Attempt storybook setup in onlook containers

[saddlepaddle]

Description

Related Issues

Type of Change

• Bug fix
• New feature
• Documentation
• Refactor
• Other (please describe):

Testing

Screenshots (if applicable)

Additional Notes

---

Important

Enhances Storybook integration by adding findOnlookParent() for iframe handling and preloading Onlook scripts in Storybook.

• Enhancements:
  • Added findOnlookParent() in index.ts to handle both direct and nested iframe scenarios for Onlook connections.
  • Updated createMessageConnection() in index.ts to use findOnlookParent() for setting remoteWindow.
• Storybook Integration:
  • Added <script> tag in preview-head.html to preload Onlook scripts in Storybook.

^{This description was created by for 31daefc. You can customize this summary. It will automatically update as commits are pushed.}

---

Summary by CodeRabbit

• Chores
  • Preloads a script in Storybook preview to improve embedded preview startup.
  • Improved handling of various iframe embedding scenarios for more reliable Storybook/embed behavior.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
web	Ready	Preview	Comment	Nov 6, 2025 7:41pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Nov 6, 2025 7:41pm

[supabase]

This pull request has been ignored for the connected project wowaemfasoptxrdjhilu because there are no changes detected in apps/backend/supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.

---

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

[coderabbitai]

Walkthrough

Adds a Storybook preview preload script tag and implements a helper to detect the correct parent window for Onlook messenger initialization across direct, Next.js and nested iframe scenarios.

Changes

Cohort / File(s)	Summary
Storybook configuration apps/web/client/.storybook/preview-head.html	Adds a module script tag with id onlook-preload-script to preload /onlook-preload-script.js in Storybook preview
Iframe parent detection & messenger init apps/web/preload/script/index.ts	Adds findOnlookParent() to resolve the appropriate parent window for Onlook (handles not-in-iframe, direct iframe, nested Storybook iframe) and updates WindowMessenger initialization to use that resolved window; includes diagnostic logging

Sequence Diagram(s)

sequenceDiagram
    participant Iframe as App / Iframe
    participant Finder as findOnlookParent()
    participant Messenger as WindowMessenger

    Iframe->>Finder: determine parent window
    alt direct iframe (parent === expected)
        Finder-->>Iframe: return window.parent
    else nested iframe (top !== parent)
        Finder-->>Iframe: log diagnostic, return window.top
    else not in iframe
        Finder-->>Iframe: log diagnostic, return window.parent (fallback)
    end
    Iframe->>Messenger: initialize with resolved remoteWindow
    Messenger-->Iframe: establish message connection

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review areas needing attention:
  • findOnlookParent() logic and edge-case conditions (when to prefer top vs parent).
  • Diagnostic logging to ensure it provides actionable context without leaking sensitive info.
  • WindowMessenger initialization change to confirm compatibility with existing penpal/connection expectations.

Poem

🐇 I nudge the frames and sniff the threads,
I find the parent where the message spreads,
Storybook wakes with a tiny jump,
Preloaded script and no more slump —
Hooray for windows, hops, and webs! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description template is mostly unfilled; core sections (Description, Related Issues, Type of Change, Testing) lack substantive content despite an auto-generated summary being appended.	Fill the Description section with the actual changes, specify Type of Change, link Related Issues, and describe Testing steps performed to validate iframe handling and Storybook integration.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: attempting Storybook setup within Onlook containers, which aligns with the changes adding findOnlookParent() and preload script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch attempt-storybook-setup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/web/preload/script/index.ts (1)

47-48: Consider implementing proper origin validation.

The TODO comment correctly identifies that using allowedOrigins: ['*'] is a security concern. In production, this should be restricted to trusted origins to prevent unauthorized cross-origin communication.

Consider defining allowed origins based on the environment:

const getAllowedOrigins = (): string[] => {
    if (process.env.NODE_ENV === 'development') {
        return ['http://localhost:*', 'http://127.0.0.1:*'];
    }
    // Add production domains
    return ['https://yourdomain.com'];
};

const messenger = new WindowMessenger({
    remoteWindow: findOnlookParent(),
    allowedOrigins: getAllowedOrigins(),
});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b121d7 and 30e6c07.

📒 Files selected for processing (2)

• apps/web/client/.storybook/preview-head.html (1 hunks)
• apps/web/preload/script/index.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Do not use the any type unless necessary

Files:

• apps/web/preload/script/index.ts

{apps,packages}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Avoid using the any type unless absolutely necessary

Files:

• apps/web/preload/script/index.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run Chromatic

🔇 Additional comments (2)

apps/web/preload/script/index.ts (1)

46-46: Good approach to use intelligent parent detection.

Replacing the hardcoded window.parent with findOnlookParent() is the right approach for handling different iframe embedding scenarios. However, ensure the logic flaw in findOnlookParent() is fixed first (see previous comment).

apps/web/client/.storybook/preview-head.html (1)

1-1: No action required—the script path is correctly configured.

The file exists at apps/web/client/public/onlook-preload-script.js and is properly served by Storybook through the configured staticDirs: ["../public"] setting in .storybook/main.ts. The path /onlook-preload-script.js will resolve correctly in both development and production builds.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/web/preload/script/index.ts (1)

9-35: Logic flaw from previous review has been fixed.

The previous critical issue regarding the condition that prevented nested iframe scenarios from working has been correctly resolved. The current implementation properly checks window.parent === window.top (line 22) for direct iframes before falling back to window.top (line 28) for nested iframes.

Minor observations:

1. Lines 15-18: When window === window.top, returning window.parent is equivalent to returning window itself. Consider updating the message to be more explicit: "Not in an iframe, using window as fallback" and return window directly for clarity.

2. Line 28: The check if (window.top) is always truthy in browsers and appears redundant. This may be present for TypeScript strict null checking, but could be removed if not needed.

Optional refactor for clarity:

 const findOnlookParent = (): Window => {
     // If we're not in an iframe, something is wrong
     if (window === window.top) {
-        console.warn(`${PENPAL_CHILD_CHANNEL} - Not in an iframe, using window.parent as fallback`);
-        return window.parent;
+        console.warn(`${PENPAL_CHILD_CHANNEL} - Not in an iframe, using window as fallback`);
+        return window;
     }
 
     // Check if we're in a direct iframe (parent is the top window)
     // This is the Next.js case: Onlook -> Next.js iframe
     if (window.parent === window.top) {
         return window.parent;
     }
 
     // We're in a nested iframe (parent is NOT the top window)
     // This is the Storybook case: Onlook -> CodeSandbox -> Storybook preview iframe
-    if (window.top) {
-        console.log(`${PENPAL_CHILD_CHANNEL} - Using window.top for nested iframe scenario`);
-        return window.top;
-    }
+    console.log(`${PENPAL_CHILD_CHANNEL} - Using window.top for nested iframe scenario`);
+    return window.top!;
 
-    // Final fallback
-    return window.parent;
 };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 30e6c07 and 31daefc.

📒 Files selected for processing (1)

• apps/web/preload/script/index.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Do not use the any type unless necessary

Files:

• apps/web/preload/script/index.ts

{apps,packages}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Avoid using the any type unless absolutely necessary

Files:

• apps/web/preload/script/index.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run Chromatic

🔇 Additional comments (1)

apps/web/preload/script/index.ts (1)

46-46: Correct integration of the parent window detection.

The change from hardcoded window.parent to findOnlookParent() properly enables dynamic parent window detection for both direct iframe (Next.js) and nested iframe (Storybook) scenarios.