Feat/new projects screen

[mskorokhodov]

Background

Description

Checklist

• Input validation
• Output encoding
• Authentication management
• Session management
• Access control
• Cryptographic practices
• Error handling and logging
• Data protection
• Communication security
• System configuration
• Database security
• File management
• Memory management
• Testing

[github-actions]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-hive/apollo	0.48.1-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎
@graphql-hive/cli	0.60.1-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎
@graphql-hive/core	0.21.1-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎
@graphql-hive/envelop	0.40.6-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎
@graphql-hive/yoga	0.48.1-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎
hive	11.2.2-alpha-20260610080006-90e5ed6e68eb5a079aa24c71c78048b71a6ad1d0	npm ↗︎ unpkg ↗︎

[gemini-code-assist]

Code Review

This pull request introduces cursor-based pagination, searching, and sorting (by name, creation date, requests, and schema versions) for projects and targets on both the backend and frontend. It also refactors the organization and project dashboard views to use a new, detailed TargetCard component that displays latency, request volume, and success rate over time. Feedback on the changes focuses on preventing potential integer overflow bugs in ClickHouse queries by avoiding database-level casts to 32-bit integers for high-volume metrics, recommending instead the use of z.coerce.number() in Zod schemas. Additionally, a PostgreSQL query in TargetStats requires casting COUNT(*) to ::int to ensure the driver parses it as a JavaScript number, preventing a runtime validation error against the expected Zod schema.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

In PostgreSQL, COUNT(*) returns a bigint which is parsed as a string by the pg driver. Since the Zod schema expects total to be a number (line 55), this will cause a runtime validation error. Casting COUNT(*) to ::int (as done in ProjectStats.countSchemaVersionsByProjectIds) ensures it is parsed as a JavaScript number. Additionally, when refactoring or optimizing SQL queries, write comprehensive integration tests to verify correctness under edge cases (such as shared commits across multiple targets) to ensure correctness and prevent regressions.

Suggested change

	COUNT(*) as total
	COUNT(*)::int as total

References

1. When refactoring or optimizing SQL queries, write comprehensive integration tests to verify correctness under edge cases (such as shared commits across multiple targets) to ensure correctness and prevent regressions.

[gemini-code-assist]

Casting sum(total) to ::int (which ClickHouse maps to Int32) can lead to integer overflow if the total number of requests for a target exceeds 2.14 billion (the maximum value for a signed 32-bit integer) within the queried period. High-traffic APIs can easily exceed this threshold. To prevent overflow while still ensuring the value is parsed as a number in JavaScript, we should avoid casting to Int32 in ClickHouse and instead use z.coerce.number() in the Zod schema. Additionally, write comprehensive integration tests to verify correctness under edge cases when refactoring SQL queries.

Suggested change

	sum(total)::int as total
	sum(total) as total

References

1. When refactoring or optimizing SQL queries, write comprehensive integration tests to verify correctness under edge cases (such as shared commits across multiple targets) to ensure correctness and prevent regressions.

[gemini-code-assist]

Use z.coerce.number() to safely coerce the ClickHouse Int64 string representation into a JavaScript number, avoiding potential integer overflow from casting to Int32 in the database query.

Suggested change

	total: z.number(),
	total: z.coerce.number(),

[gemini-code-assist]

Casting total and totalOk to ::int (which ClickHouse maps to Int32) can lead to integer overflow if the total number of requests for a target exceeds 2.14 billion within the queried period. High-traffic APIs can easily exceed this threshold. To prevent overflow while still ensuring the value is parsed as a number in JavaScript, we should avoid casting to Int32 in ClickHouse and instead use z.coerce.number() in the Zod schema. Ensure comprehensive integration tests are written to verify correctness under edge cases when refactoring these queries.

Suggested change

	ifNull(aggregated.total, 0)::int as total,
	ifNull(aggregated.totalOk, 0)::int as totalOk,
	ifNull(aggregated.total, 0) as total,
	ifNull(aggregated.totalOk, 0) as totalOk,

References

1. When refactoring or optimizing SQL queries, write comprehensive integration tests to verify correctness under edge cases (such as shared commits across multiple targets) to ensure correctness and prevent regressions.

[gemini-code-assist]

Use z.coerce.number() to safely coerce the ClickHouse Int64 string representation into a JavaScript number, avoiding potential integer overflow from casting to Int32 in the database query.

Suggested change

	total: z.number(),
	totalOk: z.number(),
	total: z.coerce.number(),
	totalOk: z.coerce.number(),

[github-actions]

🐋 This PR was built and pushed to the following Docker images:

Targets: build

Platforms: linux/amd64

Image Tags: 3f1467ed760b8b01ce0541c6e33592297d5caac4, 3f1467e