fix: remove REST docs credential customization form

[serendipitous-syntax]

Fixes #898

What changed

• Removed the REST docs credential-entry customization form.
• Removed the JavaScript localStorage wiring for docs-provided server URLs and keys.
• Replaced the customizable values with static placeholder examples and a reminder to only use real credentials in trusted environments.
• Regenerated assets/js/bundle.js.

Checks

• npm install
• npm run webpack
• node --check _app/main.js
• git diff --check

bundle exec jekyll build was attempted locally but could not run in this VM because the available Ruby is 2.6.10 and the resolved nokogiri-1.16.5 requires Ruby >= 3.0.

Summary by CodeRabbit

• Bug Fixes

  • Removed an unwanted interactive server-field customization UI from documentation pages, preventing accidental client-side persistence and behavior.

• Documentation

  • Replaced the interactive customization instructions with static placeholder examples and a clear security warning to never enter or share real credentials in docs or third‑party forms.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9d4cb286-ff03-44ec-8d56-c519583ac5b5

📥 Commits

Reviewing files that changed from the base of the PR and between 15942e8 and 201525b.

📒 Files selected for processing (1)

• _includes/common/server-customize.md

✅ Files skipped from review due to trivial changes (1)

• _includes/common/server-customize.md

---

📝 Walkthrough

Walkthrough

The PR removes the interactive server-credential form from the Docs frontend (delete method and its render call), updates the TOC instantiation in Docs.render(), and replaces the interactive form docs with placeholder/example configuration values and a security warning.

Changes

Sensitive Data Form Removal

Layer / File(s)	Summary
Remove sensitive data form from docs frontend _app/main.js	Deleted setupServerFieldCustomization() from App.Views.Docs.Main (removes localStorage init and DOM event handlers for the server customization UI). Removed its invocation from Docs.render() and updated UI.LiveTOC instantiation to include scrollContent and content options.
Update documentation with placeholder guidance _includes/common/server-customize.md	Replaced interactive form instructions with a security warning and simplified highlighter-rouge example placeholders for serverUrl, appId, masterKey, clientKey, and restApiKey.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 6 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Engage In Review Feedback	❓ Inconclusive	Cannot assess review engagement without access to GitHub PR review comments. Open PR lacks git-level evidence of review cycles or feedback incorporation.	Access GitHub PR #976 directly to verify posted comments, reviewer engagement, and discussion threads on the PR timeline.

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title begins with 'fix:' prefix and accurately describes the main change: removal of the credential customization form.
Linked Issues check	✅ Passed	The PR fully implements issue #898's requirements: removes the credential-entry form, replaces custom fields with placeholder examples, and adds security warnings.
Out of Scope Changes check	✅ Passed	All changes directly address the linked issue #898; no unrelated modifications or scope creep detected in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Security Check	✅ Passed	PR removes security vulnerabilities: eliminates credential entry form, removes localStorage storage, adds security warnings, and uses static placeholders. No problematic security patterns introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

_includes/common/server-customize.md (1)

3-3: 💤 Low value

Consider mentioning all configuration values in the warning.

The warning specifically calls out "master keys, client keys, or REST API keys" but the list below also includes serverUrl and appId. For consistency and completeness, consider either:

• Using more general language: "never enter or share real credentials or configuration values..."
• Being explicit: "never enter or share real server URLs, app IDs, master keys, client keys, or REST API keys..."

The current phrasing correctly emphasizes the most sensitive values, so this is primarily a consistency consideration.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@_includes/common/server-customize.md` at line 3, Update the warning sentence
to include all configuration values by either using a general phrase or
enumerating the items; e.g., replace the current specific list ("master keys,
client keys, or REST API keys") with a broader phrase like "real credentials or
configuration values (e.g., serverUrl, appId, master keys, client keys, REST API
keys)" so that serverUrl and appId are explicitly protected in the same message.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@_includes/common/server-customize.md`:
- Line 3: Update the warning sentence to include all configuration values by
either using a general phrase or enumerating the items; e.g., replace the
current specific list ("master keys, client keys, or REST API keys") with a
broader phrase like "real credentials or configuration values (e.g., serverUrl,
appId, master keys, client keys, REST API keys)" so that serverUrl and appId are
explicitly protected in the same message.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8a891527-3897-488d-9c8e-826a14554838

📥 Commits

Reviewing files that changed from the base of the PR and between 51c5175 and 15942e8.

📒 Files selected for processing (3)

• _app/main.js
• _includes/common/server-customize.md
• assets/js/bundle.js

💤 Files with no reviewable changes (1)

• _app/main.js