Update install command

[amalshaji]

Summary by CodeRabbit

• New Features

  • Added an alternative installation method for the Portr client using a shell install script, in addition to the existing Homebrew option.
  • Updated the installation section to present both methods with clear labels, code snippets, and copy-to-clipboard buttons.

• Documentation

  • Expanded installation instructions to include both the install script and Homebrew options, with improved clarity and updated headings.

[coderabbitai]

Walkthrough

The changes update both the web UI and documentation to present two installation methods for the Portr client: a new install script command and the existing Homebrew command. The UI now displays both options with labels, code blocks, and copy buttons, while the documentation lists both installation commands with updated headings and descriptions. Additionally, a .nvmrc file specifying Node.js version 20 was added to the docs directory.

Changes

File(s)	Change Summary
admin/web/src/pages/app/overview.svelte	Added install script command as an installation option; updated UI to show both install script and Homebrew methods with labels, code blocks, and copy buttons; generalized heading and reworded binary download text.
docs/src/content/docs/client/installation.mdx	Updated documentation to include both install script and Homebrew installation methods with revised headings and order.
docs/.nvmrc	Added .nvmrc file specifying Node.js version 20 for project environment setup.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant WebUI
    participant Docs

    User->>WebUI: Views client installation options
    WebUI-->>User: Displays install script and Homebrew commands

    User->>Docs: Reads installation documentation
    Docs-->>User: Shows install script and Homebrew instructions

Loading

Possibly related PRs

• Add experimental installation script for portr cli #161: Introduces the install script command that is now included as a new installation method in both the UI and documentation.

Poem

Hopping along the install trail,
Now two ways for clients to set sail—
Curl or brew, pick what you please,
Copy with a click, install with ease!
🐇✨
Portr’s journey’s just begun,
With scripts and docs for everyone!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa09b66 and f15f97f.

📒 Files selected for processing (1)

• docs/.nvmrc (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• docs/.nvmrc

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test
• GitHub Check: Cloudflare Pages

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cloudflare-workers-and-pages]

Deploying portr with    Cloudflare Pages

Latest commit:	f15f97f
Status:	✅  Deploy successful!
Preview URL:	https://dda24bae.portr.pages.dev
Branch Preview URL:	https://curl-install-docs.portr.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b60d75 and fa09b66.

📒 Files selected for processing (2)

• admin/web/src/pages/app/overview.svelte (2 hunks)
• docs/src/content/docs/client/installation.mdx (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/src/content/docs/client/installation.mdx

[grammar] ~10-~10: The word ‘install’ is not a noun.
Context: ...ts"; ### Install the client Using the install script: ```shell curl -sSf https://ins...

(A_INSTALL)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test

🔇 Additional comments (2)

admin/web/src/pages/app/overview.svelte (2)

230-266: Excellent UI restructuring for multiple installation methods.

The updated UI clearly presents both installation options with proper labeling, syntax highlighting, and copy functionality. The structure is user-friendly and provides good visual separation between the two methods.

---

270-270: Good text improvement for consistency.

The change from "Or download the binary" to "You can also download the binary" provides better flow and consistency with the multiple installation options presented above.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Consider security implications of the curl-based install script.

The new install script pattern curl -sSf https://install.portr.dev | sh is convenient but poses security risks since it downloads and executes code directly. Consider adding a security warning or offering users the option to download and inspect the script first.

Consider adding a security notice in the UI or providing an alternative download-first approach:

+  const installScriptUrl = "https://install.portr.dev";
+  const installCommand = `
+  # Download and inspect the script first (recommended):
+  curl -sSf ${installScriptUrl} -o install.sh && chmod +x install.sh && ./install.sh
+  
+  # Or run directly (less secure):
+  curl -sSf ${installScriptUrl} | sh
+  `.trim();

Let me verify if the install script URL is accessible:

---

🏁 Script executed:

#!/bin/bash
# Check if the install script URL is accessible and inspect its content
curl -I https://install.portr.dev
curl -sSf https://install.portr.dev | head -20

Length of output: 1606

---

Add security notice and download-first option for the curl installer

The install script at https://install.portr.dev is accessible and returns the expected bash installer. However, piping remote code directly into sh carries inherent risks. Please update the UI and constants to:

• Offer a download-and-inspect approach as the recommended path
• Retain the direct pipeline option with a clear warning

Locations to update:

• admin/web/src/pages/app/overview.svelte around lines 100–106 (installCommand definition)

Suggested diff:

  // Define installer URL
+ const installScriptUrl = 'https://install.portr.dev';

- const installCommand = `
- curl -sSf https://install.portr.dev | sh
- `.trim();
+ const installCommand = `
+ # Recommended: download and inspect the installer first
+ curl -sSf ${installScriptUrl} -o install.sh && chmod +x install.sh && ./install.sh
+
+ # Or run directly (less secure)
+ curl -sSf ${installScriptUrl} | sh
+ `.trim();

Additionally, consider adding a brief security notice in the UI adjacent to the install command, e.g.:

“Running remote scripts directly is less secure. We recommend downloading and reviewing the script before execution.”

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const installCommand = `
	curl -sSf https://install.portr.dev | sh
	`.trim();
	const homebrewCommand = `
	brew install amalshaji/taps/portr
	`.trim();
	// Define installer URL
	const installScriptUrl = 'https://install.portr.dev';
	const installCommand = `
	# Recommended: download and inspect the installer first
	curl -sSf ${installScriptUrl} -o install.sh && chmod +x install.sh && ./install.sh
	# Or run directly (less secure)
	curl -sSf ${installScriptUrl} | sh
	`.trim();
	const homebrewCommand = `
	brew install amalshaji/taps/portr
	`.trim();

🤖 Prompt for AI Agents

In admin/web/src/pages/app/overview.svelte around lines 100 to 106, the
installCommand uses a direct curl-to-sh pipeline which poses security risks.
Update the code to provide two options: keep the direct pipeline command but add
a clear security warning, and add a new command that downloads the script first
for inspection before running it. Also, add a brief security notice in the UI
near the install command explaining that running remote scripts directly is less
secure and recommending users download and review the script before execution.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Address the grammar issue and consider security documentation.

The documentation structure aligns well with the UI changes, but there's a grammar issue flagged by static analysis. Also consider adding security guidance for the curl-based install method.

Apply this diff to fix the grammar and add security context:

-Using the install script:
+Using the installation script:



+:::caution[Security Notice]
+The install script downloads and executes code directly. For enhanced security, consider downloading and inspecting the script first:
+

Let me verify the grammar concern from static analysis:

---

🏁 Script executed:

```shell
curl -sSf https://install.portr.dev | sh

Length of output: 959

---

🏁 Script executed:

+curl -sSf https://install.portr.dev -o install.sh && chmod +x install.sh && ./install.sh
+```
+:::

Or install the client using homebrew:

Length of output: 265

---

🌐 Web query:

Is "install script" grammatically correct or should it be "installation script"?

💡 Result:

Both "install script" and "installation script" can be used, but they have slightly different connotations and usage preferences.

• "Installation script" is the more formal and commonly used term. It refers to a script that performs the process of installation. It treats "installation" as a noun modifying "script," emphasizing the purpose of the script related to installing software or components.

• "Install script" is more informal and less common. It might be used in contexts where "install" is treated as a verb or shorthand, but it's generally considered less standard than "installation script."

In most professional and technical contexts, "installation script" is preferred for clarity and formality.

---

Use “installation script” and add security guidance

Tested the direct install script; it runs as expected. To improve clarity and help users stay safe, update the phrasing and include a caution block:

Suggested patch:

- Using the install script:
+ Using the installation script:

```shell
curl -sSf https://install.portr.dev | sh

• :::caution[Security Notice]
• The install script downloads and executes code directly. For greater security, download and review the script before running:
• curl -sSf https://install.portr.dev -o install.sh
• chmod +x install.sh
• ./install.sh
• :::

Or install the client using Homebrew:

This fixes the grammar (“installation script” is more formal) and provides essential security guidance for users installing via curl.

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 LanguageTool</summary>

[grammar] ~10-~10: The word ‘install’ is not a noun.
Context: ...ts";  ### Install the client  Using the install script:  ```shell curl -sSf https://ins...

(A_INSTALL)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

In docs/src/content/docs/client/installation.mdx around lines 10 to 16, replace
the informal phrase "install script" with the more formal "installation script"
for clarity. Additionally, add a caution block advising users about the security
risks of piping curl output directly to sh, and provide an alternative safer
method by downloading the script first, reviewing it, making it executable, and
then running it. This improves grammar and adds important security guidance for
users.

</details>

<!-- This is an auto-generated comment by CodeRabbit -->