Skip to content

docs: changes for v5.1.0#109

Open
steveiliop56 wants to merge 22 commits into
mainfrom
feat/v5.1.0
Open

docs: changes for v5.1.0#109
steveiliop56 wants to merge 22 commits into
mainfrom
feat/v5.1.0

Conversation

@steveiliop56

@steveiliop56 steveiliop56 commented Jul 12, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • New Features

    • Added comprehensive Tailscale integration documentation for authentication and OpenID Connect.
    • Added configurable allow-by-default and deny-by-default access control guidance.
    • Updated OIDC documentation with certification details and expanded supported capabilities.
    • Added browser-based OIDC client setup instructions for integrations.
  • Documentation

    • Updated configuration references, homepage messaging, use-case guidance, and the v5.1.0 changelog.
    • Improved navigation with new Tailscale entries.
    • Refined tool controls and page layout styling.

@dosubot dosubot Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Jul 12, 2026
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@steveiliop56, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 38 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ae69e133-cf0f-43ef-969f-31d6aa0d932f

📥 Commits

Reviewing files that changed from the base of the PR and between 724bb6d and 205b777.

📒 Files selected for processing (7)
  • astro.config.mjs
  • src/content/docs/docs/about.mdx
  • src/content/docs/docs/guides/access-controls.mdx
  • src/content/docs/docs/guides/advanced.mdx
  • src/content/docs/docs/guides/oidc.mdx
  • src/content/docs/docs/guides/tailscale.mdx
  • src/content/docs/docs/reference/changelog.mdx
📝 Walkthrough

Walkthrough

Added Tailscale authentication and OIDC integration guides, expanded OIDC and access-control documentation, refreshed configuration and v5.1.0 release references, added browser-based client generation, and updated homepage and tool styling.

Changes

Documentation and site refresh

Layer / File(s) Summary
Tailscale authentication and OIDC guides
src/content/docs/docs/guides/tailscale.mdx, src/content/docs/docs/integrations/tailscale.mdx
Added Tailscale authentication setup, proxy requirements, credentials, OIDC client configuration, and tailnet sign-up instructions.
Navigation, OIDC, and access-control guidance
astro.config.mjs, src/content/docs/docs/guides/access-controls.mdx, src/content/docs/docs/guides/oidc.mdx
Registered Tailscale pages and documented ACL policy behavior, certified OIDC capabilities, persistence, and standalone provider configuration.
Reference and release documentation
src/content/docs/docs/reference/configuration.mdx, src/content/docs/docs/reference/changelog.mdx, src/content/docs/docs/about.mdx
Switched configuration documentation to generated content, consolidated notes, added the v5.1.0 changelog, and clarified suitable use cases.
Browser tool and site presentation
src/content/docs/docs/integrations/zerobyte.mdx, src/pages/index.astro, src/styles/*.css
Added browser-based OIDC client generation and updated homepage branding, layout spacing, tool typography, and focus styling.
Repository housekeeping
.gitignore
Added the IDE settings directory to ignored files.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant Tinyauth
  participant Tailscale
  User->>Tinyauth: Open protected application
  Tinyauth->>Tailscale: Validate user through Tailscale API
  Tailscale-->>Tinyauth: Return user identity
  Tinyauth-->>User: Complete authenticated login
Loading

Possibly related PRs

Suggested reviewers: rycochet, shadownetdev1

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects that this PR is a documentation update for the v5.1.0 release.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (5)
src/pages/index.astro (1)

114-114: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win

Consider hosting the certification mark image locally and adding a height attribute.

The certification mark is loaded from an external URL (openid.net) while the hero image is already served locally from /tinyauth-dark.png. Hosting the certification mark locally would avoid a dependency on an external server. Additionally, the <img> has width="200" but no height attribute, which can cause layout shift before the image loads.

♻️ Proposed improvements
-<img alt="OpenID Connect™ Certified" width="200" src="https://openid.net/wordpress-content/uploads/2016/05/oid-l-certification-mark-l-cmyk-150dpi-90mm.jpg" />
+<img alt="OpenID Connect™ Certified" width="200" height="75" loading="lazy" src="/oidc-certified-mark.jpg" />
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/index.astro` at line 114, Update the certification mark image in
the page markup to use a locally hosted asset instead of the external openid.net
URL, and add an explicit height attribute alongside the existing width to
reserve its rendered dimensions.
src/content/docs/docs/guides/access-controls.mdx (1)

104-122: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

The policy examples don't illustrate the policy behavior.

Both the allow-by-default and deny-by-default examples reference the same domain label (tinyauth.apps.myapp.config.domain: myapp.example.com) which was already shown in the Discovery section above. Neither example shows an actual ACL configuration (e.g., users.allow or users.block) to demonstrate how the policy changes what's permitted. Consider adding a concrete ACL label to each example to make the behavioral difference clear.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/access-controls.mdx` around lines 104 - 122,
Update the allow-by-default and deny-by-default examples in the access-controls
documentation to include concrete ACL Docker labels, such as users.allow or
users.block, alongside the existing domain label. Show configurations that
clearly demonstrate the different policy behavior while preserving the
surrounding policy explanations.
src/content/docs/docs/guides/oidc.mdx (1)

86-86: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add punctuation before "however" to fix run-on sentence.

"Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence" is a run-on. Use a semicolon or period before "however."

✏️ Proposed fix
- Tinyauth's core idea is to be a stateless application however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file:
+ Tinyauth's core idea is to be a stateless application; however, OpenID Connect requires persistence for sessions and keys. Everything is stored in the `/data` directory so, if you are using Docker, add the corresponding volume to your `docker-compose.yml` file:
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/oidc.mdx` at line 86, Update the sentence in the
OIDC guide by adding a semicolon or period before “however” to separate the two
independent clauses, while preserving the existing meaning and subsequent
storage guidance.
src/content/docs/docs/integrations/tailscale.mdx (1)

75-77: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

External image URL from Tailscale's Next.js CDN is fragile.

The src URL (https://tailscale.com/_next/image?url=...) is a Next.js image optimization endpoint with a hashed filename (sign-up-oidc.b699a417.png). If Tailscale rebuilds their site, the hash changes and this image breaks silently. Consider downloading the image and hosting it locally under /public/screenshots/tailscale/, consistent with the screenshots in the Tailscale authentication guide.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/integrations/tailscale.mdx` around lines 75 - 77,
Replace the fragile Tailscale Next.js CDN URL in the “Tailscale Sign-up with
OIDC” image with a locally hosted asset under /public/screenshots/tailscale/.
Preserve the existing image dimensions and alt text, and reference the
downloaded image through the project’s standard public-asset path.
src/content/docs/docs/guides/tailscale.mdx (1)

14-18: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Mention TINYAUTH_AUTH_TRUSTEDPROXIES for proxy setups
Add a short note under the proxy warning that if a reverse proxy forwards the client IP, Tinyauth also needs that proxy listed in TINYAUTH_AUTH_TRUSTEDPROXIES; otherwise Tailscale detection can still see the proxy IP.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/guides/tailscale.mdx` around lines 14 - 18, Update the
Tailscale proxy warning in the documentation to add a short note about
configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse proxy that forwards
the client IP, so Tailscale detection does not use the proxy IP.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/docs/about.mdx`:
- Line 18: Update the rewritten use-cases text in the about documentation:
correct “environemnts” to “environments” and “granual” to “granular,” and insert
a comma before “which” in the non-restrictive clause.

In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 98-102: Update the Access Control Policy documentation to correct
“opiton” to “option” and clarify that the policy can be configured through
either the TINYAUTH_AUTH_ACLS_POLICY environment variable or the
--auth.acls.policy CLI flag.

In `@src/content/docs/docs/guides/oidc.mdx`:
- Around line 43-71: The Supported claims documentation incorrectly categorizes
groups as an OpenID Connect Core 1.0 standard claim. Update the claims
description near the Supported claims section to identify groups as a
non-standard extension, or exclude it from the standard-claims list while
preserving its documented support.

In `@src/content/docs/docs/guides/tailscale.mdx`:
- Line 16: In the Tailscale guide text, replace the misspelled word “defers”
with “differs” in the sentence describing variation between proxies, leaving the
rest of the sentence unchanged.

In `@src/content/docs/docs/reference/changelog.mdx`:
- Line 17: Update the v5.1.0 changelog subsection headings New Features,
Improvements, Fixes, and Technical from h2 to h3, matching the existing v5.0.7
structure and preserving version headers as the higher-level headings.

---

Nitpick comments:
In `@src/content/docs/docs/guides/access-controls.mdx`:
- Around line 104-122: Update the allow-by-default and deny-by-default examples
in the access-controls documentation to include concrete ACL Docker labels, such
as users.allow or users.block, alongside the existing domain label. Show
configurations that clearly demonstrate the different policy behavior while
preserving the surrounding policy explanations.

In `@src/content/docs/docs/guides/oidc.mdx`:
- Line 86: Update the sentence in the OIDC guide by adding a semicolon or period
before “however” to separate the two independent clauses, while preserving the
existing meaning and subsequent storage guidance.

In `@src/content/docs/docs/guides/tailscale.mdx`:
- Around line 14-18: Update the Tailscale proxy warning in the documentation to
add a short note about configuring TINYAUTH_AUTH_TRUSTEDPROXIES with any reverse
proxy that forwards the client IP, so Tailscale detection does not use the proxy
IP.

In `@src/content/docs/docs/integrations/tailscale.mdx`:
- Around line 75-77: Replace the fragile Tailscale Next.js CDN URL in the
“Tailscale Sign-up with OIDC” image with a locally hosted asset under
/public/screenshots/tailscale/. Preserve the existing image dimensions and alt
text, and reference the downloaded image through the project’s standard
public-asset path.

In `@src/pages/index.astro`:
- Line 114: Update the certification mark image in the page markup to use a
locally hosted asset instead of the external openid.net URL, and add an explicit
height attribute alongside the existing width to reserve its rendered
dimensions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 3f06885d-5ed0-44f0-8987-8534f9bff686

📥 Commits

Reviewing files that changed from the base of the PR and between 499682c and 724bb6d.

⛔ Files ignored due to path filters (7)
  • public/screenshots/oidc/authorize.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_api_token.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_keys.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_login.png is excluded by !**/*.png
  • public/screenshots/tailscale/tailscale_settings.png is excluded by !**/*.png
  • public/tinyauth-dark.png is excluded by !**/*.png
  • src/gen/generated_configuration.mdx is excluded by !**/gen/**
📒 Files selected for processing (14)
  • .gitignore
  • astro.config.mjs
  • src/content/docs/docs/about.mdx
  • src/content/docs/docs/guides/access-controls.mdx
  • src/content/docs/docs/guides/oidc.mdx
  • src/content/docs/docs/guides/tailscale.mdx
  • src/content/docs/docs/integrations/tailscale.mdx
  • src/content/docs/docs/integrations/zerobyte.mdx
  • src/content/docs/docs/reference/changelog.mdx
  • src/content/docs/docs/reference/configuration.mdx
  • src/pages/index.astro
  • src/styles/home.css
  • src/styles/theme.css
  • src/styles/tools.css

Comment thread src/content/docs/docs/about.mdx Outdated
Comment thread src/content/docs/docs/guides/access-controls.mdx
Comment thread src/content/docs/docs/guides/oidc.mdx
Comment thread src/content/docs/docs/guides/tailscale.mdx Outdated
Comment thread src/content/docs/docs/reference/changelog.mdx Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:XXL This PR changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant