feat: Gemini agentic video analysis with Google Search grounding

[groupthinking]

What

Implements the UVAI PK=998 pattern: uses Gemini + googleSearch tool as the primary video analysis strategy. One single API call handles both transcription AND event extraction.

Changes

• gemini-video-analyzer.ts (NEW): Agentic engine using systemInstruction with Think→Act→Observe→Map loop, responseSchema for structured output, googleSearch grounding to retrieve transcripts/descriptions/chapters from YouTube
• youtube-metadata.ts (NEW): Scrapes YouTube page for title, description, chapters, channel — no API key needed
• /api/video: Strategy 2 = Gemini agentic (primary), Strategy 3 = transcribe→extract chain (fallback)
• /api/transcribe: Removed broken fileData.fileUri approach, Gemini Google Search grounding is now primary, OpenAI web search is fallback with garbage detection
• /api/extract-events: Now accepts videoUrl without requiring transcript — direct Gemini analysis via Google Search

Why

The old pipeline was broken:

1. fileData.fileUri doesn't work with YouTube URLs (expects gs:// URIs)
2. OpenAI web search returned garbage like "click Show Transcript" instead of actual content
3. extract-events required a transcript string, failing when none was available

Testing

• TypeScript compiles clean
• Tested with real YouTube URLs — OpenAI fallback returns actual content (not garbage)
• Garbage detection filter rejects results containing "click Show Transcript" etc.

⚠️ Note

Both GEMINI_API_KEY and GOOGLE_API_KEY are currently expired. The Gemini agentic strategy will activate once keys are renewed at https://aistudio.google.com/apikey. The fallback chain (OpenAI) works correctly in the meantime.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
v0-uvai	Building	Preview, Comment, Open in v0	Feb 28, 2026 9:20pm

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the video analysis capabilities by integrating a new Gemini-powered agentic approach. The core change shifts the primary video processing strategy to leverage Gemini's Google Search tool for direct content extraction, bypassing previous limitations with transcript availability and unreliable web search results. This update aims to provide more robust and accurate video insights by directly grounding the AI analysis with comprehensive YouTube metadata.

Highlights

• Gemini Agentic Engine: A new agentic engine (gemini-video-analyzer.ts) was introduced, utilizing Gemini with systemInstruction, a Think→Act→Observe→Map loop, responseSchema for structured output, and googleSearch grounding to retrieve YouTube transcripts, descriptions, and chapters.
• YouTube Metadata Scraping: A new utility (youtube-metadata.ts) was added to scrape YouTube pages for video title, description, chapters, and channel information without requiring an API key.
• Primary Video Analysis Strategy: The /api/video endpoint now uses the Gemini agentic analysis as its primary strategy, with the existing transcribe→extract chain serving as a fallback.
• Improved Transcription Endpoint: The /api/transcribe endpoint was updated to remove the broken fileData.fileUri approach, making Gemini Google Search grounding the primary method and improving the OpenAI web search fallback with garbage detection.
• Flexible Event Extraction: The /api/extract-events endpoint now accepts a videoUrl directly, enabling Gemini to perform analysis without a pre-existing transcript.

Changelog

• apps/web/src/app/api/extract-events/route.ts
  • Modified the endpoint to accept either a transcript string or a video URL, enabling direct Gemini analysis.
  • Implemented a new logic path for Gemini to perform direct video analysis using its googleSearch tool when a video URL is provided without a transcript.
  • Updated the error message for missing input to reflect the new videoUrl option.
  • Adjusted the final error message to emphasize the requirement for GEMINI_API_KEY.
• apps/web/src/app/api/transcribe/route.ts
  • Imported fetchYouTubeMetadata and formatMetadataAsContext for enhanced video information retrieval.
  • Introduced a step to fetch YouTube metadata (title, description, chapters) for a given URL.
  • Replaced the previous Gemini fileData.fileUri strategy with a new Gemini Google Search grounding approach, making it the primary method for YouTube transcription.
  • Enhanced the OpenAI web search fallback by incorporating fetched YouTube metadata into the prompt and adding logic to detect and reject 'garbage' responses (e.g., instructions on how to find a transcript).
• apps/web/src/app/api/video/route.ts
  • Imported analyzeVideoWithGemini to enable the new agentic analysis.
  • Introduced a new 'Strategy 2: Gemini Agentic Analysis' as the primary method for processing videos, which performs a single API call for both transcription and extraction.
  • Updated the previous 'Frontend-only pipeline' to 'Strategy 3' and designated it as a fallback.
  • Adjusted event publishing and error messages to reflect the new strategy prioritization and improved error handling.
• apps/web/src/lib/gemini-video-analyzer.ts
  • Added a new file implementing the agentic video intelligence engine using Gemini and Google Search.
  • Defined VideoAnalysisResult interface for structured output.
  • Created a responseSchema using @google/genai Type system for consistent data extraction.
  • Implemented buildSystemInstruction to guide the Gemini model through a Think→Act→Observe→Map loop for video analysis.
  • Provided analyzeVideoWithGemini function to execute the deep agentic analysis, handling transcription and extraction in one call.
• apps/web/src/lib/youtube-metadata.ts
  • Added a new file containing utilities for scraping YouTube video metadata.
  • Implemented extractVideoId to parse video IDs from various YouTube URL formats.
  • Developed parseChapters to extract chapter timestamps and titles from video descriptions.
  • Created fetchYouTubeMetadata to scrape YouTube watch pages for title, channel, description, and chapters without an API key.
  • Provided formatMetadataAsContext to format the fetched metadata into a text block suitable for AI model input.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request significantly improves the video analysis pipeline by implementing an agentic approach with Gemini and Google Search grounding, introducing gemini-video-analyzer.ts and youtube-metadata.ts, and refactoring API routes for this new strategy. However, a security audit identified critical vulnerabilities, including a Server-Side Request Forgery (SSRF) in the /api/transcribe route due to an unvalidated audioUrl, multiple Prompt Injection instances in the new Gemini-based analysis logic, and a risk of Host Header Injection leading to SSRF in the /api/video route. Beyond security, a critical code issue involves the use of an incorrect Gemini model name across multiple files, which will cause the primary analysis path to fail at runtime. Additional suggestions for robustness and maintainability are also included.

[gemini-code-assist]

The model name gemini-2.5-flash is incorrect. This will cause all calls to analyzeVideoWithGemini to fail, making this new agentic feature non-functional. Please correct this to a valid model name, such as gemini-1.5-flash-latest.

Suggested change

	model: 'gemini-2.5-flash',
	model: 'gemini-1.5-flash-latest',

[gemini-code-assist]

The model name gemini-2.5-flash appears to be incorrect and will likely cause the API call to fail. The current flash model is named gemini-1.5-flash-latest. It's advisable to use a constant for model names to ensure consistency and avoid such errors, as this typo is present in multiple files.

Suggested change

	model: 'gemini-2.5-flash',
	model: 'gemini-1.5-flash-latest',

[gemini-code-assist]

The model name gemini-2.5-flash is not a valid model identifier and will cause this API call to fail. Please update it to a correct model name, such as gemini-1.5-flash-latest, to ensure the primary transcription strategy functions correctly.

Suggested change

	model: 'gemini-2.5-flash',
	model: 'gemini-1.5-flash-latest',

[gemini-code-assist]

Untrusted user input (videoUrl and videoTitle) is directly embedded into the prompt for direct video analysis. This allows for prompt injection attacks that could manipulate the LLM's behavior or its use of the googleSearch tool.

[gemini-code-assist]

The url parameter and metadata fetched from YouTube (which can be attacker-controlled) are directly concatenated into LLM prompts. This poses a risk of prompt injection, allowing an attacker to manipulate the transcription process or the LLM's behavior.

[gemini-code-assist]

The videoUrl parameter is directly embedded into the system instruction for the Gemini model. This allows for prompt injection attacks that could redefine the model's mission or rules.

[gemini-code-assist]

Untrusted user input (videoUrl) is directly concatenated into the user prompt, posing a prompt injection risk.

[gemini-code-assist]

The getBaseUrl function derives the base URL for internal API calls from the request.url, which is influenced by the user-controlled Host header. An attacker can manipulate the Host header to redirect internal fetch calls to an arbitrary external server, potentially leading to SSRF or the exfiltration of sensitive data (like the url or transcript).

[gemini-code-assist]

The logic to detect 'garbage' responses is a great addition for robustness. However, the current implementation is a bit difficult to read and maintain as a single long boolean expression. Refactoring this to use an array of substrings would make it cleaner and easier to update in the future.

        const garbageSubstrings = [
          'click show transcript',
          'click on the three dots',
          'steps to find',
        ];
        const lowerCaseText = text.toLowerCase();
        const isGarbage = garbageSubstrings.some(s => lowerCaseText.includes(s)) ||
          (text.length < 300 && lowerCaseText.includes('transcript'));

[gemini-code-assist]

Using Date.now().toString(36) for generating an ID is not guaranteed to be unique, which could lead to collisions if the endpoint is called in rapid succession. For generating unique identifiers, it's more robust to use crypto.randomUUID(), which is already used elsewhere in the project for CloudEvents.

Suggested change

	id: `vid_${Date.now().toString(36)}`,
	id: `vid_${crypto.randomUUID()}`,

[Copilot]

Pull request overview

This PR implements a Gemini-powered agentic video analysis pipeline as the primary frontend strategy. When the Python backend is unavailable, the system now calls Gemini with Google Search grounding in a single API call that handles both transcription and event extraction, replacing a broken fileData.fileUri approach. OpenAI web search is demoted to a fallback with added garbage-detection filtering.

Changes:

• New gemini-video-analyzer.ts: Agentic engine using Gemini + Google Search to analyze YouTube videos in one API call.
• New youtube-metadata.ts: Scrapes YouTube watch pages for title, description, and chapters without an API key.
• Updated /api/video/route.ts, /api/transcribe/route.ts, /api/extract-events/route.ts: Promotes Gemini as primary strategy, adds garbage detection for OpenAI fallback, relaxes transcript requirement in extract-events.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
apps/web/src/lib/gemini-video-analyzer.ts	New agentic engine: single Gemini + Google Search call for video analysis
apps/web/src/lib/youtube-metadata.ts	New YouTube page scraper for metadata (title, description, chapters)
apps/web/src/app/api/video/route.ts	Inserts Gemini agentic call as Strategy 2 before the transcribe→extract chain
apps/web/src/app/api/transcribe/route.ts	Swaps strategy order: Gemini promoted to primary, OpenAI to fallback; adds metadata context
apps/web/src/app/api/extract-events/route.ts	Accepts videoUrl without transcript; adds direct Gemini grounding path

[Copilot]

The GEMINI_API_KEY environment variable is now the primary/required key for all frontend strategies (Strategy 2 in /api/video, primary strategy in /api/transcribe, and fallback in /api/extract-events), but it is absent from apps/web/.env.example. New developers or those setting up the environment won't know they need to set it, which will silently degrade the primary pipeline to the fallback chain. GEMINI_API_KEY should be added to .env.example with an appropriate placeholder and comment.

[Copilot]

The error message says "Set GEMINI_API_KEY", but /api/extract-events still supports OPENAI_API_KEY as a working provider for the transcript-based path. A user who only has OPENAI_API_KEY configured and provides a videoUrl without a transcript will see this misleading error. The message should mention both API keys.

Suggested change

	error: 'No AI API key configured or all extraction attempts failed. Set GEMINI_API_KEY.',
	error: 'No AI API key configured or all extraction attempts failed. Set GEMINI_API_KEY and/or OPENAI_API_KEY.',

[Copilot]

The analyzeVideoWithGemini call has no timeout. Unlike Strategy 1 (which wraps the backend fetch in a 15-second AbortController timeout), the Gemini agentic call can take arbitrarily long — especially because it involves multiple internal Google Search round-trips. Vercel serverless functions have execution limits (typically 10-60 seconds depending on the plan). If the Gemini call runs long, the serverless function will be killed mid-execution with a 504/FUNCTION_INVOCATION_TIMEOUT error, rather than gracefully falling back to Strategy 3. A timeout wrapping this call (e.g., Promise.race with an AbortSignal-based timeout) should be added so the fallback chain is triggered cleanly instead.

[Copilot]

The JSDoc comment for POST /api/transcribe still lists the strategy order as it existed before this PR: "2. OpenAI Responses API with web_search" and "3. Gemini fallback". After this change, the order is reversed — Gemini is now strategy 2 (primary) and OpenAI is strategy 3 (fallback). The comment is now incorrect and will mislead future developers.

[Copilot]

The error message says "ensure GEMINI_API_KEY is set", but the Strategy 3 fallback chain (/api/transcribe → /api/extract-events) also uses OPENAI_API_KEY as a valid fallback provider. A user who only has OPENAI_API_KEY set will see this message even though their setup is partially functional for this fallback path. The message should mention both keys: e.g. "All strategies failed — ensure GEMINI_API_KEY or OPENAI_API_KEY is set".

[Copilot]

Scraping youtube.com watch pages from a Next.js serverless function is fragile and legally ambiguous. YouTube actively blocks server-side scrapers (bot detection, rate limiting, potential 429s or redirects), and their Terms of Service prohibit scraping without authorization. This approach will likely produce inconsistent results in production — the page structure can change without notice and YouTube's anti-bot measures will interfere. Additionally, parsing embedded JSON from the page ("shortDescription":"...") is brittle and subject to breakage whenever YouTube updates its page structure. Consider using the official YouTube Data API v3 (which provides title, description, and chapters via the videos endpoint) instead of scraping.

Suggested change

	* Fetch YouTube video metadata by scraping the watch page.
	* No API key required.
	*/
	export async function fetchYouTubeMetadata(url: string): Promise<YouTubeMetadata | null> {
	const videoId = extractVideoId(url);
	if (!videoId) return null;
	try {
	const controller = new AbortController();
	const timeout = setTimeout(() => controller.abort(), 10_000);
	const response = await fetch(`https://www.youtube.com/watch?v=${videoId}`, {
	headers: {
	'User-Agent': 'Mozilla/5.0 (compatible; EventRelay/2.0)',
	'Accept-Language': 'en-US,en;q=0.9',
	},
	signal: controller.signal,
	}).finally(() => clearTimeout(timeout));
	if (!response.ok) return null;
	const html = await response.text();
	// Extract title from og:title
	const titleMatch = html.match(/<meta property="og:title" content="([^"]+)"/);
	const title = titleMatch?.[1] || '';
	// Extract shortDescription from embedded JSON (contains full description)
	let description = '';
	const descMatch = html.match(/"shortDescription":"((?:[^"\\]|\\.)*)"/);
	if (descMatch) {
	try {
	description = JSON.parse(`"${descMatch[1]}"`);
	} catch {
	description = descMatch[1].replace(/\\n/g, '\n').replace(/\\"/g, '"');
	}
	} else {
	// Fallback to og:description (truncated)
	const ogDesc = html.match(/<meta property="og:description" content="([^"]+)"/);
	description = ogDesc?.[1] || '';
	}
	// Extract channel name
	const channelMatch = html.match(/"ownerChannelName":"([^"]+)"/);
	const channel = channelMatch?.[1] || '';
	* Fetch YouTube video metadata using the official YouTube Data API v3.
	*
	* Requires a server-side API key exposed as `YOUTUBE_API_KEY` in the environment.
	*/
	export async function fetchYouTubeMetadata(url: string): Promise<YouTubeMetadata | null> {
	const videoId = extractVideoId(url);
	if (!videoId) return null;
	const apiKey = process.env.YOUTUBE_API_KEY;
	if (!apiKey) {
	console.warn('[YouTube] YOUTUBE_API_KEY is not configured; cannot fetch metadata.');
	return null;
	}
	try {
	const controller = new AbortController();
	const timeout = setTimeout(() => controller.abort(), 10_000);
	const response = await fetch(
	`https://www.googleapis.com/youtube/v3/videos?part=snippet&id=${encodeURIComponent(
	videoId,
	)}&key=${encodeURIComponent(apiKey)}`,
	{
	signal: controller.signal,
	},
	).finally(() => clearTimeout(timeout));
	if (!response.ok) {
	console.warn('[YouTube] API response not ok:', response.status, response.statusText);
	return null;
	}
	const data = await response.json();
	if (!data.items || !Array.isArray(data.items) || data.items.length === 0) {
	return null;
	}
	const snippet = data.items[0].snippet;
	if (!snippet) {
	return null;
	}
	const title: string = snippet.title ?? '';
	const channel: string = snippet.channelTitle ?? '';
	const description: string = snippet.description ?? '';

[Copilot]

Gemini does not support combining responseSchema (structured output) with grounding tools like googleSearch in the same request. The Gemini API documentation explicitly states these features are mutually exclusive — using both will result in a runtime API error. The analyzeVideoWithGemini function uses both responseSchema and tools: [{ googleSearch: {} }] together. The same conflict exists in extract-events/route.ts at the direct video analysis block (line 188–219) and in transcribe/route.ts when Google Search grounding is used (though that call does not set responseSchema, only transcribe avoids this). The fix is to choose one: either use responseSchema for structured output (without grounding), or use googleSearch grounding (without responseSchema) and parse the text output manually.

Suggested change

responseSchema,

[Copilot]

The same incompatibility exists here: responseMimeType: 'application/json', responseSchema: geminiResponseSchema, and tools: [{ googleSearch: {} }] are all set in the same call. Gemini does not allow combining structured JSON output (responseSchema) with grounding tools (googleSearch) in the same request — this will cause a runtime API error. Either remove responseSchema/responseMimeType and parse the free-text response, or remove googleSearch and supply the transcript text directly.

Suggested change

	responseMimeType: 'application/json',
	responseSchema: geminiResponseSchema,

[Copilot]

When response.text is an empty string or undefined and falls back to '{}', JSON.parse('{}') succeeds but returns an empty object. This is then cast (without any runtime validation) to VideoAnalysisResult, meaning all required fields (title, summary, transcript, events, actions, topics, architectureCode, ingestScript) will be undefined at runtime, even though TypeScript believes they are present. Callers in video/route.ts access analysis.transcript?.length, analysis.events?.length, etc. with optional chaining, which masks the problem, but it means Strategy 2 silently "succeeds" with an empty result and returns a response with status: 'complete' and all empty data. A defensive check (e.g., verifying that analysis.title or analysis.events is non-empty) should be added before returning the success response.

Suggested change

	return JSON.parse(resultText) as VideoAnalysisResult;
	let parsed: unknown;
	try {
	parsed = JSON.parse(resultText);
	} catch (err) {
	throw new Error('Failed to parse Gemini video analysis response as JSON');
	}
	const candidate = parsed as Partial<VideoAnalysisResult> | null;
	const hasTitle =
	!!candidate &&
	typeof candidate.title === 'string' &&
	candidate.title.trim().length > 0;
	const hasSummary =
	!!candidate &&
	typeof candidate.summary === 'string' &&
	candidate.summary.trim().length > 0;
	const hasEvents =
	!!candidate && Array.isArray(candidate.events) && candidate.events.length > 0;
	if (!hasTitle || !hasSummary || !hasEvents) {
	throw new Error('Gemini video analysis returned an empty or invalid result');
	}
	return candidate as VideoAnalysisResult;