fix: Vertex AI Express Mode — remove responseSchema+googleSearch conflict#48
Merged
groupthinking merged 1 commit intomainfrom Feb 28, 2026
Merged
fix: Vertex AI Express Mode — remove responseSchema+googleSearch conflict#48groupthinking merged 1 commit intomainfrom
groupthinking merged 1 commit intomainfrom
Conversation
…gleSearch conflict Vertex AI does not support controlled generation (responseSchema) combined with the googleSearch tool. This caused 400 errors on every Gemini call. Changes: - gemini-client.ts: Prioritize Vertex_AI_API_KEY, support GOOGLE_GENAI_USE_VERTEXAI env var - gemini-video-analyzer.ts: Remove responseSchema, enforce JSON via prompt instructions - extract-events/route.ts: Same fix for extractWithGemini and inline Gemini calls - Strip markdown code fences from responses before JSON parsing Tested end-to-end with Vertex AI Express Mode key against multiple YouTube videos. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical incompatibility in Vertex AI Express Mode where using Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
31
to
40
| } | ||
|
|
||
| /** | ||
| * Determine if we should use Vertex AI mode. | ||
| * True when the only available key is Vertex_AI_API_KEY, | ||
| * or when GOOGLE_CLOUD_PROJECT is explicitly set. | ||
| * Determine if we should use Vertex AI Express Mode. | ||
| */ | ||
| function shouldUseVertexAI(): boolean { | ||
| // If standard Gemini keys are set, use Gemini API | ||
| if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) return false; | ||
| // If Vertex AI key is available, use Vertex AI Express Mode | ||
| if (process.env.GOOGLE_GENAI_USE_VERTEXAI === 'true') return true; | ||
| if (process.env.Vertex_AI_API_KEY) return true; | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Bug: Setting GOOGLE_GENAI_USE_VERTEXAI=true without a Vertex_AI_API_KEY causes a runtime authentication failure because an incompatible GEMINI_API_KEY is used for the Vertex AI client.
Severity: MEDIUM
Suggested Fix
Add validation in getGeminiClient() or shouldUseVertexAI() to ensure that when Vertex AI mode is selected, a Vertex_AI_API_KEY is present. Alternatively, document the key requirements for the GOOGLE_GENAI_USE_VERTEXAI flag.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: apps/web/src/lib/gemini-client.ts#L31-L40
Potential issue: The code introduces a new environment variable
`GOOGLE_GENAI_USE_VERTEXAI` to select the Vertex AI client but lacks validation to
ensure a corresponding `Vertex_AI_API_KEY` is also provided. If a user sets
`GOOGLE_GENAI_USE_VERTEXAI` to 'true' while only a standard `GEMINI_API_KEY` is
configured, the application will incorrectly attempt to authenticate with Vertex AI
using an incompatible key. This misconfiguration leads to a runtime authentication
failure on the first API call, returning an unclear error message to the user.
Did we get this right? 👍 / 👎 to inform future reviews.
Contributor
There was a problem hiding this comment.
Pull request overview
Removes responseSchema/controlled generation when using the googleSearch tool to avoid Vertex AI Express Mode 400 errors, and instead relies on prompt-enforced JSON plus post-processing before parsing.
Changes:
- Drop
responseSchema/responseMimeTypefrom Gemini calls that usegoogleSearchand enforce JSON shape via system/user prompts. - Add markdown code-fence stripping before
JSON.parse. - Adjust Gemini client auth selection to support Vertex AI Express Mode and an opt-in env var.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| apps/web/src/lib/gemini-video-analyzer.ts | Removes controlled generation schema for search-tool requests; adds JSON-only prompting and response cleaning before parsing. |
| apps/web/src/lib/gemini-client.ts | Updates key resolution and switches Vertex AI usage to Express Mode (apiKey + vertexai), with an env override. |
| apps/web/src/app/api/extract-events/route.ts | Removes Gemini response schema usage for search-tool requests; adds response cleaning before JSON parsing. |
| const resultText = (response.text || '').trim(); | ||
| // Strip markdown code fences if present | ||
| const cleaned = resultText.replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/i, ''); | ||
| return JSON.parse(cleaned) as VideoAnalysisResult; |
There was a problem hiding this comment.
JSON.parse(cleaned)will throw whenresponse.textis empty/whitespace (cleaned becomes an empty string). Previously this function defaulted to'{}', so this is a behavior change that can crash callers on empty model responses; consider restoring a safe fallback (e.g., defaulting to '{}'`) or throwing a more descriptive error that includes the raw response for debugging.
Suggested change
| return JSON.parse(cleaned) as VideoAnalysisResult; | |
| const safeJson = cleaned || '{}'; | |
| try { | |
| return JSON.parse(safeJson) as VideoAnalysisResult; | |
| } catch (error) { | |
| throw new Error( | |
| `Failed to parse Gemini response as JSON. Raw response:\n${resultText}`, | |
| ); | |
| } |
| return JSON.parse(resultText) as VideoAnalysisResult; | ||
| const resultText = (response.text || '').trim(); | ||
| // Strip markdown code fences if present | ||
| const cleaned = resultText.replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/i, ''); |
There was a problem hiding this comment.
The markdown-fence stripping logic is duplicated in multiple places (here and in the extract-events API route). Consider extracting a small shared helper (e.g., in a lib/util file) so future tweaks (like handling leading explanatory text, multiple code blocks, or alternate newline styles) stay consistent across the codebase.
| * - Vertex_AI_API_KEY: the Vertex AI API key | ||
| * - GOOGLE_CLOUD_PROJECT: GCP project ID (default: uvai-730bb) | ||
| * - GOOGLE_CLOUD_LOCATION: GCP location (default: us-central1) | ||
| * See: https://docs.cloud.google.com/vertex-ai/generative-ai/docs/start/express-mode/vertex-ai-express-mode-api-reference |
There was a problem hiding this comment.
This documentation URL looks suspicious (Google Cloud docs are typically hosted under https://cloud.google.com/... rather than https://docs.cloud.google.com/...). If this link doesn’t resolve reliably, please replace it with the canonical Cloud docs URL to avoid broken references for future maintainers.
Suggested change
| * See: https://docs.cloud.google.com/vertex-ai/generative-ai/docs/start/express-mode/vertex-ai-express-mode-api-reference | |
| * See: https://cloud.google.com/vertex-ai/generative-ai/docs/start/express-mode/vertex-ai-express-mode-api-reference |
| // If standard Gemini keys are set, use Gemini API | ||
| if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) return false; | ||
| // If Vertex AI key is available, use Vertex AI Express Mode | ||
| if (process.env.GOOGLE_GENAI_USE_VERTEXAI === 'true') return true; |
There was a problem hiding this comment.
Env vars are commonly set to values like + "TRUE" + , + "1" + , or mixed-case via different tooling; the strict comparison to 'true' can silently fail. Consider normalizing (e.g., lowercasing) and/or accepting common truthy values to make configuration less brittle.
Suggested change
| if (process.env.GOOGLE_GENAI_USE_VERTEXAI === 'true') return true; | |
| const useVertexEnv = process.env.GOOGLE_GENAI_USE_VERTEXAI; | |
| if (useVertexEnv && ['true', '1'].includes(useVertexEnv.trim().toLowerCase())) return true; |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request correctly addresses the incompatibility between Vertex AI's controlled generation (responseSchema) and the googleSearch tool by removing the schema and enforcing JSON output via prompt engineering. However, this approach introduces a significant Prompt Injection vulnerability, as the application now relies on the LLM following instructions embedded in prompts that contain unsanitized user input, specifically transcript, videoTitle, and videoUrl. It is crucial to remediate this by sanitizing user input and using clear delimiters to separate user content from system instructions in LLM prompts. Additionally, the changes to gemini-client.ts to better support Vertex AI Express Mode are well-implemented. I've also provided specific comments in apps/web/src/app/api/extract-events/route.ts to improve code quality, address duplication, and enhance type safety.
| @@ -132,13 +95,12 @@ async function extractWithGemini(trimmed: string, videoTitle?: string, videoUrl? | |||
| contents: `${SYSTEM_PROMPT}\n\n${buildUserPrompt(trimmed, videoTitle, videoUrl)}`, | |||
Contributor
There was a problem hiding this comment.
The application directly concatenates untrusted user input (transcript, videoTitle, and videoUrl) into the prompt sent to the Gemini LLM. An attacker can provide a specially crafted transcript or video title that includes instructions to the LLM, potentially causing it to ignore its original instructions, return malicious content, or abuse the enabled googleSearch tool. This is a classic Prompt Injection vulnerability.
| return `You are the Agentic Video Intelligence Engine. | ||
|
|
||
| MISSION: | ||
| 1. WATCH the video at ${videoUrl} by searching for its transcript, technical documentation, |
Contributor
There was a problem hiding this comment.
The analyzeVideoWithGemini function concatenates the videoUrl parameter directly into the system instruction and the user prompt. Since videoUrl is untrusted input, this allows for prompt injection attacks. An attacker could provide a URL followed by malicious instructions that the LLM might execute.
Comment on lines
+101
to
+103
| const text = (response.text ?? '').trim(); | ||
| const cleaned = text.replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/i, ''); | ||
| return JSON.parse(cleaned); |
Contributor
There was a problem hiding this comment.
The logic to strip markdown fences and parse the JSON response is duplicated here, again on lines 169-171, and also in apps/web/src/lib/gemini-video-analyzer.ts.
To improve maintainability and reduce code duplication, consider creating a shared utility function. This function could also help with adding proper types.
For example, you could create a utility in a shared lib file:
export function cleanAndParseJson<T>(text: string | undefined): T {
const cleaned = (text ?? '').trim().replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/i, '');
// Return an empty object for empty/nullish text to avoid JSON.parse errors
return JSON.parse(cleaned || '{}') as T;
}You could then use this function in all three places, simplifying the code and ensuring consistency.
groupthinking
added a commit
that referenced
this pull request
Feb 28, 2026
…mini-3-pro-preview The previous fix (PR #48) was a shortcut — it removed responseSchema when the real issue was using gemini-2.5-flash which doesn't support responseSchema + googleSearch together on Vertex AI. gemini-3-pro-preview DOES support the combination. This commit restores the exact PK=998 pattern: - gemini-video-analyzer.ts: Restored responseSchema with Type system, responseMimeType, e22Snippets field, model → gemini-3-pro-preview - extract-events/route.ts: Restored geminiResponseSchema, Type import, responseMimeType, model → gemini-3-pro-preview - transcribe/route.ts: model → gemini-3-pro-preview Tested with Vertex AI Express Mode key on two YouTube videos. Both return structured JSON with events, transcript, actions, codeMapping, cloudService, e22Snippets, architectureCode, ingestScript. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
groupthinking
added a commit
that referenced
this pull request
Feb 28, 2026
…mini-3-pro-preview (#49) The previous fix (PR #48) was a shortcut — it removed responseSchema when the real issue was using gemini-2.5-flash which doesn't support responseSchema + googleSearch together on Vertex AI. gemini-3-pro-preview DOES support the combination. This commit restores the exact PK=998 pattern: - gemini-video-analyzer.ts: Restored responseSchema with Type system, responseMimeType, e22Snippets field, model → gemini-3-pro-preview - extract-events/route.ts: Restored geminiResponseSchema, Type import, responseMimeType, model → gemini-3-pro-preview - transcribe/route.ts: model → gemini-3-pro-preview Tested with Vertex AI Express Mode key on two YouTube videos. Both return structured JSON with events, transcript, actions, codeMapping, cloudService, e22Snippets, architectureCode, ingestScript. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
groupthinking
added a commit
that referenced
this pull request
Mar 4, 2026
…51) * feat: Initialize PGLite v17 database data files for the dataconnect project. * feat: enable automatic outline generation for Gemini Code Assist in VS Code settings. * feat: Add NotebookLM integration with a new processor and `analyze_video_with_notebooklm` MCP tool. * feat: Add NotebookLM profile data and an ingestion test. * chore: Update and add generated browser profile files for notebooklm development. * Update `notebooklm_chrome_profile` internal state and add architectural context documentation and video asset. * feat: Add various knowledge prototypes for MCP servers and universal automation, archive numerous scripts and documentation, and update local browser profile data. * chore: Add generated browser profile cache and data for notebooklm. * Update notebooklm Chrome profile preferences, cache, and session data. * feat: Update NotebookLM Chrome profile with new cache, preferences, and service worker data. * feat: Add generated Chrome profile cache and code cache files and update associated profile data. * Update `notebooklm` Chrome profile cache, code cache, GPU cache, and safe browsing data. * chore(deps): bump the npm_and_yarn group across 4 directories with 5 updates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [hono](https://github.com/honojs/hono) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 3 updates in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [ajv](https://github.com/ajv-validator/ajv) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /scripts/archive/software-on-demand directory: [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 2 updates in the /scripts/archive/supabase_cleanup directory: [next](https://github.com/vercel/next.js) and [qs](https://github.com/ljharb/qs). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `hono` from 4.11.7 to 4.12.1 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.1) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.26.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `hono` from 4.11.5 to 4.12.1 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.1) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `next` from 15.4.10 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.10...v15.5.10) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump minimatch Bumps the npm_and_yarn group with 1 update in the /scripts/archive/supabase_cleanup directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump the npm_and_yarn group across 2 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.1 to 4.12.2 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.2) Updates `hono` from 4.12.1 to 4.12.2 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.2) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * feat: enable frontend-only video ingestion pipeline for Vercel deployment The core pipeline previously required the Python backend to be running. When deployed to Vercel (https://v0-uvai.vercel.app/), the backend is unavailable, causing all video analysis to fail immediately. Changes: - /api/video: Falls back to frontend-only pipeline (transcribe + extract) when the Python backend is unreachable, with 15s timeout - /api/transcribe: Adds Gemini fallback when OpenAI is unavailable, plus 8s timeout on backend probe to avoid hanging on Vercel - layout.tsx: Loads Google Fonts via <link> instead of next/font/google to avoid build failures in offline/sandboxed CI environments - page.tsx: Replace example URLs with technical content (3Blue1Brown neural networks, Karpathy LLM intro) instead of rick roll / zoo videos - gemini_service.py: Gate Vertex AI import behind GOOGLE_CLOUD_PROJECT env var to prevent 30s+ hangs on the GCE metadata probe - agent_gap_analyzer.py: Fix f-string backslash syntax errors (Python 3.11) https://claude.ai/code/session_015Pd3a6hinTenCNrPRGiZqE * Potential fix for code scanning alert no. 4518: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Initial plan * Potential fix for code scanning alert no. 4517: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Initial plan * Fix review feedback: timeout cleanup, transcript_segments shape, ENABLE_VERTEX_AI boolean parsing Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * fix: clearTimeout in finally blocks, transcript_segments shape, ENABLE_VERTEX_AI boolean parsing Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Update src/youtube_extension/services/ai/gemini_service.py Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Update apps/web/src/app/api/video/route.ts Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Update apps/web/src/app/api/video/route.ts Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Initial plan * Initial plan * Fix: move clearTimeout into .finally() to prevent timer leaks on fetch abort/error Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Fix clearTimeout not called in finally blocks for AbortController timeouts Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Fix: Relative URLs in server-side fetch calls fail in production - fetch('/api/transcribe') and fetch('/api/extract-events') use relative URLs which don't resolve correctly in server-side Next.js code on production deployments like Vercel. This commit fixes the issue reported at apps/web/src/app/api/video/route.ts:101 ## Bug Analysis **Why it happens:** In Next.js API routes running on the server (Node.js runtime), the `fetch()` API requires absolute URLs. Unlike browsers which have an implicit base URL (the current origin), server-side code has no context for resolving relative URLs like `/api/transcribe`. The Node.js fetch implementation will fail to resolve these relative paths, resulting in TypeError or connection errors. **When it manifests:** - **Development (localhost:3000)**: Works accidentally because the request URL contains the host - **Production (Vercel)**: Fails because the relative URL cannot be resolved to a valid absolute URL without proper host context **What impact it has:** The frontend-only pipeline fallback (Strategy 2) in lines 101-132 is completely broken in production. When the backend is unavailable (common on Vercel), the code attempts to use `/api/transcribe` and `/api/extract-events` serverless functions but fails due to unresolvable relative URLs. This causes the entire video analysis endpoint to fail when the backend is unavailable. ## Fix Explanation **Changes made:** 1. Added a `getBaseUrl(request: Request)` helper function that extracts the absolute base URL from the incoming request object using `new URL(request.url)` 2. Updated line 108: `fetch('/api/transcribe', ...)` → `fetch(`${baseUrl}/api/transcribe`, ...)` 3. Updated line 127: `fetch('/api/extract-events', ...)` → `fetch(`${baseUrl}/api/extract-events`, ...)` **Why it solves the issue:** - The incoming `request` object contains the full URL including protocol and host - By constructing an absolute URL from the request, we ensure the fetch calls work in both development and production - This approach is more reliable than environment variables because it uses the actual request context, handling reverse proxies and different deployment configurations correctly Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com> Co-authored-by: groupthinking <garveyht@gmail.com> * Initial plan * chore(deps): bump the npm_and_yarn group across 1 directory with 1 update Bumps the npm_and_yarn group with 1 update in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * fix: validate BACKEND_URL before using it Skip backend calls entirely when BACKEND_URL is not configured or contains an invalid value (like a literal ${...} template string). This prevents URL parse errors on Vercel where the env var may not be set. https://claude.ai/code/session_015Pd3a6hinTenCNrPRGiZqE * fix: resolve embeddings package build errors (#41) - Create stub types for Firebase Data Connect SDK in src/dataconnect-generated/ - Fix import path from ../dataconnect-generated to ./dataconnect-generated (rootDir constraint) - Add explicit type assertions for JSON responses (predictions, access_token) - All 6 TypeScript errors resolved, clean build verified Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: Gemini SDK upgrade + VideoPack schema alignment (#43) * chore: Update generated Chrome profile cache and session data for notebooklm. * chore: refresh notebooklm Chrome profile data, including Safe Browsing lists, caches, and session files. * Update local application cache and database files within the NotebookLM Chrome profile. * chore: update Chrome profile cache and Safe Browsing data files. * feat: upgrade Gemini to @google/genai SDK with structured output, search grounding, video URL processing, and extend VideoPack schema - Upgrade extract-events/route.ts from @google/generative-ai to @google/genai - Add Gemini responseSchema with Type system for structured output enforcement - Add Google Search grounding (googleSearch tool) to Gemini calls - Upgrade transcribe/route.ts to @google/genai with direct YouTube URL processing via fileData - Add Gemini video URL fallback chain: direct video → text+search → other strategies - Extend VideoPackV0 schema with Chapter, CodeCue, Task models - Update versioning shim for new fields - Export new types from videopack __init__ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: wire CloudEvents pipeline + Chrome Built-in AI fallback (#44) - Add TypeScript CloudEvents publisher (apps/web/src/lib/cloudevents.ts) emitting standardized events at each video processing stage - Wire CloudEvents into /api/video route (both backend + frontend strategies) - Wire CloudEvents into FastAPI backend router (process_video_v1 endpoint) - Add Chrome Built-in AI service (Prompt API + Summarizer API) for on-device client-side transcript analysis when API keys are unavailable - Add useBuiltInAI React hook for component integration - Add .next/ to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: wire A2A inter-agent messaging into orchestrator + API (#45) - Add A2AContextMessage dataclass to AgentOrchestrator for lightweight inter-agent context sharing during parallel task execution - Auto-broadcast agent results to peer agents after parallel execution - Add send_a2a_message() and get_a2a_log() methods to orchestrator - Add POST /api/v1/agents/a2a/send endpoint for frontend-to-agent messaging - Add GET /api/v1/agents/a2a/log endpoint to query message history - Extend frontend agentService with sendA2AMessage() and getA2ALog() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: add LiteRT-LM setup script and update README (#46) - Add setup.sh to download lit CLI binary and .litertlm model - Support macOS arm64 and x86_64 architectures - Auto-generate .env with LIT_BINARY_PATH and LIT_MODEL_PATH - Add .gitignore for bin/, models/, .env - Update README with Quick Setup section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: implement Gemini agentic video analysis with Google Search grounding (#47) - Create gemini-video-analyzer.ts: single Gemini call with googleSearch tool for transcript extraction AND event analysis (PK=998 pattern) - Add youtube-metadata.ts: scrapes title, description, chapters from YouTube without API key - Update /api/video: Gemini agentic analysis as primary strategy, transcribe→extract chain as fallback - Fix /api/transcribe: remove broken fileData.fileUri, use Gemini Google Search grounding as primary, add metadata context, filter garbage OpenAI results - Fix /api/extract-events: accept videoUrl without requiring transcript, direct Gemini analysis via Google Search when no transcript available Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: support Vertex_AI_API_KEY as Gemini key fallback Create shared gemini-client.ts that resolves API key from: GEMINI_API_KEY → GOOGLE_API_KEY → Vertex_AI_API_KEY All API routes now use the shared client instead of hardcoding process.env.GEMINI_API_KEY. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: use Vertex AI Express Mode for Vertex_AI_API_KEY When only Vertex_AI_API_KEY is set (no GEMINI_API_KEY), the client now initializes in Vertex AI mode with vertexai: true + apiKey. Uses project uvai-730bb and us-central1 as defaults. Also added GOOGLE_CLOUD_PROJECT env var to Vercel. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Vertex AI Express Mode compatibility — remove responseSchema+googleSearch conflict (#48) Vertex AI does not support controlled generation (responseSchema) combined with the googleSearch tool. This caused 400 errors on every Gemini call. Changes: - gemini-client.ts: Prioritize Vertex_AI_API_KEY, support GOOGLE_GENAI_USE_VERTEXAI env var - gemini-video-analyzer.ts: Remove responseSchema, enforce JSON via prompt instructions - extract-events/route.ts: Same fix for extractWithGemini and inline Gemini calls - Strip markdown code fences from responses before JSON parsing Tested end-to-end with Vertex AI Express Mode key against multiple YouTube videos. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: restore full PK=998 pattern — responseSchema + googleSearch + gemini-3-pro-preview (#49) The previous fix (PR #48) was a shortcut — it removed responseSchema when the real issue was using gemini-2.5-flash which doesn't support responseSchema + googleSearch together on Vertex AI. gemini-3-pro-preview DOES support the combination. This commit restores the exact PK=998 pattern: - gemini-video-analyzer.ts: Restored responseSchema with Type system, responseMimeType, e22Snippets field, model → gemini-3-pro-preview - extract-events/route.ts: Restored geminiResponseSchema, Type import, responseMimeType, model → gemini-3-pro-preview - transcribe/route.ts: model → gemini-3-pro-preview Tested with Vertex AI Express Mode key on two YouTube videos. Both return structured JSON with events, transcript, actions, codeMapping, cloudService, e22Snippets, architectureCode, ingestScript. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: end-to-end pipeline — YouTube URL to deployed software (#50) - Add /api/pipeline route for full end-to-end pipeline (video analysis → code generation → GitHub repo → Vercel deploy) - Add deployPipeline() action to dashboard store with stage tracking - Add 🚀 Deploy button to dashboard alongside Analyze - Show pipeline results (live URL, GitHub repo, framework) in video cards - Fix deployment_manager import path in video_processing_service - Wire pipeline to backend /api/v1/video-to-software endpoint - Fallback to Gemini-only analysis when no backend available Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: add writable directories to Docker image for deployment pipeline Create /app/generated_projects, /app/youtube_processed_videos, and /tmp/uvai_data directories in Dockerfile to fix permission denied errors in the deployment and video processing pipeline on Railway. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: security hardening, video-specific codegen, API consistency - CORS: replace wildcard/glob with explicit allowed origins in both entry points - Rate limiting: enable 60 req/min with 15 burst on backend - API auth: add optional X-API-Key middleware for pipeline endpoints - Codegen: generate video-specific HTML/CSS/JS from analysis output - API: accept both 'url' and 'video_url' via Pydantic alias - Deploy: fix Vercel REST API payload format (gitSource instead of gitRepository) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Vercel deployment returning empty live_url Root causes fixed: - Case mismatch in _poll_deployment_status: compared lowercased status against uppercase success_statuses list, so READY was never matched - Vercel API returns bare domain URLs without https:// prefix; added _ensure_https() to normalize them - Poll requests were missing auth headers, causing 401 failures - _deploy_files_directly fallback returned fake simulated URLs that masked real failures; removed in favor of proper error reporting - _generate_deployment_urls only returned URLs from 'success' status deployments, discarding useful fallback URLs from failed deployments Improvements: - On API failure (permissions, plan limits), return a Vercel import URL the user can click to deploy manually instead of an empty string - Support VERCEL_ORG_ID team scoping on deploy and poll endpoints - Use readyState field (Vercel v13 API) for initial status check - Add 'canceled' to failure status list in poll loop - Poll failures are now non-fatal; initial URL is used as fallback Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: harden slim entry point — CORS, rate limiting, auth, security headers - Add uvaiio.vercel.app to CORS allowed origins - Add slowapi rate limiting (60 req/min) - Add API key auth middleware (optional via EVENTRELAY_API_KEY) - Add security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection) - Fixes production gap where slim main.py had none of the backend/main.py protections Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: resolve Pydantic Config/model_config conflict breaking Railway deploy The VideoToSoftwareRequest model had both 'model_config = ConfigDict(...)' and 'class Config:' which Pydantic v2 rejects. Merged into single model_config. This was causing the v1 router to fail loading, making /api/v1/health return 404. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Vertex AI does not support controlled generation (
responseSchema) combined with thegoogleSearchtool, causing 400 errors:Changes
Vertex_AI_API_KEYin resolution order, supportGOOGLE_GENAI_USE_VERTEXAIenv var, Express Mode docs linkresponseSchema/responseMimeType, enforce JSON structure via prompt instructionsextractWithGemini()and inline Gemini search calls, remove deadgeminiResponseSchema/TypeimportValidation
Tested end-to-end with Vertex AI Express Mode key: