breakout tool now uses the current host for improved compatibility.

• Style

  • Adjusted sidebar header styling and logo for better dark‑mode readability.

• Documentation

  • Added a comprehensive project guide covering setup, workflows, validation, and troubleshooting.

• Chores

  • Updated and added dependencies for stability; analytics now includes game name in event payload.

[coderabbitai]

Walkthrough

Adds a Privacy Policy page and navigation entry, updates tracker dialog copy and PostHog event payload, tweaks sidebar branding, replaces a hard-coded domain in an embedded tool, bumps dependencies and adds new packages, and introduces a new contributor Copilot/dev guide document.

Changes

Cohort / File(s)	Summary
Developer documentation \.github/copilot-instructions.md	New comprehensive contributor guide covering project description, setup (pnpm), build/dev/preview workflows, formatting/lint/type checks, manual validation, env requirements, CI/CD, debugging, and common errors.
Dependency updates package.json	Version bumps for SvelteKit, Svelte, Tailwind, Clerk, PostHog, LayerChart, etc.; adds @tsparticles/svelte, convex, convex-svelte. No removals.
Privacy policy & navigation src/routes/privacy/+page.svelte, src/lib/navigation.ts, src/lib/components/tracker-dialog.svelte	Adds static Privacy Policy page (+page.svelte with lastUpdated), appends "Privacy Policy" nav item (Shield icon), and updates tracker dialog copy (branding capitalization) plus a link to /privacy.
Sidebar branding src/lib/components/app-sidebar.svelte	Header button class tweaks (e.g., bg-sidebar, rounded-md) and swaps logo from /edutools-white.svg to /edutools-black.svg with dark:invert.
Embedded tool runtime static/_app/tools/idlebreakout/index.html	Replaces hard-coded myDomain value with location.hostname to use the current host dynamically.
Gameplay analytics src/lib/components/play.svelte	Augments PostHog gmae_open event payload to include gmae_name: gmaedata?.name alongside existing gmae_id.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Sidebar as Sidebar/Nav
  participant Router as SvelteKit Router
  participant Page as /privacy Page

  User->>Sidebar: Click "Privacy Policy"
  Sidebar->>Router: navigate('/privacy')
  Router->>Page: Load component
  Note right of Page #DDEBF7: Static content rendered

Loading

sequenceDiagram
  autonumber
  actor User
  participant Tracker as Tracker Dialog
  participant Router as SvelteKit Router
  participant Page as /privacy Page

  User->>Tracker: Open dialog
  Tracker-->>User: Shows text + "Privacy Policy" link
  User->>Router: Click /privacy
  Router->>Page: Load component

Loading

sequenceDiagram
  autonumber
  actor User
  participant Play as Game Component
  participant PostHog as Analytics

  User->>Play: Open game
  Play->>PostHog: captureEvent("gmae_open", { gmae_id, gmae_name })
  Note right of PostHog #F7F7F7: Event recorded with game id and name

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Add comprehensive privacy policy for PostHog analytics, Convex database, and Clerk authentication #481 — Overlaps additions of the Privacy Policy page, navigation entry, and tracker dialog updates.
• fix idle breakout #472 — Matches the same change in static/_app/tools/idlebreakout/index.html replacing the hard-coded domain.
• Add comprehensive GitHub Copilot instructions for EduTools repository #466 — Adds the same .github/copilot-instructions.md contributor documentation.

Suggested reviewers

• nathblade16

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (8)

static/_app/tools/idlebreakout/index.html (1)

82-83: Make domain detection robust across ports and file://; hostname alone can be empty or mismatch

location.hostname omits the port and is empty on file://, which can break any downstream checks. Prefer location.host with a safe fallback.

Please verify the game loads correctly on localhost (with port), deployed domains, and any reverse proxy.

-            const myDomain = location.hostname;
+            const myDomain = location.host || location.hostname || 'localhost';

.github/copilot-instructions.md (1)

41-41: Satisfy markdownlint MD034: wrap bare localhost URLs

Wrap bare URLs in angle brackets to appease MD034 while keeping text simple.

-   - Starts Vite development server on http://localhost:5173/
+   - Starts Vite development server on <http://localhost:5173/>
-   - Serves production build on http://localhost:4173/
+   - Serves production build on <http://localhost:4173/>
-   - Visit http://localhost:5173/ (dev) or http://localhost:4173/ (preview)
+   - Visit <http://localhost:5173/> (dev) or <http://localhost:4173/> (preview)

Also applies to: 51-51, 95-95

src/lib/components/app-sidebar.svelte (1)

89-93: Logo is a link: provide meaningful alt text; confirm bg-sidebar exists

The logo is interactive (home link). Use a descriptive alt. Also verify the bg-sidebar design token exists with Tailwind v4 setup.

-                                <img src="/edutools-black.svg" alt="" class="dark:invert" />
+                                <img src="/edutools-black.svg" alt="EduTools" class="dark:invert" />

src/lib/components/tracker-dialog.svelte (1)

14-19: Harden target="_blank" link with rel="noopener noreferrer"

Prevents reverse tabnabbing; harmless even for same-origin links.

-            <a href="/privacy" class="text-blue-600 hover:underline" target="_blank">Privacy Policy</a>.
+            <a href="/privacy" class="text-blue-600 hover:underline" target="_blank" rel="noopener noreferrer">Privacy Policy</a>.

src/lib/navigation.ts (1)

123-127: Add Privacy Policy to main nav — verify "experimental" flag behavior.
Ensure the experimental flag doesn’t hide or de‑emphasize a legal page. If it merely adds a badge, fine; otherwise consider disabling it.

Optional diff:

-      experimental: true,
+      experimental: false,

src/routes/privacy/+page.svelte (3)

4-4: Mark the date semantically with (and keep the current display).
Improves accessibility/SEO and avoids ambiguity.

-	let lastUpdated = '02-09-2025';
+	let lastUpdated = '02-09-2025'; // display text
+	const lastUpdatedISO = '2025-09-02'; // machine-readable

-	<p class="text-muted-foreground">Last updated: {lastUpdated}</p>
+	<p class="text-muted-foreground">
+		Last updated: <time datetime={lastUpdatedISO}>{lastUpdated}</time>
+	</p>

Also applies to: 9-9

---

90-95: Harden external links opened in new tabs.
Add noreferrer alongside noopener to prevent referrer leakage.

-						rel="noopener">PostHog Privacy Policy</a
+						rel="noopener noreferrer">PostHog Privacy Policy</a

-						rel="noopener">Clerk Privacy Policy</a
+						rel="noopener noreferrer">Clerk Privacy Policy</a

-						rel="noopener">Convex Privacy Policy</a
+						rel="noopener noreferrer">Convex Privacy Policy</a

-					rel="noopener">Security Advisory</a
+					rel="noopener noreferrer">Security Advisory</a

Also applies to: 103-109, 116-121, 186-191

---

1-5: Consider prerendering this static page.
This page is static; prerendering improves performance and reliability.

Add a new file:

// src/routes/privacy/+page.ts
export const prerender = true;

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f8edc11 and fa82410.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .github/copilot-instructions.md (1 hunks)
• package.json (2 hunks)
• src/lib/components/app-sidebar.svelte (1 hunks)
• src/lib/components/tracker-dialog.svelte (1 hunks)
• src/lib/navigation.ts (2 hunks)
• src/routes/privacy/+page.svelte (1 hunks)
• static/_app/tools/idlebreakout/index.html (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{svelte,ts,js,jsx,tsx,css,scss,json,md}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Code must be formatted with Prettier before committing

Files:

• src/lib/components/app-sidebar.svelte
• src/lib/components/tracker-dialog.svelte
• package.json
• src/routes/privacy/+page.svelte
• src/lib/navigation.ts

**/*.{ts,svelte}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Resolve all TypeScript and Svelte component type errors (svelte-check/ts checks must pass)

Files:

• src/lib/components/app-sidebar.svelte
• src/lib/components/tracker-dialog.svelte
• src/routes/privacy/+page.svelte
• src/lib/navigation.ts

**/*.{ts,js,svelte}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Ensure all import paths are correct and case-sensitive

Files:

• src/lib/components/app-sidebar.svelte
• src/lib/components/tracker-dialog.svelte
• src/routes/privacy/+page.svelte
• src/lib/navigation.ts

**/*.*

⚙️ CodeRabbit configuration file

**/*.*: Do not correct spelling errors or grammar mistakes.

Files:

• src/lib/components/app-sidebar.svelte
• static/_app/tools/idlebreakout/index.html
• src/lib/components/tracker-dialog.svelte
• package.json
• src/routes/privacy/+page.svelte
• src/lib/navigation.ts

static/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Place publicly served static assets under the static/ directory (served as-is)

Files:

• static/_app/tools/idlebreakout/index.html

static/_app/tools/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Legacy games/tools reside under static/_app/tools/; review these static assets for security if they handle user-generated content

Files:

• static/_app/tools/idlebreakout/index.html

🧠 Learnings (2)

📚 Learning: 2025-08-25T03:31:18.401Z

Learnt from: CR
PR: EducationalTools/src#0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-08-25T03:31:18.401Z
Learning: Applies to src/routes/tools/*/+page.svelte : Add new educational tools by creating a route at src/routes/tools/[tool-name]/ with a +page.svelte implementation

Applied to files:

• .github/copilot-instructions.md
• src/routes/privacy/+page.svelte

📚 Learning: 2025-08-25T03:31:18.401Z

Learnt from: CR
PR: EducationalTools/src#0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-08-25T03:31:18.401Z
Learning: Applies to src/routes/+page.svelte : Update the tools list in src/routes/+page.svelte when adding a new tool

Applied to files:

• src/routes/privacy/+page.svelte

🪛 markdownlint-cli2 (0.17.2)

.github/copilot-instructions.md

41-41: Bare URL used

(MD034, no-bare-urls)

---

51-51: Bare URL used

(MD034, no-bare-urls)

---

95-95: Bare URL used

(MD034, no-bare-urls)

---

95-95: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cloudflare Pages

🔇 Additional comments (2)

package.json (1)

19-66: Pin packageManager and engine versions in package.json for reproducible installs

 {
   "name": "edutools",
   "private": true,
   "version": "0.0.1",
   "type": "module",
+  "packageManager": "pnpm@9.12.0",
+  "engines": {
+    "node": ">=18.18.0",
+    "pnpm": ">=9.0.0"
+  },
   "scripts": {

src/lib/navigation.ts (1)

12-12: LGTM: Shield icon import is correct and used.
Matches existing lucide import pattern; no issues.

[cloudflare-workers-and-pages]

Deploying edutools-testing with    Cloudflare Pages

Latest commit:	32174ab
Status:	✅  Deploy successful!
Preview URL:	https://576d2464.edutools-testing.pages.dev
Branch Preview URL:	https://main.edutools-testing.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/lib/components/play.svelte (2)

28-49: Fix double-origin bug and remove recursion in openNewTab (also add noopener for safety)

url is prefixed with location.origin and then the function recurses, causing the second call to prefix again (e.g., https://sitehttps://site/...). Replace recursion with a single flow, compute a stable resolvedUrl, and include noopener,noreferrer.

 function openNewTab(url: string) {
-		url = location.origin + url;
-		var openedTab;
-		if ($preferencesStore.open === 'tab') {
-			openedTab = window.open('', '_blank');
-		} else if ($preferencesStore.open === 'window') {
-			openedTab = window.open('', '_blank', 'width=800,height=600');
-		} else {
-			$preferencesStore.open = 'tab';
-			openNewTab(url);
-			return;
-		}
+		const resolvedUrl =
+			url.startsWith('http') || url.startsWith('//') ? url : location.origin + url;
+		let openedTab: Window | null = null;
+		const openPref = $preferencesStore.open;
+		if (openPref === 'tab') {
+			openedTab = window.open('', '_blank', 'noopener,noreferrer');
+		} else if (openPref === 'window') {
+			openedTab = window.open('', '_blank', 'width=800,height=600,noopener,noreferrer');
+		} else {
+			$preferencesStore.open = 'tab';
+			openedTab = window.open('', '_blank', 'noopener,noreferrer');
+		}
 		if (!openedTab) return;
 		const newDocument = openedTab.document;
 		const style = newDocument.createElement('style');
 		style.textContent = 'body, html { margin: 0; padding: 0; height: 100%; }';
 		newDocument.head.appendChild(style);
 		const iframe = newDocument.createElement('iframe');
-		iframe.src = url;
+		iframe.src = resolvedUrl;
 		iframe.style.cssText = 'width: 100%; height: 100%; border: none;';
 		newDocument.body.appendChild(iframe);
 }

---

53-62: Avoid in-place mutation of the history store; ensure subscribers are notified

Mutating the same array instance and then set-ting it can skip store notifications. Return a new array.

-	if ($preferencesStore.history) {
-		let history = $historyStore;
-		if (history.includes(id)) {
-			history = history.filter((historyId) => historyId !== id);
-		}
-
-		history.push(id);
-
-		historyStore.set(history);
-	}
+	if ($preferencesStore.history) {
+		const next = [...$historyStore.filter((historyId) => historyId !== id), id];
+		historyStore.set(next);
+	}

🧹 Nitpick comments (2)

src/lib/components/play.svelte (2)

64-66: Fire open event when data is available (and on id changes), not only on first mount

If the component stays mounted while id changes or gmaedata resolves later, the event may be missed. Use an effect that runs when gmaedata is ready.

-onMount(() => {
-		posthog.capture('gmae_open', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });
-	});
+$effect(() => {
+	if (gmaedata) {
+		posthog.capture('gmae_open', { gmae_id: gmaedata.id, gmae_name: gmaedata.name });
+	}
+});

Also remove the now-unused onMount import:

-import { onMount } from 'svelte';

---

101-106: Consistency: include name alongside id in other PostHog events

For easier analysis and dashboarding without joins, include gmae_name wherever gmae_id is captured.

-					posthog.capture('gmae_reload', { gmae_id: gmaedata?.id });
+					posthog.capture('gmae_reload', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });

-					posthog.capture('gmae_fullscreen', { gmae_id: gmaedata?.id });
+					posthog.capture('gmae_fullscreen', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });

-					posthog.capture('gmae_new_tab', { gmae_id: gmaedata?.id });
+					posthog.capture('gmae_new_tab', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });

-					posthog.capture('gmae_share', { gmae_id: gmaedata?.id });
+					posthog.capture('gmae_share', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });

-					posthog.capture('gmae_favorite', { gmae_id: gmaedata?.id });
+					posthog.capture('gmae_favorite', { gmae_id: gmaedata?.id, gmae_name: gmaedata?.name });

Also applies to: 114-116, 124-126, 134-149, 156-164

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between dab4b1a and 32174ab.

📒 Files selected for processing (1)

• src/lib/components/play.svelte (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{svelte,ts,js,jsx,tsx,css,scss,json,md}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Code must be formatted with Prettier before committing

Files:

• src/lib/components/play.svelte

**/*.{ts,svelte}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Resolve all TypeScript and Svelte component type errors (svelte-check/ts checks must pass)

Files:

• src/lib/components/play.svelte

**/*.{ts,js,svelte}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Ensure all import paths are correct and case-sensitive

Files:

• src/lib/components/play.svelte

**/*.*

⚙️ CodeRabbit configuration file

**/*.*: Do not correct spelling errors or grammar mistakes.

Files:

• src/lib/components/play.svelte

🔇 Additional comments (1)

src/lib/components/play.svelte (1)

65-66: LGTM: richer analytics payload

Adding gmae_name to the gmae_open event improves observability with no behavior change.