[Stellar] Add link to UI builder for stellar

[CoveMB]

Add link to UI builder for stellar

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

These changes update UI Builder navigation across the public-facing HTML files. The index.html file adds an ecosystem query parameter (evm) to the UI Builder link, while stellar.html enhances navigation with updated styling, corrects Stellar switch routing to /stellar, and adds a promotional UI Builder block.

Changes

Cohort / File(s)	Summary
UI Builder Navigation & Promotion packages/ui/public/index.html, packages/ui/public/stellar.html	index.html: Added ?ecosystem=evm query parameter to UI Builder link. stellar.html: Updated nav container class styling, changed Stellar switch link from "#" to "/stellar", and added a promotional right-aligned UI Builder block with ecosystem=stellar parameter and CTA button.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

These are straightforward HTML/markup updates with no logic changes—simple URL parameter additions, CSS class updates, and static content additions.

Possibly related PRs

• Rename UI Builder label #673: Modifies UI Builder text and content in packages/ui/public/index.html, aligning with the ecosystem parameter additions in this PR.

Suggested reviewers

• pasevin
• son-oz
• ericglau

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description 'Add link to UI builder for stellar' is directly related to the changeset, which adds UI builder links for Stellar in the stellar.html file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately describes the main change: adding a link to the UI Builder for Stellar. It directly relates to the primary modifications across both HTML files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c14be02 and 9919786.

📒 Files selected for processing (2)

• packages/ui/public/index.html (1 hunks)
• packages/ui/public/stellar.html (1 hunks)

🧰 Additional context used

🪛 ast-grep (0.39.9)

packages/ui/public/stellar.html

[warning] 82-85: "This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible."
Context:
Try the UI Builder


Note: [CWE-319] Authentication Bypass by Primary Weakness [REFERENCES]
- https://cwe.mitre.org/data/definitions/319.html

(plaintext-http-link-html)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: boostsecurity - boostsecurityio/semgrep-pro
• GitHub Check: build (stellar, compile)
• GitHub Check: build (solidity, default)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/ui/public/stellar.html (2)

65-68: Navigation container and routing updates look good.

The nav container classes are properly aligned with index.html, and the Stellar switch href correction from # to /stellar with the active class addition is appropriate.

---

64-89: Promotional block structure and ecosystem parameter handling look good.

The new promotional block is well-structured, properly styled, and correctly uses the ecosystem=stellar parameter for Stellar contracts. The layout mirrors the equivalent pattern in index.html, maintaining consistency across the UI.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Use HTTPS for external links to maintain security consistency.

The URL uses plaintext HTTP while all other external links in this file use HTTPS. This inconsistency creates a security concern and should be corrected.

If HTTPS is supported, apply this diff:

-        <a href="http://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
+        <a href="https://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">

---

🌐 Web query:

Does builder.openzeppelin.com support HTTPS connections?

💡 Result:

Yes — builder.openzeppelin.com is served over HTTPS (accessible at https://builder.openzeppelin.com). [1][2]

Sources:
[1] OpenZeppelin UI Builder (builder.openzeppelin.com).
[2] OpenZeppelin Docs — Contracts UI Builder quickstart.

---

Change HTTP to HTTPS for the UI Builder link.

The endpoint supports HTTPS and should be used for consistency with other external links in this file.

-        <a href="http://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
+        <a href="https://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<a href="http://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
	<a href="https://builder.openzeppelin.com?ecosystem=evm" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">

🤖 Prompt for AI Agents

In packages/ui/public/index.html around line 115, the UI Builder anchor uses an
insecure "http://builder.openzeppelin.com?ecosystem=evm" href; update the href
to use "https://builder.openzeppelin.com?ecosystem=evm" so the link matches
other external links and uses HTTPS while leaving the rest of the attributes
(target, rel, classes) unchanged.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Use HTTPS for external links to maintain security consistency.

The UI Builder button on line 83 uses plaintext HTTP while all other external links in this file (and corresponding patterns in index.html) use HTTPS. This inconsistency should be corrected.

If HTTPS is supported, apply this diff:

-        <a href="http://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
+        <a href="https://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">

---

🌐 Web query:

Does builder.openzeppelin.com support HTTPS connections?

💡 Result:

Yes — builder.openzeppelin.com is served over HTTPS (https://builder.openzeppelin.com). [1][2]

Sources: OpenZeppelin UI Builder site and docs. [1] https://builder.openzeppelin.com [2] https://docs.openzeppelin.com/ui-builder

---

Use HTTPS for the UI Builder link to maintain security consistency.

The UI Builder button on line 83 uses plaintext HTTP while all other external links in this file use HTTPS. builder.openzeppelin.com is served over HTTPS, so this should be corrected.

-        <a href="http://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
+        <a href="https://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<div class="flex flex-row gap-2">
	<div class="text-sm text-gray-600 leading-tight text-right">
	<div>After deploying a contract, use the</div>
	<div>new UI Builder to spin up a quick UI</div>
	</div>
	<div class="flex items-center">
	<img src="/icons/arrow-right.svg" alt="arrow-right" class="arrow-gray">
	</div>
	<div class="flex items-center">
	<a href="http://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
	<span>Try the UI Builder</span>
	<img src="/icons/up-right-from-square.svg" alt="up-right-from-square" class="arrow-white">
	</a>
	</div>
	</div>
	<div class="flex flex-row gap-2">
	<div class="text-sm text-gray-600 leading-tight text-right">
	<div>After deploying a contract, use the</div>
	<div>new UI Builder to spin up a quick UI</div>
	</div>
	<div class="flex items-center">
	<img src="/icons/arrow-right.svg" alt="arrow-right" class="arrow-gray">
	</div>
	<div class="flex items-center">
	<a href="https://builder.openzeppelin.com?ecosystem=stellar" target="_blank" rel="noopener noreferrer" class="bg-[#3d3b5d] text-white px-4 py-2 rounded-full text-sm font-medium flex items-center gap-2 hover:bg-[#4a4872] transition-colors no-underline whitespace-nowrap">
	<span>Try the UI Builder</span>
	<img src="/icons/up-right-from-square.svg" alt="up-right-from-square" class="arrow-white">
	</a>
	</div>
	</div>

🧰 Tools

🪛 ast-grep (0.39.9)

[warning] 82-85: "This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible."
Context:
Try the UI Builder


Note: [CWE-319] Authentication Bypass by Primary Weakness [REFERENCES]
- https://cwe.mitre.org/data/definitions/319.html

(plaintext-http-link-html)

🤖 Prompt for AI Agents

In packages/ui/public/stellar.html around lines 72 to 88 the "Try the UI
Builder" anchor uses an insecure HTTP URL; change the href from
"http://builder.openzeppelin.com?ecosystem=stellar" to
"https://builder.openzeppelin.com?ecosystem=stellar" (leave target, rel, and
other attributes unchanged) so the external link uses HTTPS like the rest of the
file.

[ericglau]

For EVM, would it look cleaner to omit ecosystem parameter if that is the default?