feat(apollo-vertex): update Alert and Sonner styles and docs

[hfrancis31]

Summary

• Alert: removed info and success statuses — component now supports default, warning, error only. Outline variant uses bg-card for a solid opaque background. Tinted variant uses opacity modifiers per status.
• Sonner: overhauled status toast styles with theme-aware color-mix backgrounds (--card base in light, --popover base in dark). Added explicit text, icon, and close button color overrides per status for both themes. Info toast uses card-foreground surface with primary-foreground text for natural inversion across themes.
• Docs: updated alert and in-product notification pages to reflect two visual styles (tinted, outline), corrected status availability per component (Sonner vs Alert), added Sonner Toaster props and toast() API tables.

Test plan

• Check Alert tinted and outline variants in light and dark mode
• Check all four Sonner toast types (info, success, warning, error) in light and dark mode
• Verify text, icons, and close buttons are readable in both themes
• Review /shadcn-components/alert, /shadcn-components/sonner, and /patterns/notifications/in-product docs pages

🤖 Generated with Claude Code

[github-actions]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (PT)
apollo-canvas	🟢 Ready	Preview, Logs	Mar 17, 2026, 12:53:09 PM
apollo-landing	🟢 Ready	Preview, Logs	Mar 17, 2026, 12:49:58 PM
apollo-ui-react	🟢 Ready	Preview, Logs	Mar 17, 2026, 12:51:53 PM
apollo-vertex	🟢 Ready	Preview, Logs	Mar 17, 2026, 12:51:06 PM
apollo-wind	🟢 Ready	Preview, Logs	Mar 17, 2026, 12:51:07 PM

[github-actions]

Dependency Review

The following issues were found:

• ❌ 3 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Vulnerabilities

pnpm-lock.yaml

Name	Version	Vulnerability	Severity
flatted	3.3.3	flatted vulnerable to unbounded recursion DoS in parse() revive phase	high
flatted	3.3.4	flatted vulnerable to unbounded recursion DoS in parse() revive phase	high
undici	6.23.0	Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client	high
		Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation	high
		Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression	high

Only included vulnerabilities with severity high or higher.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/pnpm/action-setup	41ff72655975bd51cab0327fa583b6e92b6d3061	🟢 5	Details Check Score Reason Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/flatted	3.3.3	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 0 Found 1/14 approved changesets -- score normalized to 0 Maintained 🟢 10 24 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 4 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2
npm/flatted	3.3.4	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 0 Found 1/14 approved changesets -- score normalized to 0 Maintained 🟢 10 24 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 4 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2
npm/undici	6.23.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Code-Review 🟢 4 Found 13/28 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations
npm/@antfu/ni	25.0.0	Unknown	Unknown
npm/@eslint/config-array	0.21.1	Unknown	Unknown
npm/@eslint/eslintrc	3.3.4	🟢 5.7	Details Check Score Reason Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 11/27 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-v8	4.0.14	Unknown	Unknown
npm/@vitest/expect	4.0.14	Unknown	Unknown
npm/@vitest/mocker	4.0.14	Unknown	Unknown
npm/@vitest/pretty-format	4.0.14	Unknown	Unknown
npm/@vitest/runner	4.0.14	Unknown	Unknown
npm/@vitest/snapshot	4.0.14	Unknown	Unknown
npm/@vitest/spy	4.0.14	Unknown	Unknown
npm/@vitest/ui	4.0.14	Unknown	Unknown
npm/@vitest/utils	4.0.14	Unknown	Unknown
npm/ansis	4.2.0	Unknown	Unknown
npm/ast-v8-to-istanbul	0.3.8	Unknown	Unknown
npm/chai	6.2.1	🟢 6.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 23 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/es-module-lexer	1.7.0	🟢 3	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/expect-type	1.2.2	🟢 4.5	Details Check Score Reason Code-Review 🟢 4 Found 12/29 approved changesets -- score normalized to 4 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/fzf	0.5.2	🟢 3.1	Details Check Score Reason Code-Review ⚠️ 0 Found 1/18 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/istanbul-lib-source-maps	5.0.6	🟢 4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 5 Found 11/20 approved changesets -- score normalized to 5 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/js-tokens	9.0.1	⚠️ 2.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/23 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/magicast	0.5.1	Unknown	Unknown
npm/needle	3.3.1	🟢 4.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 5 Found 10/19 approved changesets -- score normalized to 5 Maintained 🟢 8 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/package-manager-detector	1.5.0	Unknown	Unknown
npm/shadcn	4.0.6	Unknown	Unknown
npm/std-env	3.10.0	Unknown	Unknown
npm/tinyexec	0.3.2	Unknown	Unknown
npm/vitest	4.0.14	Unknown	Unknown
npm/@vitest/coverage-v8	^4.0.14	Unknown	Unknown
npm/vitest	^4.0.14	Unknown	Unknown
npm/@vitest/coverage-v8	^4.0.14	Unknown	Unknown
npm/@vitest/ui	^4.0.14	Unknown	Unknown
npm/vitest	^4.0.14	Unknown	Unknown
npm/@vitest/coverage-v8	^4.0.14	Unknown	Unknown
npm/@vitest/ui	^4.0.14	Unknown	Unknown
npm/vitest	^4.0.14	Unknown	Unknown
npm/@vitest/coverage-v8	^4.0.14	Unknown	Unknown
npm/@vitest/ui	^4.0.14	Unknown	Unknown
npm/vitest	^4.0.14	Unknown	Unknown

Scanned Files

• .github/workflows/apollo-vertex-lint.yml
• .github/workflows/vercel-deploy.yml
• apps/apollo-vertex/package.json
• packages/apollo-core/package.json
• packages/apollo-react/package.json
• packages/apollo-wind/package.json
• pnpm-lock.yaml
• web-packages/ap-chat/package.json

In general, the way to fix an unused function is either to remove it if it is truly unnecessary or to start using it where intended. To avoid changing existing behavior, the safest fix here is to delete the unused SectionTitle component while leaving the rest of the file unchanged.

Concretely, in packages/apollo-wind/src/getting-started/getting-started.stories.tsx, remove the definition of SectionTitle (lines 24–26 in the snippet), which is the function:

function SectionTitle({ children }: { children: React.ReactNode }) {
  return <h2 className="mb-2 text-2xl font-bold tracking-tight text-foreground">{children}</h2>;
}

No new imports, methods, or variables are needed, and no other parts of the file need to be updated.