feat: End-to-end pipeline — YouTube URL to deployed software

[groupthinking]

Summary

This PR wires the complete end-to-end pipeline that the platform was always designed for:

YouTube URL → Video Analysis → Code Generation → GitHub Repo → Vercel Deploy → Live URL

Changes

• /api/pipeline route — New Next.js endpoint for full pipeline. Calls backend /api/v1/video-to-software, falls back to Gemini-only analysis
• Dashboard deployPipeline() — New store action with pipeline stage progress tracking
• 🚀 Deploy button — Added next to Analyze in dashboard, triggers full pipeline
• Pipeline result display — Video cards show live URL, GitHub repo, framework info for deployed projects
• Backend fix — Fixed deployment_manager import path in video_processing_service.py

Validation

• npx tsc --noEmit — ✅ zero errors
• npm run build — ✅ builds successfully
• Backend pipeline tested: curl POST /api/v1/video-to-software → created GitHub repo + generated code
• Pipeline route visible in build output as ƒ /api/pipeline

Architecture

Frontend:  Dashboard → /api/pipeline → Backend /api/v1/video-to-software
Backend:   EnhancedVideoProcessor → ProjectCodeGenerator → DeploymentManager
Output:    Live URL + GitHub repo + build status + code details

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
v0-uvai	Building	Preview, Comment, Open in v0	Mar 1, 2026 7:51am

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the platform's capabilities by integrating a complete end-to-end pipeline that automates the transformation of a YouTube video URL into a deployed software project. It introduces a new API route to manage this complex workflow, provides a user-friendly interface in the dashboard to initiate deployments, and displays comprehensive results directly on video cards, streamlining the entire process from analysis to live application.

Highlights

• New End-to-End Pipeline Route: A new Next.js API endpoint at /api/pipeline was introduced to orchestrate the full workflow from a YouTube URL to deployed software, including video analysis, code generation, and deployment.
• Dashboard Integration for Deployment: The dashboard now includes a deployPipeline() action and a dedicated '🚀 Deploy' button, allowing users to trigger the complete end-to-end process directly from the UI.
• Enhanced Video Card Display: Video cards in the dashboard have been updated to display the live URL, GitHub repository link, and framework information for projects successfully processed and deployed through the new pipeline.
• Backend Import Path Fix: A critical import path for the deployment_manager was corrected in the video_processing_service.py file, ensuring proper functionality of the backend deployment components.

Changelog

• apps/web/src/app/api/pipeline/route.ts
  • Added a new Next.js API route (/api/pipeline) to handle the full end-to-end pipeline.
  • Implemented logic to call the backend FastAPI service or fall back to Gemini-only video analysis.
  • Included event publishing for various pipeline stages.
  • Defined a GET endpoint to provide metadata about the pipeline service.
• apps/web/src/app/api/video/route.ts
  • Updated comments to clarify the distinction between the /api/video route and the new /api/pipeline route.
  • Added the new /api/pipeline endpoint to the GET response for API discovery.
• apps/web/src/app/dashboard/page.tsx
  • Updated type imports to include PipelineResult from the dashboard store.
  • Modified VideoCard to conditionally display pipeline stages and results (live URL, GitHub repo, framework info).
  • Integrated the deployPipeline action from the dashboard store.
  • Added a '🚀 Deploy' button to trigger the full pipeline.
• apps/web/src/store/dashboard-store.ts
  • Defined a new PipelineResult interface to structure data from the end-to-end pipeline.
  • Added an optional pipelineResult property to the Video interface.
  • Introduced a new deployPipeline async action to manage the state and activity for the end-to-end deployment process.
• src/youtube_extension/backend/services/video_processing_service.py
  • Corrected the import path for get_deployment_manager to resolve a module import error.

Activity

• The backend pipeline was successfully tested via curl POST /api/v1/video-to-software, resulting in a created GitHub repository and generated code.
• The new pipeline route (/api/pipeline) was confirmed to be visible in the build output.
• TypeScript compilation (npx tsc --noEmit) reported zero errors.
• The project successfully built (npm run build).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: an end-to-end pipeline for processing a YouTube URL to a deployed software project. While the functionality is impressive, several security issues were identified, including a potential Prompt Injection vulnerability in the LLM analysis path, Information Exposure via detailed error messages in the API, and potential XSS vulnerabilities in the dashboard due to unvalidated URLs. Additionally, I have a few suggestions to improve robustness and maintainability, particularly regarding unique ID generation, use of constants, and logging consistency.

[gemini-code-assist]

The url parameter is passed directly to analyzeVideoWithGemini, which uses it to construct a system prompt for the LLM. This is a potential Prompt Injection vulnerability. An attacker could provide a crafted URL (e.g., containing special characters or instructions) to manipulate the LLM's behavior or output. It is recommended to validate that the url is a legitimate YouTube URL before processing it.

[gemini-code-assist]

Using Date.now().toString(36) does not guarantee a unique ID, as multiple requests could arrive in the same millisecond. This could lead to subtle bugs with data tracking or collisions. It's more robust to use a cryptographically strong random ID generator like crypto.randomUUID(). This same issue is present on line 105.

            id: `pipeline_${crypto.randomUUID()}`,

[gemini-code-assist]

Using Date.now().toString() for the video id is not guaranteed to be unique, especially if a user processes multiple videos in quick succession. This can cause issues in React's rendering and state management, which rely on unique keys for list items. Using crypto.randomUUID() will provide a robustly unique identifier.

Suggested change

	const id = Date.now().toString();
	const id = crypto.randomUUID();

[gemini-code-assist]

Returning detailed error messages (details: String(error)) to the client can expose sensitive internal information such as stack traces, environment details, or internal logic. This information can be leveraged by an attacker to further compromise the system. It is safer to log the error internally and return a generic error message to the user.

return NextResponse.json({ error: 'Pipeline failed' }, { status: 500 });

[gemini-code-assist]

The live_url from the pipeline result is rendered directly into the href attribute of an anchor tag. If the URL is not validated to ensure it uses a safe protocol (e.g., https:), an attacker could inject a javascript: URL, leading to Cross-Site Scripting (XSS) when the link is clicked. Ensure the URL is validated before rendering.

[gemini-code-assist]

The github_repo URL is rendered directly into the href attribute. Similar to the live_url, this should be validated to prevent javascript: protocol injection and potential XSS attacks.

[gemini-code-assist]

The timeout duration 300_000 is a magic number. It's better to express it as a calculation to improve readability and maintainability. For even better practice, consider defining it as a named constant at the top of the file (e.g., const PIPELINE_TIMEOUT_MS = 5 * 60 * 1000;).

        const timeout = setTimeout(() => controller.abort(), 5 * 60 * 1000); // 5 min for full pipeline

[gemini-code-assist]

For consistency in logging, it's better to use console.error here to log the failure of the backend pipeline. This aligns with how other errors are logged in this file (e.g., lines 127 and 136) and helps in filtering and prioritizing logs in a production environment.

        console.error('Backend pipeline unavailable:', e);

[sentry]

Bug: The frontend store incorrectly maps the new 'partial' API status to 'failed', hiding successful video analysis results and showing an incorrect failure message.
_{Severity: HIGH}

Suggested Fix

Update the status mapping logic in apps/web/src/store/dashboard-store.ts to correctly handle the 'partial' status. For example, you could introduce a new 'partial' state in the frontend or map it to 'complete' to ensure the analysis results are displayed to the user.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: apps/web/src/store/dashboard-store.ts#L311

Potential issue: When the backend is unavailable but Gemini video analysis succeeds, the
API correctly returns a `status: 'partial'`. However, the frontend logic in
`dashboard-store.ts` only recognizes `'success'` or `'complete'` as valid success
states, causing it to incorrectly map the new `'partial'` status to `'failed'`. This
results in the UI displaying a "Failed" status and a misleading error message, while the
successfully generated video analysis data is hidden from the user. This issue occurs in
the supported "Gemini-only" configuration.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[Copilot]

Pull request overview

This PR wires a full “YouTube URL → analysis → codegen → repo → deploy” path by adding a dedicated Next.js pipeline API route and integrating it into the dashboard UI/state, plus a small backend import-path fix to enable the deployment manager.

Changes:

• Added POST /api/pipeline Next.js route to call backend /api/v1/video-to-software, with a Gemini analysis-only fallback.
• Extended the dashboard Zustand store and UI to trigger the pipeline, track progress stages, and display deployment outputs (live URL/repo/framework).
• Fixed backend deployment_manager import path used by the video-to-software service.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/youtube_extension/backend/services/video_processing_service.py	Fixes deployment manager import path to unblock the backend pipeline.
apps/web/src/store/dashboard-store.ts	Adds PipelineResult + deployPipeline() action and stores pipeline output into Video.
apps/web/src/app/dashboard/page.tsx	Adds “Deploy” button and renders pipeline results (live URL/repo/framework) on cards.
apps/web/src/app/api/video/route.ts	Clarifies that /api/video is analysis-only and points users to /api/pipeline for full pipeline.
apps/web/src/app/api/pipeline/route.ts	Implements the new end-to-end pipeline API route with backend-first + Gemini fallback strategies.

[Copilot]

deployPipeline() creates a video without setting pipelineResult, so page.tsx treats it as a non-pipeline run (it checks pipelineResult !== undefined) and shows the Transcribe/Analyze/Extract stages while the deploy pipeline is running. If you intend pipeline runs to show Generate/Deploy stages immediately, initialize a sentinel value at creation time (e.g., set pipelineResult to null and update the Video type accordingly, or add an explicit mode/pipeline flag).

Suggested change

	progress: 5,
	progress: 5,
	pipelineResult: {
	live_url: null,
	github_repo: null,
	build_status: 'pending',
	},

[Copilot]

deployPipeline() treats any non-success/complete response as a failure and still sets the title to Deployed: …. However /api/pipeline returns status: 'partial' for the Gemini-only fallback, which will incorrectly mark the video as failed even though analysis succeeded. Consider handling partial explicitly (e.g., set status to complete with a different label, or introduce a partial UI status) and avoid using a Deployed: title unless a deployment URL is present.

Suggested change

	updateVideo(id, {
	status: result.status === 'success' || result.status === 'complete' ? 'complete' : 'failed',
	progress: 100,
	title: `Deployed: ${url.length > 40 ? url.substring(0, 37) + '…' : url}`,
	const isSuccessful =
	result.status === 'success' ||
	result.status === 'complete' ||
	result.status === 'partial';
	const hasDeployment =
	!!pipelineResult.live_url ||
	!!(pipelineResult.deployment?.urls && Object.keys(pipelineResult.deployment.urls).length > 0);
	const uiStatus = isSuccessful ? 'complete' : 'failed';
	const titlePrefix = hasDeployment ? 'Deployed' : 'Processed';
	updateVideo(id, {
	status: uiStatus,
	progress: 100,
	title: `${titlePrefix}: ${url.length > 40 ? url.substring(0, 37) + '…' : url}`,

[Copilot]

PipelineResult is imported here but never used in this file. If linting is enabled during build (as is typical with Next.js), this can fail CI or add noise; consider removing the unused type import and only importing Video.

Suggested change

	import type { PipelineResult, Video } from '@/store/dashboard-store';
	import type { Video } from '@/store/dashboard-store';

[Copilot]

The comment above says Strategy 2 is "Gemini analysis + frontend deployment" when the backend is unavailable, but the implementation only performs Gemini analysis and explicitly returns live_url: null with code_generation: null and deployment: null. Please update the comment to match the actual behavior (analysis-only) to avoid misleading future maintainers.

Suggested change

	* 2. Gemini analysis + frontend deployment — when no backend is available
	* 2. Gemini analysis only (video intelligence, no deployment) — when no backend is available

[Copilot]

This route waits synchronously for the full backend video-to-software pipeline and sets a 5-minute fetch timeout. On Vercel (and similar serverless deployments), the function itself typically has a shorter execution limit (and apps/web/vercel.json doesn’t configure a longer maxDuration), so the request may time out before the backend finishes. Consider making this endpoint asynchronous (enqueue + return 202 + poll), or explicitly configuring/validating the serverless timeout budget and failing fast with a clear message when it’s insufficient.

[Copilot]

PipelineResult is stored in Zustand state and accessed throughout the UI, but its fields use snake_case (live_url, github_repo, etc.) while the rest of the dashboard store uses camelCase. This introduces inconsistent naming in the in-memory model and forces components to use mixed conventions. Consider mapping the API response to camelCase when building pipelineResult (e.g., liveUrl, githubRepo, buildStatus, codeGeneration, deployment) and keeping API snake_case only at the network boundary.