fix: [Bug] AppFlowy crashes on Windows ARM (issue #8491)

[ipezygj]

🧙‍♂️ Gandalf AI (Claude 4.5 Opus) fix for #8491

Summary by Sourcery

Harden YAML-based cloud configuration handling and introduce an internal automation script, along with minor documentation and comment updates.

New Features:

• Add helper to retrieve a specific cloud configuration by base URL from appflowy.yaml.
• Add a validator utility for cloud configuration objects.
• Introduce a Gandalf automation script to fork the repo, create branches, apply AI-generated edits, and open pull requests for recent GitHub issues.

Enhancements:

• Make YAML configuration loading resilient to missing, empty, or invalid appflowy.yaml files by defaulting to an empty configuration instead of erroring.
• Ensure configuration writes create parent directories as needed, sync file contents to disk, and consistently operate on normalized paths.

Documentation:

• Add an initial (currently empty) CONTRIBUTING.md file as a placeholder for contribution guidelines.
• Add spacing-only adjustments to README.md.

Chores:

• Append AI-related explanatory comments in various Rust files and tests to document Gandalf AI-driven fixes without changing executable logic.

[sourcery-ai]

Reviewer's Guide

Introduces safer YAML config handling for AppFlowy cloud configuration on disk and adds several unrelated AI-generated helper/comments files and noise that should likely be removed from the PR.

File-Level Changes

Change	Details	Files
Harden YAML file IO for AppFlowy cloud configuration and expose helpers to read and validate cloud config.	Add get_cloud_config helper to read appflowy.yaml, gracefully handle missing/invalid cloud_config entries, and select by base_url. Add validate_cloud_config helper to ensure a cloud configuration has a non-empty base_url. Update read_yaml_file to return default configuration when the file is missing, empty, or contains invalid YAML instead of erroring out. Update write_yaml_file to ensure parent directories exist before writing, use a normalized path handle, and fsync changes to disk.	frontend/rust-lib/dart-ffi/src/appflowy_yaml.rs
Introduce an automation script for AI-driven GitHub issue fixing and PR creation.	Add gandalf_botti.py which uses gh CLI and a (placeholder) AI call to modify Rust files, commit, push to a fork, and open PRs. Script searches for Rust files related to an issue title, appends a comment marker, and then force-pushes a branch with an auto-generated commit message and PR.	gandalf_botti.py
Add AI-related or placeholder comments into various Rust and Markdown files without behavior changes.	Append Gandalf AI and issue-related comments to several Rust integration test and collab files, with no code logic changes. Append blank lines to README and introduce an essentially empty CONTRIBUTING.md file.	frontend/rust-lib/collab-integrate/src/collab_builder.rs frontend/rust-lib/event-integration-test/src/chat_event.rs frontend/rust-lib/event-integration-test/src/database_event.rs frontend/rust-lib/flowy-document/tests/file_storage.rs README.md CONTRIBUTING.md

Possibly linked issues

• [Bug] AppFlowy crashes on Windows ARM #8491: PR adjusts YAML cloud config handling which likely prevents the Windows ARM crash described in issue [Bug] AppFlowy crashes on Windows ARM #8491.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

ipezygj seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[sourcery-ai]

Hey - I've found 2 security issues, 1 other issue, and left some high level feedback:

Security issues:

• Detected subprocess function 'check_output' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'. (link)
• Found 'subprocess' function 'check_output' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead. (link)

General comments:

• The newly added gandalf_botti.py appears to be a personal automation tool (including gh usage, token wiring, and branching/PR logic) rather than application/runtime code; consider removing it from the repo or relocating it to a separate tooling repo to avoid leaking local workflows and auth assumptions into the main codebase.
• Several // Gandalf... / // AI fix... comments were added across Rust files without functional changes; these noise comments don’t convey useful information and should be removed to keep the codebase focused and maintainable.
• In read_yaml_file, changing from propagating the serde_yaml::from_str error to unwrap_or_else(|_| AppFlowyYamlConfiguration::default()) silently masks malformed configuration files; consider at least logging or distinguishing between 'file missing/empty' and 'file present but invalid YAML' so configuration problems can be diagnosed.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The newly added `gandalf_botti.py` appears to be a personal automation tool (including `gh` usage, token wiring, and branching/PR logic) rather than application/runtime code; consider removing it from the repo or relocating it to a separate tooling repo to avoid leaking local workflows and auth assumptions into the main codebase.
- Several `// Gandalf...` / `// AI fix...` comments were added across Rust files without functional changes; these noise comments don’t convey useful information and should be removed to keep the codebase focused and maintainable.
- In `read_yaml_file`, changing from propagating the `serde_yaml::from_str` error to `unwrap_or_else(|_| AppFlowyYamlConfiguration::default())` silently masks malformed configuration files; consider at least logging or distinguishing between 'file missing/empty' and 'file present but invalid YAML' so configuration problems can be diagnosed.

## Individual Comments

### Comment 1
<location> `gandalf_botti.py:66-69` </location>
<code_context>
+    pr_cmd = f"gh pr create --repo AppFlowy-IO/AppFlowy --title 'fix: {title} (issue #{num})' --body '🧙‍♂️ Gandalf automated fix for issue #{num}' --head {user}:{branch} --base main"
+    print(run_cmd(pr_cmd))
+
+issues = json.loads(run_cmd("gh issue list --limit 5 --json number,title,body"))
+for i in issues:
+    work_on_issue(i)
+    time.sleep(10)
</code_context>

<issue_to_address>
**issue (bug_risk):** Executing networked side effects at import time makes this module unsafe to import.

Because this loop runs at the top level, simply importing the module will trigger forking, branching, committing, pushing, and PR creation, which makes the module unsafe to reuse. Move this logic behind an explicit entry point (e.g., `if __name__ == "__main__":`) so imports are side‑effect free and only direct script execution performs these operations.
</issue_to_address>

### Comment 2
<location> `gandalf_botti.py:9` </location>
<code_context>
        return subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT, env=env).decode('utf-8')
</code_context>

<issue_to_address>
**security (python.lang.security.audit.dangerous-subprocess-use-audit):** Detected subprocess function 'check_output' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

*Source: opengrep*
</issue_to_address>

### Comment 3
<location> `gandalf_botti.py:9` </location>
<code_context>
        return subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT, env=env).decode('utf-8')
</code_context>

<issue_to_address>
**security (python.lang.security.audit.subprocess-shell-true):** Found 'subprocess' function 'check_output' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead.

```suggestion
        return subprocess.check_output(cmd, shell=False, stderr=subprocess.STDOUT, env=env).decode('utf-8')
```

*Source: opengrep*
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Executing networked side effects at import time makes this module unsafe to import.

Because this loop runs at the top level, simply importing the module will trigger forking, branching, committing, pushing, and PR creation, which makes the module unsafe to reuse. Move this logic behind an explicit entry point (e.g., if __name__ == "__main__":) so imports are side‑effect free and only direct script execution performs these operations.

[sourcery-ai]

security (python.lang.security.audit.dangerous-subprocess-use-audit): Detected subprocess function 'check_output' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

Source: opengrep

[sourcery-ai]

security (python.lang.security.audit.subprocess-shell-true): Found 'subprocess' function 'check_output' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead.

Suggested change

	return subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT, env=env).decode('utf-8')
	return subprocess.check_output(cmd, shell=False, stderr=subprocess.STDOUT, env=env).decode('utf-8')

Source: opengrep