fix: restore full PK=998 pattern — responseSchema + googleSearch + gemini-3-pro-preview#49
Merged
groupthinking merged 1 commit intomainfrom Feb 28, 2026
Merged
Conversation
…mini-3-pro-preview The previous fix (PR #48) was a shortcut — it removed responseSchema when the real issue was using gemini-2.5-flash which doesn't support responseSchema + googleSearch together on Vertex AI. gemini-3-pro-preview DOES support the combination. This commit restores the exact PK=998 pattern: - gemini-video-analyzer.ts: Restored responseSchema with Type system, responseMimeType, e22Snippets field, model → gemini-3-pro-preview - extract-events/route.ts: Restored geminiResponseSchema, Type import, responseMimeType, model → gemini-3-pro-preview - transcribe/route.ts: model → gemini-3-pro-preview Tested with Vertex AI Express Mode key on two YouTube videos. Both return structured JSON with events, transcript, actions, codeMapping, cloudService, e22Snippets, architectureCode, ingestScript. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a previous workaround by fully implementing the intended structured output pattern for Gemini-powered video analysis. By upgrading to the Highlights
Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request correctly restores the use of responseSchema for Gemini calls by upgrading the model to gemini-3-pro-preview, aiming to achieve structured JSON output. However, it introduces potential prompt injection vulnerabilities by directly embedding untrusted user input (videoUrl, videoTitle) into the LLM prompts and system instructions. These inputs must be validated and sanitized to prevent attackers from manipulating the LLM's behavior, especially given its access to the googleSearch tool. Additionally, I've provided suggestions to improve robustness and consistency, such as handling potential empty string responses before JSON.parse, ensuring consistent use of as const for schema definitions, and adding the temperature parameter for predictable output.
Comment on lines
+140
to
+141
| const text = response.text ?? ''; | ||
| return JSON.parse(text); |
Contributor
There was a problem hiding this comment.
JSON.parse('') will throw an error if the API returns an empty string. To make this more robust, it's safer to parse a fallback empty object, a pattern already used in gemini-video-analyzer.ts.
Suggested change
| const text = response.text ?? ''; | |
| return JSON.parse(text); | |
| const text = response.text || '{}'; | |
| return JSON.parse(text); |
Comment on lines
+202
to
+203
| const text = response.text ?? ''; | ||
| parsed = JSON.parse(text); |
Contributor
There was a problem hiding this comment.
JSON.parse('') will throw an error if the API returns an empty string. To make this more robust, it's safer to parse a fallback empty object, a pattern already used in gemini-video-analyzer.ts.
Suggested change
| const text = response.text ?? ''; | |
| parsed = JSON.parse(text); | |
| const text = response.text || '{}'; | |
| parsed = JSON.parse(text); |
Comment on lines
191
to
192
| Video URL: ${videoUrl} | ||
| ${videoTitle ? `Video Title: ${videoTitle}` : ''} |
Contributor
There was a problem hiding this comment.
The videoUrl and videoTitle parameters from the request body are directly embedded into the LLM prompt without sanitization. An attacker can provide a malicious URL or title containing instructions to manipulate the LLM's behavior. Since the LLM has access to the googleSearch tool, this could be used to perform arbitrary searches or exfiltrate information through search queries.
Comment on lines
+132
to
+136
| const videoId = videoUrl.match(/[?&]v=([^&]+)/)?.[1] || videoUrl; | ||
| return `You are the Agentic Video Intelligence Engine. | ||
|
|
||
| MISSION: | ||
| 1. WATCH the video at ${videoUrl} by searching for its transcript, technical documentation, | ||
| channel description, and chapter markers using your googleSearch tool. | ||
| 2. THINK: Analyze the sequence of technical events described in the transcript and description. | ||
| Pay special attention to chapter markers — they indicate the video creator's own breakdown | ||
| of the content structure. | ||
| 3. ACT: Reconstruct the timeline and generate actionable tasks that mirror the video content. | ||
| 1. WATCH the video (Video ID: ${videoId}) by searching for its transcript, technical documentation, |
Contributor
There was a problem hiding this comment.
The videoUrl parameter is used to construct the systemInstruction for the Gemini model. Specifically, the videoId (which can be the full videoUrl if the regex doesn't match) is embedded in the system instruction. This allows for prompt injection, where an attacker can provide a malicious URL to manipulate the LLM's behavior.
Comment on lines
+53
to
+87
| const geminiResponseSchema = { | ||
| type: Type.OBJECT, | ||
| properties: { | ||
| events: { | ||
| type: Type.ARRAY, | ||
| items: { | ||
| type: Type.OBJECT, | ||
| properties: { | ||
| type: { type: Type.STRING, enum: ['action', 'topic', 'insight', 'tool', 'resource'] }, | ||
| title: { type: Type.STRING }, | ||
| description: { type: Type.STRING }, | ||
| timestamp: { type: Type.STRING, nullable: true }, | ||
| priority: { type: Type.STRING, enum: ['high', 'medium', 'low'] }, | ||
| }, | ||
| required: ['type', 'title', 'description', 'priority'], | ||
| }, | ||
| }, | ||
| actions: { | ||
| type: Type.ARRAY, | ||
| items: { | ||
| type: Type.OBJECT, | ||
| properties: { | ||
| title: { type: Type.STRING }, | ||
| description: { type: Type.STRING }, | ||
| category: { type: Type.STRING, enum: ['setup', 'build', 'deploy', 'learn', 'research', 'configure'] }, | ||
| estimatedMinutes: { type: Type.NUMBER, nullable: true }, | ||
| }, | ||
| required: ['title', 'description', 'category'], | ||
| }, | ||
| }, | ||
| summary: { type: Type.STRING }, | ||
| topics: { type: Type.ARRAY, items: { type: Type.STRING } }, | ||
| }, | ||
| required: ['events', 'actions', 'summary', 'topics'], | ||
| }; |
Contributor
There was a problem hiding this comment.
For improved type safety and consistency with gemini-video-analyzer.ts, consider adding as const to all required arrays within this schema definition. This makes the types stricter and prevents accidental modifications.
For example:
// ...
required: ['type', 'title', 'description', 'priority'] as const,
// ...
Comment on lines
181
to
186
| config: { | ||
| systemInstruction, | ||
| responseMimeType: 'application/json', | ||
| responseSchema, | ||
| tools: [{ googleSearch: {} }], | ||
| temperature: 0.3, | ||
| }, |
Contributor
There was a problem hiding this comment.
The temperature setting is omitted here, while other Gemini API calls in the codebase specify it (e.g., 0.3 in extract-events/route.ts, 0.2 in transcribe/route.ts). To ensure consistent and predictable model behavior for structured data extraction, it's recommended to explicitly set a temperature here as well. A low value like 0.3 would be consistent with other similar calls.
config: {
systemInstruction,
responseMimeType: 'application/json',
responseSchema,
tools: [{ googleSearch: {} }],
temperature: 0.3,
},
Contributor
There was a problem hiding this comment.
Pull request overview
Restores the PK=998 “controlled generation + search grounding” pattern for Gemini calls by reintroducing responseMimeType: application/json + responseSchema alongside googleSearch, using gemini-3-pro-preview to avoid the Vertex AI limitation seen in PR #48.
Changes:
- Reintroduced a full
responseSchema(Type-system) +responseMimeTypein the Gemini video analyzer, including the newe22Snippetsoutput field. - Updated
/api/extract-eventsGemini paths to useresponseSchema+responseMimeType+googleSearchand upgraded the model. - Upgraded
/api/transcribeGemini model togemini-3-pro-preview.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| apps/web/src/lib/gemini-video-analyzer.ts | Restores PK=998 structured output (schema + JSON mime) and adds e22Snippets; switches model to gemini-3-pro-preview. |
| apps/web/src/app/api/extract-events/route.ts | Restores Gemini structured extraction via Type response schema + JSON mime; switches Gemini model to gemini-3-pro-preview. |
| apps/web/src/app/api/transcribe/route.ts | Switches Gemini transcription/search grounding model to gemini-3-pro-preview. |
Comment on lines
108
to
110
| const result = await ai.models.generateContent({ | ||
| model: 'gemini-2.5-flash', | ||
| model: 'gemini-3-pro-preview', | ||
| contents: `You are a video transcription assistant with access to Google Search. |
There was a problem hiding this comment.
Switching transcription/search grounding from gemini-2.5-flash to gemini-3-pro-preview may significantly increase latency and cost for this endpoint, even though it doesn't use responseSchema controlled generation. If the model change is only needed for the responseSchema+googleSearch combination, consider keeping Flash here (or making the model configurable via an env var) to avoid an avoidable operational regression.
Comment on lines
+131
to
137
| model: 'gemini-3-pro-preview', | ||
| contents: `${SYSTEM_PROMPT}\n\n${buildUserPrompt(trimmed, videoTitle, videoUrl)}`, | ||
| config: { | ||
| temperature: 0.3, | ||
| responseMimeType: 'application/json', | ||
| responseSchema: geminiResponseSchema, | ||
| tools: [{ googleSearch: {} }], |
There was a problem hiding this comment.
extractWithGemini() is called when you already have transcript text, but it still enables googleSearch and uses the more expensive gemini-3-pro-preview to support schema+tool together. If search grounding isn't needed for transcript-only extraction (the prompt doesn't instruct it), consider removing the googleSearch tool in this path so you can use a cheaper model (or keep Pro only for the direct videoUrl search path).
Suggested change
| model: 'gemini-3-pro-preview', | |
| contents: `${SYSTEM_PROMPT}\n\n${buildUserPrompt(trimmed, videoTitle, videoUrl)}`, | |
| config: { | |
| temperature: 0.3, | |
| responseMimeType: 'application/json', | |
| responseSchema: geminiResponseSchema, | |
| tools: [{ googleSearch: {} }], | |
| model: 'gemini-1.5-flash-latest', | |
| contents: `${SYSTEM_PROMPT}\n\n${buildUserPrompt(trimmed, videoTitle, videoUrl)}`, | |
| config: { | |
| temperature: 0.3, | |
| responseMimeType: 'application/json', | |
| responseSchema: geminiResponseSchema, |
Comment on lines
+189
to
+190
| const resultText = response.text || '{}'; | ||
| return JSON.parse(resultText) as VideoAnalysisResult; |
There was a problem hiding this comment.
response.text || '{}' silently turns an empty/blocked model response into an object missing required fields, but the function still casts it to VideoAnalysisResult. This can propagate undefined values to callers and make failures hard to diagnose. Prefer throwing a descriptive error when response.text is empty/non-JSON (or validate required keys before returning).
Suggested change
| const resultText = response.text || '{}'; | |
| return JSON.parse(resultText) as VideoAnalysisResult; | |
| const rawText = response.text; | |
| if (!rawText || !rawText.trim()) { | |
| throw new Error('Gemini video analysis returned empty response text'); | |
| } | |
| let parsed: unknown; | |
| try { | |
| parsed = JSON.parse(rawText); | |
| } catch { | |
| throw new Error('Gemini video analysis returned non-JSON response text'); | |
| } | |
| const result = parsed as Partial<VideoAnalysisResult> | null; | |
| if ( | |
| !result || | |
| typeof result.title !== 'string' || | |
| typeof result.summary !== 'string' || | |
| !Array.isArray(result.transcript) || | |
| !Array.isArray(result.events) || | |
| !Array.isArray(result.actions) || | |
| !Array.isArray(result.topics) || | |
| typeof result.architectureCode !== 'string' || | |
| typeof result.ingestScript !== 'string' || | |
| !Array.isArray(result.e22Snippets) | |
| ) { | |
| throw new Error( | |
| 'Gemini video analysis response is missing required fields', | |
| ); | |
| } | |
| return result as VideoAnalysisResult; |
| systemInstruction, | ||
| responseMimeType: 'application/json', | ||
| responseSchema, | ||
| tools: [{ googleSearch: {} }], |
There was a problem hiding this comment.
generateContent no longer sets a temperature here (it was previously set elsewhere in the codebase for similar calls). With tool use + long structured outputs, the default temperature can increase variance and failure rate. Consider explicitly setting temperature (and any other stability-related config like topP) to keep outputs deterministic and reduce retries/cost.
Suggested change
| tools: [{ googleSearch: {} }], | |
| tools: [{ googleSearch: {} }], | |
| temperature: 0.2, | |
| topP: 0.8, |
| timestamp: { type: Type.STRING, nullable: true }, | ||
| priority: { type: Type.STRING, enum: ['high', 'medium', 'low'] }, | ||
| }, | ||
| required: ['type', 'title', 'description', 'priority'], |
There was a problem hiding this comment.
The Gemini schema allows timestamp to be omitted (required excludes it) but the OpenAI path always includes timestamp (nullable) and the prompt examples expect it. This leads to inconsistent response shapes depending on provider/model. Consider either adding timestamp to the Gemini schema required list (keeping it nullable) or updating the prompt/consumers to treat it as truly optional everywhere.
Suggested change
| required: ['type', 'title', 'description', 'priority'], | |
| required: ['type', 'title', 'description', 'timestamp', 'priority'], |
groupthinking
added a commit
that referenced
this pull request
Mar 4, 2026
…51) * feat: Initialize PGLite v17 database data files for the dataconnect project. * feat: enable automatic outline generation for Gemini Code Assist in VS Code settings. * feat: Add NotebookLM integration with a new processor and `analyze_video_with_notebooklm` MCP tool. * feat: Add NotebookLM profile data and an ingestion test. * chore: Update and add generated browser profile files for notebooklm development. * Update `notebooklm_chrome_profile` internal state and add architectural context documentation and video asset. * feat: Add various knowledge prototypes for MCP servers and universal automation, archive numerous scripts and documentation, and update local browser profile data. * chore: Add generated browser profile cache and data for notebooklm. * Update notebooklm Chrome profile preferences, cache, and session data. * feat: Update NotebookLM Chrome profile with new cache, preferences, and service worker data. * feat: Add generated Chrome profile cache and code cache files and update associated profile data. * Update `notebooklm` Chrome profile cache, code cache, GPU cache, and safe browsing data. * chore(deps): bump the npm_and_yarn group across 4 directories with 5 updates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [hono](https://github.com/honojs/hono) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 3 updates in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [ajv](https://github.com/ajv-validator/ajv) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /scripts/archive/software-on-demand directory: [ajv](https://github.com/ajv-validator/ajv). Bumps the npm_and_yarn group with 2 updates in the /scripts/archive/supabase_cleanup directory: [next](https://github.com/vercel/next.js) and [qs](https://github.com/ljharb/qs). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `hono` from 4.11.7 to 4.12.1 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.1) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.26.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `hono` from 4.11.5 to 4.12.1 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.11.7...v4.12.1) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `next` from 15.4.10 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.4.10...v15.5.10) Updates `qs` from 6.14.1 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.15.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump minimatch Bumps the npm_and_yarn group with 1 update in the /scripts/archive/supabase_cleanup directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.2 to 3.1.4 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump the npm_and_yarn group across 2 directories with 1 update Bumps the npm_and_yarn group with 1 update in the / directory: [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 1 update in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.1 to 4.12.2 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.2) Updates `hono` from 4.12.1 to 4.12.2 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.2) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * feat: enable frontend-only video ingestion pipeline for Vercel deployment The core pipeline previously required the Python backend to be running. When deployed to Vercel (https://v0-uvai.vercel.app/), the backend is unavailable, causing all video analysis to fail immediately. Changes: - /api/video: Falls back to frontend-only pipeline (transcribe + extract) when the Python backend is unreachable, with 15s timeout - /api/transcribe: Adds Gemini fallback when OpenAI is unavailable, plus 8s timeout on backend probe to avoid hanging on Vercel - layout.tsx: Loads Google Fonts via <link> instead of next/font/google to avoid build failures in offline/sandboxed CI environments - page.tsx: Replace example URLs with technical content (3Blue1Brown neural networks, Karpathy LLM intro) instead of rick roll / zoo videos - gemini_service.py: Gate Vertex AI import behind GOOGLE_CLOUD_PROJECT env var to prevent 30s+ hangs on the GCE metadata probe - agent_gap_analyzer.py: Fix f-string backslash syntax errors (Python 3.11) https://claude.ai/code/session_015Pd3a6hinTenCNrPRGiZqE * Potential fix for code scanning alert no. 4518: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Initial plan * Potential fix for code scanning alert no. 4517: Server-side request forgery Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Initial plan * Fix review feedback: timeout cleanup, transcript_segments shape, ENABLE_VERTEX_AI boolean parsing Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * fix: clearTimeout in finally blocks, transcript_segments shape, ENABLE_VERTEX_AI boolean parsing Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Update src/youtube_extension/services/ai/gemini_service.py Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Update apps/web/src/app/api/video/route.ts Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Update apps/web/src/app/api/video/route.ts Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> * Initial plan * Initial plan * Fix: move clearTimeout into .finally() to prevent timer leaks on fetch abort/error Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Fix clearTimeout not called in finally blocks for AbortController timeouts Co-authored-by: groupthinking <154503486+groupthinking@users.noreply.github.com> * Fix: Relative URLs in server-side fetch calls fail in production - fetch('/api/transcribe') and fetch('/api/extract-events') use relative URLs which don't resolve correctly in server-side Next.js code on production deployments like Vercel. This commit fixes the issue reported at apps/web/src/app/api/video/route.ts:101 ## Bug Analysis **Why it happens:** In Next.js API routes running on the server (Node.js runtime), the `fetch()` API requires absolute URLs. Unlike browsers which have an implicit base URL (the current origin), server-side code has no context for resolving relative URLs like `/api/transcribe`. The Node.js fetch implementation will fail to resolve these relative paths, resulting in TypeError or connection errors. **When it manifests:** - **Development (localhost:3000)**: Works accidentally because the request URL contains the host - **Production (Vercel)**: Fails because the relative URL cannot be resolved to a valid absolute URL without proper host context **What impact it has:** The frontend-only pipeline fallback (Strategy 2) in lines 101-132 is completely broken in production. When the backend is unavailable (common on Vercel), the code attempts to use `/api/transcribe` and `/api/extract-events` serverless functions but fails due to unresolvable relative URLs. This causes the entire video analysis endpoint to fail when the backend is unavailable. ## Fix Explanation **Changes made:** 1. Added a `getBaseUrl(request: Request)` helper function that extracts the absolute base URL from the incoming request object using `new URL(request.url)` 2. Updated line 108: `fetch('/api/transcribe', ...)` → `fetch(`${baseUrl}/api/transcribe`, ...)` 3. Updated line 127: `fetch('/api/extract-events', ...)` → `fetch(`${baseUrl}/api/extract-events`, ...)` **Why it solves the issue:** - The incoming `request` object contains the full URL including protocol and host - By constructing an absolute URL from the request, we ensure the fetch calls work in both development and production - This approach is more reliable than environment variables because it uses the actual request context, handling reverse proxies and different deployment configurations correctly Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com> Co-authored-by: groupthinking <garveyht@gmail.com> * Initial plan * chore(deps): bump the npm_and_yarn group across 1 directory with 1 update Bumps the npm_and_yarn group with 1 update in the /docs/knowledge_prototypes/mcp-servers/fetch-mcp directory: [minimatch](https://github.com/isaacs/minimatch). Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * fix: validate BACKEND_URL before using it Skip backend calls entirely when BACKEND_URL is not configured or contains an invalid value (like a literal ${...} template string). This prevents URL parse errors on Vercel where the env var may not be set. https://claude.ai/code/session_015Pd3a6hinTenCNrPRGiZqE * fix: resolve embeddings package build errors (#41) - Create stub types for Firebase Data Connect SDK in src/dataconnect-generated/ - Fix import path from ../dataconnect-generated to ./dataconnect-generated (rootDir constraint) - Add explicit type assertions for JSON responses (predictions, access_token) - All 6 TypeScript errors resolved, clean build verified Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: Gemini SDK upgrade + VideoPack schema alignment (#43) * chore: Update generated Chrome profile cache and session data for notebooklm. * chore: refresh notebooklm Chrome profile data, including Safe Browsing lists, caches, and session files. * Update local application cache and database files within the NotebookLM Chrome profile. * chore: update Chrome profile cache and Safe Browsing data files. * feat: upgrade Gemini to @google/genai SDK with structured output, search grounding, video URL processing, and extend VideoPack schema - Upgrade extract-events/route.ts from @google/generative-ai to @google/genai - Add Gemini responseSchema with Type system for structured output enforcement - Add Google Search grounding (googleSearch tool) to Gemini calls - Upgrade transcribe/route.ts to @google/genai with direct YouTube URL processing via fileData - Add Gemini video URL fallback chain: direct video → text+search → other strategies - Extend VideoPackV0 schema with Chapter, CodeCue, Task models - Update versioning shim for new fields - Export new types from videopack __init__ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: wire CloudEvents pipeline + Chrome Built-in AI fallback (#44) - Add TypeScript CloudEvents publisher (apps/web/src/lib/cloudevents.ts) emitting standardized events at each video processing stage - Wire CloudEvents into /api/video route (both backend + frontend strategies) - Wire CloudEvents into FastAPI backend router (process_video_v1 endpoint) - Add Chrome Built-in AI service (Prompt API + Summarizer API) for on-device client-side transcript analysis when API keys are unavailable - Add useBuiltInAI React hook for component integration - Add .next/ to .gitignore Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: wire A2A inter-agent messaging into orchestrator + API (#45) - Add A2AContextMessage dataclass to AgentOrchestrator for lightweight inter-agent context sharing during parallel task execution - Auto-broadcast agent results to peer agents after parallel execution - Add send_a2a_message() and get_a2a_log() methods to orchestrator - Add POST /api/v1/agents/a2a/send endpoint for frontend-to-agent messaging - Add GET /api/v1/agents/a2a/log endpoint to query message history - Extend frontend agentService with sendA2AMessage() and getA2ALog() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: add LiteRT-LM setup script and update README (#46) - Add setup.sh to download lit CLI binary and .litertlm model - Support macOS arm64 and x86_64 architectures - Auto-generate .env with LIT_BINARY_PATH and LIT_MODEL_PATH - Add .gitignore for bin/, models/, .env - Update README with Quick Setup section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: implement Gemini agentic video analysis with Google Search grounding (#47) - Create gemini-video-analyzer.ts: single Gemini call with googleSearch tool for transcript extraction AND event analysis (PK=998 pattern) - Add youtube-metadata.ts: scrapes title, description, chapters from YouTube without API key - Update /api/video: Gemini agentic analysis as primary strategy, transcribe→extract chain as fallback - Fix /api/transcribe: remove broken fileData.fileUri, use Gemini Google Search grounding as primary, add metadata context, filter garbage OpenAI results - Fix /api/extract-events: accept videoUrl without requiring transcript, direct Gemini analysis via Google Search when no transcript available Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: support Vertex_AI_API_KEY as Gemini key fallback Create shared gemini-client.ts that resolves API key from: GEMINI_API_KEY → GOOGLE_API_KEY → Vertex_AI_API_KEY All API routes now use the shared client instead of hardcoding process.env.GEMINI_API_KEY. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: use Vertex AI Express Mode for Vertex_AI_API_KEY When only Vertex_AI_API_KEY is set (no GEMINI_API_KEY), the client now initializes in Vertex AI mode with vertexai: true + apiKey. Uses project uvai-730bb and us-central1 as defaults. Also added GOOGLE_CLOUD_PROJECT env var to Vercel. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Vertex AI Express Mode compatibility — remove responseSchema+googleSearch conflict (#48) Vertex AI does not support controlled generation (responseSchema) combined with the googleSearch tool. This caused 400 errors on every Gemini call. Changes: - gemini-client.ts: Prioritize Vertex_AI_API_KEY, support GOOGLE_GENAI_USE_VERTEXAI env var - gemini-video-analyzer.ts: Remove responseSchema, enforce JSON via prompt instructions - extract-events/route.ts: Same fix for extractWithGemini and inline Gemini calls - Strip markdown code fences from responses before JSON parsing Tested end-to-end with Vertex AI Express Mode key against multiple YouTube videos. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: restore full PK=998 pattern — responseSchema + googleSearch + gemini-3-pro-preview (#49) The previous fix (PR #48) was a shortcut — it removed responseSchema when the real issue was using gemini-2.5-flash which doesn't support responseSchema + googleSearch together on Vertex AI. gemini-3-pro-preview DOES support the combination. This commit restores the exact PK=998 pattern: - gemini-video-analyzer.ts: Restored responseSchema with Type system, responseMimeType, e22Snippets field, model → gemini-3-pro-preview - extract-events/route.ts: Restored geminiResponseSchema, Type import, responseMimeType, model → gemini-3-pro-preview - transcribe/route.ts: model → gemini-3-pro-preview Tested with Vertex AI Express Mode key on two YouTube videos. Both return structured JSON with events, transcript, actions, codeMapping, cloudService, e22Snippets, architectureCode, ingestScript. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * feat: end-to-end pipeline — YouTube URL to deployed software (#50) - Add /api/pipeline route for full end-to-end pipeline (video analysis → code generation → GitHub repo → Vercel deploy) - Add deployPipeline() action to dashboard store with stage tracking - Add 🚀 Deploy button to dashboard alongside Analyze - Show pipeline results (live URL, GitHub repo, framework) in video cards - Fix deployment_manager import path in video_processing_service - Wire pipeline to backend /api/v1/video-to-software endpoint - Fallback to Gemini-only analysis when no backend available Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: add writable directories to Docker image for deployment pipeline Create /app/generated_projects, /app/youtube_processed_videos, and /tmp/uvai_data directories in Dockerfile to fix permission denied errors in the deployment and video processing pipeline on Railway. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: security hardening, video-specific codegen, API consistency - CORS: replace wildcard/glob with explicit allowed origins in both entry points - Rate limiting: enable 60 req/min with 15 burst on backend - API auth: add optional X-API-Key middleware for pipeline endpoints - Codegen: generate video-specific HTML/CSS/JS from analysis output - API: accept both 'url' and 'video_url' via Pydantic alias - Deploy: fix Vercel REST API payload format (gitSource instead of gitRepository) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: Vercel deployment returning empty live_url Root causes fixed: - Case mismatch in _poll_deployment_status: compared lowercased status against uppercase success_statuses list, so READY was never matched - Vercel API returns bare domain URLs without https:// prefix; added _ensure_https() to normalize them - Poll requests were missing auth headers, causing 401 failures - _deploy_files_directly fallback returned fake simulated URLs that masked real failures; removed in favor of proper error reporting - _generate_deployment_urls only returned URLs from 'success' status deployments, discarding useful fallback URLs from failed deployments Improvements: - On API failure (permissions, plan limits), return a Vercel import URL the user can click to deploy manually instead of an empty string - Support VERCEL_ORG_ID team scoping on deploy and poll endpoints - Use readyState field (Vercel v13 API) for initial status check - Add 'canceled' to failure status list in poll loop - Poll failures are now non-fatal; initial URL is used as fallback Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: harden slim entry point — CORS, rate limiting, auth, security headers - Add uvaiio.vercel.app to CORS allowed origins - Add slowapi rate limiting (60 req/min) - Add API key auth middleware (optional via EVENTRELAY_API_KEY) - Add security headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection) - Fixes production gap where slim main.py had none of the backend/main.py protections Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: resolve Pydantic Config/model_config conflict breaking Railway deploy The VideoToSoftwareRequest model had both 'model_config = ConfigDict(...)' and 'class Config:' which Pydantic v2 rejects. Merged into single model_config. This was causing the v1 router to fail loading, making /api/v1/health return 404. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com> Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What was wrong
PR #48 was a shortcut. When
responseSchema+googleSearchfailed with 400 on Vertex AI, I removedresponseSchemaentirely — destroying the structured output that PK=998 note specifically designed.The actual error:
gemini-2.5-flashandgemini-2.0-flashdo NOT supportresponseSchema+googleSearchtogether on Vertex AI. Butgemini-3-pro-previewdoes.What this PR does
Restores the exact PK=998 pattern:
responseMimeType: 'application/json'— guaranteed JSONresponseSchemawithTypesystem — enforced structuretools: [{ googleSearch: {} }]— search groundingmodel: 'gemini-3-pro-preview'— supports all three togethere22Snippetsfield — production code snippets for E22 cloud solutionsFiles changed
gemini-video-analyzer.ts— full PK=998 schema restoredextract-events/route.ts— restoredgeminiResponseSchema,Type,responseMimeTypetranscribe/route.ts— model upgradeValidation
Tested with Vertex AI Express Mode key:
responseSchemaenforcement ✅