Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
249 commits
Select commit Hold shift + click to select a range
d550cda
fix: add empty state with CTA for repositories - issue #179
Tanisha-sharma7302 May 21, 2026
30429d7
Potential fix for pull request finding
nisshchayarathi May 21, 2026
35cd81a
fix(ai): add strict input validation to all AI routes
May 21, 2026
e07e0e7
fix(db): add indexes for common worker and API query paths
May 21, 2026
a5154ca
Revert "feat(ui): add skeleton loader for repository readme (#189)"
nisshchayarathi May 21, 2026
6870f66
chore(db): add userId indexes for query optimization (#205)
anshika1179 May 21, 2026
b9dd015
fix(ai): add strict input validation to all AI routes
May 21, 2026
42db51e
fix(db): add indexes for common worker and API query paths
May 21, 2026
cea478e
Merge pull request #232 from nisshchayarathi/revert-230-feature/repos…
nisshchayarathi May 21, 2026
7cee0af
fix(db): add index on GitHubRepo for webhook repo lookup
May 21, 2026
0ca3ef8
fix(ai): add strict input validation to all AI routes
May 21, 2026
a31fc98
fix(db): add indexes for common worker and API query paths
May 21, 2026
a4fd166
fix(db): add index on GitHubRepo for webhook repo lookup
May 21, 2026
5d92af0
docs: add integrations rate limit and retry robustness guide (#206)
anshika1179 May 21, 2026
1f2b858
fix(db): add indexes on Account and Session for user-related queries
May 21, 2026
6bfbcd0
docs: enforce ownership and no-store caching strategy (#176)
anshika1179 May 21, 2026
28810e6
fix(db): add indexes on Branch, Contributor, and Language for reposit…
May 21, 2026
2a48da1
feat(webhooks): enforce ownership checks and no-store caching (#183)
anshika1179 May 21, 2026
82b6400
Merge pull request #231 from atul-upadhyay-7/fix/db-add-indexes
nisshchayarathi May 21, 2026
b1eb108
fix(db): add index on GitHubRepo for webhook repo lookup
May 21, 2026
6064f5c
fix(db): add indexes on Account and Session for user-related queries
May 21, 2026
6f3942c
fix(db): add indexes on Branch, Contributor, and Language for reposit…
May 21, 2026
221aae4
fix(db): add index on AnalysisJob for user status queries
May 21, 2026
9afd190
Merge pull request #240 from atul-upadhyay-7/fix/analysisjobs-db-indexes
nisshchayarathi May 21, 2026
b8d78a3
feat(security): add server-side validation for repository identifiers…
anshika1179 May 21, 2026
1adcedf
fix(db): add index on Session for expiry cleanup queries
May 21, 2026
efdfa7c
fix(db): add index on Session for expiry cleanup queries
May 21, 2026
35e6451
fix: validate job ID format in analysis job endpoints
May 21, 2026
9368457
Merge branch 'main' into feature/repository-id-validation-63
anshika1179 May 21, 2026
272842c
docs: unify onboarding documentation references
Tuba1809 May 21, 2026
44a9a2e
feat(ui): add skeleton loaders for analysis job page
May 21, 2026
a5f89f4
fix: add validation and proper error handling for logout api
Harshitbhardwaj468 May 21, 2026
3e7fdca
fix(security): enforce ownership and no-store caching on webhook endp…
May 21, 2026
24e45d6
Merge branch 'main' into feature/github-select-repos-rate-limit-114
anshika1179 May 21, 2026
af61587
Merge pull request #224 from anshika1179/feature/github-select-repos-…
nisshchayarathi May 21, 2026
66a8396
feat: handle rate limits and retries in analysis jobs
May 21, 2026
acfe234
fix(db): add index on Session for expiry cleanup queries
May 21, 2026
e29f9c7
fix: validate job ID format in analysis job endpoints
May 21, 2026
f640bf5
feat(ui): add skeleton loaders for analysis job page
May 21, 2026
a93a30b
fix(security): enforce ownership and no-store caching on webhook endp…
May 21, 2026
1fa7866
feat: handle rate limits and retries in analysis jobs
May 21, 2026
0b7d5a6
handle rate limits and retries for GitHub integrations
May 21, 2026
076805f
fix: improve logout validation handling
Harshitbhardwaj468 May 21, 2026
11e80fd
add skeleton loaders to auth pages to reduce layout shift
May 21, 2026
0d0241b
Add skeleton UI for loading states
SuhaniSnehasini May 21, 2026
7f521b0
fix: allow empty json logout requests
Harshitbhardwaj468 May 21, 2026
d0a6ec5
fix: tighten README sanitization schema and update test script
Althafdudekula May 21, 2026
39f344e
feat(ui): improve empty state UX
anchal-dev May 21, 2026
6a99f67
fix: add validation and safe error handling for AI chat API
Nissy-niveditha21 May 21, 2026
414f841
fix: improve logout request validation and security
Harshitbhardwaj468 May 21, 2026
0b1b766
fix: improve accessibility for motion-safe animations
anchal-dev May 21, 2026
212e18d
Merge branch 'main' into add-skeleton-ui
SuhaniSnehasini May 21, 2026
edc6a84
Restore build script to package.json
SuhaniSnehasini May 21, 2026
3aa68d9
fix: add validation and safe error handling for AI chat API, checked
Nissy-niveditha21 May 21, 2026
4109f7c
Merge pull request #254 from SuhaniSnehasini/add-skeleton-ui
nisshchayarathi May 21, 2026
3c4f11b
Merge branch 'main' into fix/webhook-db-indexes
atul-upadhyay-7 May 21, 2026
84e1cbb
Merge branch 'main' into fix/users-db-indexes
atul-upadhyay-7 May 21, 2026
e366f73
Merge branch 'main' into fix/repos-db-indexes
atul-upadhyay-7 May 21, 2026
bcd7277
Merge branch 'main' into fix/analysisjobs-skeleton-loader
atul-upadhyay-7 May 21, 2026
e811289
Merge branch 'main' into fix/analysisjobs-rate-limit-retry
atul-upadhyay-7 May 21, 2026
e9eedf9
Merge branch 'main' into fix/webhook-security-headers
atul-upadhyay-7 May 21, 2026
237a63c
feat: add indexes for webhook query optimization
nivi06-pixel May 21, 2026
682a55a
Merge branch 'main' into fix-webhook-db-index
nivi06-pixel May 21, 2026
926def4
docs: add troubleshooting for GitHub API rate limits
KaniskaRaj May 21, 2026
c3bcfb0
feat: add database indexes for repository and file changes
TanmayNelge May 21, 2026
2f646b6
feat(webhooks): add skeleton UI for webhook reviews history loading s…
SuhaniSnehasini May 21, 2026
4d59a2d
docs: fix markdown code block language
KaniskaRaj May 21, 2026
ccbb0bb
Optimize worker query performance with composite indexes
nivi06-pixel May 21, 2026
ec3ac22
Optimize worker query performance with composite indexes
nivi06-pixel May 21, 2026
267d04a
docs: document environment variables and add troubleshooting guide
xyron24 May 21, 2026
3b78dbc
Remove unused cross-env dependency
nivi06-pixel May 21, 2026
dbbc7bc
fix: resolve conflicting NEXTAUTH_URL guidance in README
xyron24 May 21, 2026
caee5a5
Added keyboard shortcuts for search focus and clear
Vijitha14 May 21, 2026
21167ce
docs: align Node.js version documentation
Meera2906 May 21, 2026
e78c833
docs: add validation notes for AI analysis routes
swe296 May 21, 2026
440e5c5
Fixed review comments from CodeRabbit
Vijitha14 May 21, 2026
b2b0f66
Merge pull request #381 from nisshchayarathi/restore
nisshchayarathi May 21, 2026
2d68312
feat: implement empty-state UI system for repository analysis sections
samarthtalwar9 May 21, 2026
a4859c2
Merge pull request #386 from nisshchayarathi/restore
nisshchayarathi May 21, 2026
03451ab
Add cn helper alias
nisshchayarathi May 21, 2026
1275521
docs: add Vercel deployment checklist
Sudeepa980 May 21, 2026
067d868
Merge pull request #384 from samarthtalwar9/feature/gitverse-dev
nisshchayarathi May 21, 2026
39bf43f
Merge pull request #379 from Meera2906/docs-node-version-fix
nisshchayarathi May 21, 2026
2126dee
Merge pull request #375 from xyron24/docs/env-variables-and-troublesh…
nisshchayarathi May 21, 2026
06e2f54
Merge pull request #374 from nivi06-pixel/fix-worker-query-indexes
nisshchayarathi May 21, 2026
16fb6ac
Merge pull request #371 from TanmayNelge/fix/database-indexes
nisshchayarathi May 21, 2026
655291f
Merge pull request #234 from anshika1179/feature/database-index-optim…
nisshchayarathi May 21, 2026
869dba3
Merge branch 'main' into docs/onboarding-guide-cleanup
nisshchayarathi May 21, 2026
28a64cd
Merge pull request #245 from Tuba1809/docs/onboarding-guide-cleanup
nisshchayarathi May 21, 2026
46a3a89
Merge branch 'main' into feat/empty-state-ui
nisshchayarathi May 21, 2026
fe92b28
Merge pull request #252 from anchal-dev/feat/empty-state-ui
nisshchayarathi May 21, 2026
be5ceb3
Merge branch 'main' into patch-8
nisshchayarathi May 21, 2026
7249223
Merge branch 'main' into fix/webhook-db-indexes
nisshchayarathi May 21, 2026
1046719
Merge pull request #233 from atul-upadhyay-7/fix/webhook-db-indexes
nisshchayarathi May 21, 2026
540f7ac
Revert "fix(db): add index on GitHubRepo for webhook repo lookup"
nisshchayarathi May 21, 2026
716bf99
Merge pull request #391 from nisshchayarathi/revert-233-fix/webhook-d…
nisshchayarathi May 21, 2026
cbc4845
Merge branch 'main' into fix/users-db-indexes
nisshchayarathi May 21, 2026
da28292
Merge pull request #236 from atul-upadhyay-7/fix/users-db-indexes
nisshchayarathi May 21, 2026
b913499
Revert "fix(db): add indexes on Account and Session for user-related …
nisshchayarathi May 21, 2026
f05132d
Merge pull request #392 from nisshchayarathi/revert-236-fix/users-db-…
nisshchayarathi May 21, 2026
32954c0
Merge branch 'main' into fix/repos-db-indexes
nisshchayarathi May 21, 2026
1fa981d
Merge pull request #238 from atul-upadhyay-7/fix/repos-db-indexes
nisshchayarathi May 21, 2026
52a5e0a
Revert "fix(db): add indexes on Branch, Contributor, and Language for…
nisshchayarathi May 21, 2026
0cc086f
Merge pull request #393 from nisshchayarathi/revert-238-fix/repos-db-…
nisshchayarathi May 21, 2026
50c8c7f
Merge pull request #250 from atul-upadhyay-7/fix/auth-skeleton-loaders
nisshchayarathi May 21, 2026
4aae0b2
Merge branch 'main' into fix/webhook-security-headers
nisshchayarathi May 21, 2026
7c25743
Merge pull request #246 from atul-upadhyay-7/fix/webhook-security-hea…
nisshchayarathi May 21, 2026
bba9e67
Revert "fix(security): enforce ownership and no-store caching on webh…
nisshchayarathi May 21, 2026
abaf6a8
Merge pull request #394 from nisshchayarathi/revert-246-fix/webhook-s…
nisshchayarathi May 21, 2026
1be03c0
Merge branch 'main' into docs/github-rate-limit-troubleshooting
nisshchayarathi May 21, 2026
ddba4f1
Merge pull request #368 from KaniskaRaj/docs/github-rate-limit-troubl…
nisshchayarathi May 21, 2026
2819386
Merge pull request #241 from atul-upadhyay-7/fix/auth-db-indexes
nisshchayarathi May 21, 2026
d25a572
Merge branch 'main' into fix/analysisjobs-skeleton-loader
nisshchayarathi May 21, 2026
6a2e49f
Merge pull request #244 from atul-upadhyay-7/fix/analysisjobs-skeleto…
nisshchayarathi May 21, 2026
916eb0d
Merge pull request #389 from Sudeepa980/patch-8
nisshchayarathi May 21, 2026
f4fa7cf
Merge pull request #247 from Harshitbhardwaj468/fix-auth-logout-valid…
nisshchayarathi May 21, 2026
3e8e270
Merge branch 'main' into fix-webhook-db-index
nisshchayarathi May 21, 2026
29e8537
Merge pull request #362 from nivi06-pixel/fix-webhook-db-index
nisshchayarathi May 21, 2026
85e0abb
Merge branch 'main' into fix/github-integrations-rate-limit
nisshchayarathi May 21, 2026
88cc6bc
Merge pull request #249 from atul-upadhyay-7/fix/github-integrations-…
nisshchayarathi May 21, 2026
9823abe
Merge branch 'main' into fix/analysisjobs-rate-limit-retry
nisshchayarathi May 21, 2026
d6231f3
Merge pull request #248 from atul-upadhyay-7/fix/analysisjobs-rate-li…
nisshchayarathi May 21, 2026
4ec0cee
Merge branch 'main' into fix/repositories-empty-state
nisshchayarathi May 21, 2026
8b4b4bf
Merge pull request #215 from Tanisha-sharma7302/fix/repositories-empt…
nisshchayarathi May 21, 2026
449e6e7
Improve repository page usability and error handling
Sudeepa980 May 21, 2026
ac8eece
Merge branch 'main' into fix/analysis-observability
Sudeepa980 May 21, 2026
8e8e997
docs: add manual repro steps for worker validation
May 21, 2026
694706e
fix(worker): validate inputs and improve error handling for /run endp…
May 21, 2026
6b29d1c
feat(worker): add empty state UI for analysis jobs
anshika1179 May 22, 2026
fd21cae
Merge pull request #235 from anshika1179/feature/docs-rate-limit-retr…
nisshchayarathi May 22, 2026
a658159
feat(ui): add primary call-to-action to users empty state
anshika1179 May 22, 2026
099f31e
Merge pull request #1 from anshika1179/feature/users-empty-state-120
anshika1179 May 22, 2026
ccfa6d1
fix: handle rate limits and retries for user integrations
May 22, 2026
de2a315
Resolved merge conflict
Vijitha14 May 22, 2026
a205243
fix: resolve duplicate bcrypt dependencies and optimize types
prayas09-alt May 22, 2026
5bdd959
feat(docs): add skeleton loaders to reduce layout shift
anshika1179 May 22, 2026
5a34646
Adjusted shortcut helper text layout
Vijitha14 May 22, 2026
9821608
Adjusted shortcut helper text layout
Vijitha14 May 22, 2026
8eb3787
fix: tighten authorization checks in middleware to prevent cross-user…
nishita1797-glitch May 22, 2026
9dfc15d
Merge pull request #406 from anshika1179/feature/docs-skeleton-loader…
nisshchayarathi May 22, 2026
827f257
Adjusted shortcut helper text layout
Vijitha14 May 22, 2026
7467edc
Merge pull request #407 from prayas09-alt/main
nisshchayarathi May 22, 2026
d7e1acb
Merge pull request #408 from nishita1797-glitch/main
nisshchayarathi May 22, 2026
08d7312
Merge pull request #405 from atul-upadhyay-7/fix/users-rate-limit-retry
nisshchayarathi May 22, 2026
f16d945
Adjusted shortcut helper text layout
Vijitha14 May 22, 2026
19e305e
fix: resolve conditional hook execution in commit heatmap
prayas09-alt May 22, 2026
b88260d
Merge branch 'nisshchayarathi:main' into main
prayas09-alt May 22, 2026
56b0021
docs: mark worker scripts as legacy/optional in GETTING_STARTED.md (#4)
TanmayNelge May 22, 2026
4ac038a
fix: add empty state with CTA for AI UI - issue #181
Tanisha-sharma7302 May 22, 2026
a97e433
feat: add empty state and primary CTA for auth UI (#119)
smriti-nyx May 22, 2026
fb45d5e
Merge branch 'main' into fix/auth-empty-state-ui
smriti-nyx May 22, 2026
99fa383
Merge branch 'main' into feature/users-empty-state-120
anshika1179 May 22, 2026
e4fb619
docs: document GitHub App permissions and environment setup
anshika1179 May 22, 2026
c47d677
Merge branch 'main' of https://github.com/anshika1179/gitverse-nextjs
anshika1179 May 22, 2026
1bfc5c3
security: redact sensitive logs and strengthen authorization checks
anshika1179 May 22, 2026
70cb821
Merge branch 'main' into security/redact-secrets-auth-checks-340
anshika1179 May 22, 2026
9524720
fix: add email format validation to auth routes (#98)
smriti-nyx May 22, 2026
f518c59
Add adaptive dark mode with persistent theme toggle
vasudhaagrawal2024-byte May 22, 2026
9624b4e
Merge branch 'main' into fix/auth-input-validation
smriti-nyx May 22, 2026
071fda1
feat(auth): implement in-memory rate limiting for login and signup
TanmayNelge May 22, 2026
004d0ab
docs: align worker requirement wording across deployments per review
TanmayNelge May 22, 2026
fece1de
fix: address CodeRabbit review comments for rate limiter
TanmayNelge May 22, 2026
89bc1e5
Fix CodeRabbit review comments
vasudhaagrawal2024-byte May 22, 2026
0f74a2c
fix: add type=button to AIEmptyState and remove empty AIRepositoryOve…
Tanisha-sharma7302 May 22, 2026
379ecf3
Merge pull request #421 from TanmayNelge/security/rate-limit-auth
nisshchayarathi May 22, 2026
7bf25d8
feat: add configurable time budget to analysis cron runner
anshika1179 May 22, 2026
574127b
Merge branch 'main' into analysis/cron-time-budget-312
anshika1179 May 22, 2026
b7be1bc
Validate inputs and return 400 with helpful message
SuhaniSnehasini May 22, 2026
6e74198
feat: add runner summary metrics for analysis jobs
anshika1179 May 22, 2026
7beab56
Merge branch 'main' into analysis/runner-summary-metrics-289
anshika1179 May 22, 2026
c751e4f
fix: add timeout handling and progress UI for repository analysis
Arsh-sudo May 22, 2026
c5d6a92
fix: improve GitHub integration handling for renamed repositories
anshika1179 May 22, 2026
8947372
Merge branch 'main' into integrations/github-404-repo-handling-311
anshika1179 May 22, 2026
05de6ff
fix: address CodeRabbit review comments
Arsh-sudo May 22, 2026
6841d9f
fix:address review changes
SuhaniSnehasini May 22, 2026
90903c3
fix: only reset lastProgressAt on actual progress value change
Arsh-sudo May 22, 2026
b9223c0
fix: use functional setJob to avoid stale closure in progress comparison
Arsh-sudo May 22, 2026
8735c67
Merge pull request #237 from anshika1179/feature/security-ownership-n…
nisshchayarathi May 22, 2026
2f16fa9
Merge pull request #253 from Althafdudekula/fix-readme-sanitization
nisshchayarathi May 22, 2026
690630f
Merge pull request #255 from Nissy-niveditha21/fix/ai-chat-validation
nisshchayarathi May 22, 2026
f5fd113
Merge pull request #427 from anshika1179/integrations/github-404-repo…
nisshchayarathi May 22, 2026
2fb99de
Merge pull request #426 from anshika1179/analysis/runner-summary-metr…
nisshchayarathi May 22, 2026
f8d07a6
Merge pull request #425 from SuhaniSnehasini/fix-repository-validation
nisshchayarathi May 22, 2026
7d17279
Merge pull request #378 from Vijitha14/feature/search-shortcuts
nisshchayarathi May 22, 2026
b2026e5
Merge pull request #380 from swe296/fix-docs-input-validation
nisshchayarathi May 22, 2026
3e62ec5
Merge pull request #398 from Sudeepa980/fix/analysis-observability
nisshchayarathi May 22, 2026
3463984
Merge pull request #399 from Prateekfrfr/fix/worker-input-validation
nisshchayarathi May 22, 2026
fa19e09
Merge pull request #403 from anshika1179/feature/users-empty-state-120
nisshchayarathi May 22, 2026
3dd84c0
Merge pull request #410 from prayas09-alt/main
nisshchayarathi May 22, 2026
5a75488
Merge pull request #411 from TanmayNelge/docs/worker-script-clarifica…
nisshchayarathi May 22, 2026
150c7c3
Merge pull request #414 from Tanisha-sharma7302/fix/ai-empty-state
nisshchayarathi May 22, 2026
a831366
Merge pull request #428 from Arsh-sudo/fix/analysis-timeout-ui
nisshchayarathi May 22, 2026
76425fa
Merge pull request #420 from vasudhaagrawal-12/adaptive-dark-mode
nisshchayarathi May 22, 2026
48eb2a7
Merge pull request #419 from smriti-nyx/fix/auth-input-validation
nisshchayarathi May 22, 2026
0a6074d
Merge pull request #416 from anshika1179/docs/github-app-permissions-…
nisshchayarathi May 22, 2026
426548c
Merge pull request #413 from smriti-nyx/fix/auth-empty-state-ui
nisshchayarathi May 22, 2026
764d5f8
feat: add skeleton loading states to analysis detail page (#61)
pithva007 May 22, 2026
7e8be58
fix: Skeleton import casing
pithva007 May 22, 2026
2d0cbdb
fix: add auth input validation and return 400 with helpful messages (…
pithva007 May 22, 2026
8a2daa5
Merge branch 'main' into feat/skeleton-loading-analysis-detail-61
pithva007 May 22, 2026
89b8e0c
Merge branch 'main' into fix/auth-input-validation-400-89
pithva007 May 22, 2026
ce5d61c
fix: cancel stale fetches, reset state on jobId change, sanitize erro…
pithva007 May 22, 2026
12ad6f6
Merge branch 'main' into feature/webhooks-security-no-store-183
anshika1179 May 22, 2026
1566734
Merge branch 'main' into feature/repository-id-validation-63
anshika1179 May 22, 2026
15252e2
fix: cancel stale fetches, reset state on jobId change, sanitize erro…
pithva007 May 22, 2026
3da5a7e
Merge branch 'main' into analysis/cron-time-budget-312
anshika1179 May 22, 2026
a5d5c2f
feat: improve cron runner time budget handling and observability
anshika1179 May 22, 2026
41c9b58
Resolved changes.
pithva007 May 22, 2026
be6d53b
docs: document GitHub App permissions and environment setup
anshika1179 May 22, 2026
78124ec
Add missing requireAuth and isHttpError to middleware
May 22, 2026
c476226
feat: improve analysis job progress reporting and percentages
anshika1179 May 22, 2026
b03426e
fix: remove related analysis jobs during repository deletion
anshika1179 May 22, 2026
2df53eb
fix: prevent caching of user profile API responses
anshika1179 May 22, 2026
3f27713
fix(docs): add accessible empty state with CTA
pithva007 May 22, 2026
be3f9ab
fix: enforce ownership, disable caching, improve validation, and add …
Rial1608 May 22, 2026
737f438
fix(security): standardize API auth error responses
pithva007 May 22, 2026
3e50474
fix: set repository status to failed on analysis errors
anshika1179 May 22, 2026
3a84342
fix(db): prevent duplicate languages and stale cleanup
pithva007 May 22, 2026
77e3ae9
Merge pull request #465 from pithva007/fix/docs-empty-state-cta-128
pithva007 May 22, 2026
af202ca
refactor: use typed error for timeout detection
Rial1608 May 22, 2026
748de87
feat: improve auth provider retry and rate-limit handling
anshika1179 May 22, 2026
466316c
fix: remove untrusted header-based ownership check from middleware
Rial1608 May 22, 2026
7ca226a
Merge pull request #471 from pithva007/fix/security-standardize-api-r…
pithva007 May 22, 2026
734b76b
Merge branch 'main' into fix/auth-input-validation-400-89
pithva007 May 22, 2026
9067815
fix: resolve merge conflict with upstream
Rial1608 May 22, 2026
92f7f58
Merge pull request #441 from pithva007/fix/auth-input-validation-400-89
pithva007 May 22, 2026
b6954ae
Merge branch 'main' into fix/db-duplicate-language-constraint-344
pithva007 May 22, 2026
cba035d
Merge pull request #468 from pithva007/fix/db-duplicate-language-cons…
pithva007 May 22, 2026
8e2b33d
Merge branch 'main' into auth/provider-rate-limit-retries-139
nisshchayarathi May 22, 2026
27140c2
Merge pull request #481 from anshika1179/auth/provider-rate-limit-ret…
nisshchayarathi May 22, 2026
85ae3d0
Merge branch 'main' into feat/skeleton-loading-analysis-detail-61
pithva007 May 22, 2026
739996b
Merge pull request #455 from pithva007/feat/skeleton-loading-analysis…
pithva007 May 22, 2026
30853b1
Merge pull request #451 from atul-upadhyay-7/fix/gh-358-require-auth-…
pithva007 May 22, 2026
85f5161
Merge pull request #453 from anshika1179/db/repository-delete-cascade…
pithva007 May 22, 2026
9c86635
Merge pull request #239 from anshika1179/feature/webhooks-security-no…
nisshchayarathi May 22, 2026
aafecd8
Merge pull request #452 from anshika1179/analysis/job-progress-messag…
pithva007 May 22, 2026
dcabf61
Merge branch 'main' into feature/repository-id-validation-63
nisshchayarathi May 22, 2026
3721dad
Merge pull request #242 from anshika1179/feature/repository-id-valida…
nisshchayarathi May 22, 2026
ac2afbf
Merge pull request #424 from anshika1179/analysis/cron-time-budget-312
nisshchayarathi May 22, 2026
ef7b103
Merge branch 'main' into security/redact-secrets-auth-checks-340
nisshchayarathi May 22, 2026
1a4ef4e
Merge pull request #450 from anshika1179/docs/github-app-permissions-309
pithva007 May 22, 2026
2327609
Merge pull request #417 from anshika1179/security/redact-secrets-auth…
nisshchayarathi May 22, 2026
c552e47
Merge branch 'main' into analysis/repo-failed-status-handling-301
nisshchayarathi May 22, 2026
59267ad
Merge pull request #472 from anshika1179/analysis/repo-failed-status-…
nisshchayarathi May 22, 2026
e235795
Merge branch 'main' into analysis/cron-time-budget-followup-342
nisshchayarathi May 22, 2026
452fccf
Merge pull request #448 from anshika1179/analysis/cron-time-budget-fo…
nisshchayarathi May 22, 2026
6e7485c
Merge branch 'main' into security/no-store-user-profile-routes-262
nisshchayarathi May 22, 2026
dba9f61
Merge pull request #456 from anshika1179/security/no-store-user-profi…
nisshchayarathi May 22, 2026
db70df3
fix: resolve final conflicts
Rial1608 May 22, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,8 @@ GITHUB_APP_STATE_SECRET=

# Optional: For client-side API calls
NEXT_PUBLIC_API_URL=http://localhost:3000


# Rate Limiting (In-Memory)
RATE_LIMIT_WINDOW_MS=900000 # 15 minutes in milliseconds
RATE_LIMIT_MAX_REQUESTS=5 # Max attempts per window
26 changes: 22 additions & 4 deletions GETTING_STARTED.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This is the Next.js version of GitVerse, migrated from the Vite + React version

## Prerequisites

- Node.js 18+ installed
- Node.js 22.x installed (see [Supported Node Version](README.md#supported-node-version))
- PostgreSQL database (NeonDB recommended)
- Google Gemini AI API key

Expand All @@ -28,13 +28,13 @@ cp .env.example .env.local
Edit `.env.local` and fill in your values:

```env
# Database - Get from https://neon.tech
# Database - Get from [https://neon.tech](https://neon.tech)
DATABASE_URL=postgresql://user:password@host/database?sslmode=require&schema=public

# JWT Secret - Generate a secure random string
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production

# Gemini AI - Get from https://makersuite.google.com/app/apikey
# Gemini AI - Get from [https://makersuite.google.com/app/apikey](https://makersuite.google.com/app/apikey)
GEMINI_API_KEY=your_gemini_api_key_here

# NextAuth (required for Google login)
Expand All @@ -47,7 +47,7 @@ GOOGLE_CLIENT_SECRET=your-google-client-secret

# Optional: Base URL for API calls
# Leave unset to use same-origin `/api/...` (recommended).
# If you set it, avoid a trailing slash (e.g. https://example.com, not https://example.com/)
# If you set it, avoid a trailing slash (e.g. [https://example.com](https://example.com), not [https://example.com/](https://example.com/))
# NEXT_PUBLIC_API_URL=http://localhost:3000
```

Expand Down Expand Up @@ -108,13 +108,23 @@ Open [http://localhost:3000](http://localhost:3000) in your browser.

### Running the App

Note on Background Tasks: For standard local development, background tasks are handled seamlessly by Next.js API routes. The legacy worker script is optional and generally not required.

```bash
npm run dev # Development server
npm run build # Production build
npm start # Production server
npm run lint # Lint code
```

### Legacy Worker (Optional)

If you are testing specific background workflows locally that mimic a custom non-serverless deployment, you can optionally run the worker:

```bash
npm run worker # Run background tasks (Legacy / Optional)
```

### Database Management

```bash
Expand Down Expand Up @@ -166,23 +176,31 @@ All endpoints are prefixed with `/api`:

### Vercel (Recommended)

Vercel automatically handles background processes via serverless functions, so the worker script is not needed for this deployment method.

1. Push code to GitHub
2. Import in Vercel dashboard
3. Add environment variables
4. Deploy automatically

### Docker
If self-hosting via Docker, run the primary application container. If your deployment uses queue-based background processing, run the legacy worker as a separate process/container.

```bash
docker build -t gitverse-nextjs .
docker run -p 3000:3000 gitverse-nextjs
```

### Manual Deployment
For deployments on custom servers (e.g., EC2, VPS) where serverless functions aren't available, run the app build. If queue-based background processing is enabled, also run the worker script (for example via PM2/systemd).

```bash
npm run build
npm start

# In a separate terminal or using a process manager like PM2:
npm run worker

```

## Troubleshooting
Expand Down
32 changes: 32 additions & 0 deletions GIT_GRAPH_SETUP.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,3 +79,35 @@ The graph algorithm uses these parent relationships to:
- Detect when branches merge
- Position commits in the correct columns
- Show branch splits and joins

## Security & Access Control

To protect private repository data and analysis results, GitVerse enforces strict ownership and caching rules across all user-scoped API endpoints.

### Ownership Enforcement Strategy

Before returning sensitive data (e.g., repository insights or commit history), the backend middleware must validate that the authenticated user actually owns the requested resource.
- **Authorized:** If `repository.userId === user.id`, the data is safely returned.
- **Unauthorized (404/403):** If a user attempts to access another user's private data, the API will intentionally return a generic `404 Not Found` or `403 Forbidden` to prevent leaking the existence or metadata of private resources.

### Cache-Control: `no-store`

All endpoints returning private or user-scoped data explicitly define HTTP caching directives to prevent accidental data leakage via proxies or browsers.

**Example Response Header:**
```http
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
```

This guarantees that:
- Browsers never cache sensitive repository data.
- CDNs or edge proxies do not mistakenly serve one user's data to another.
- API requests always hit the origin server to re-verify authentication and ownership.

### Best Practices for Protected Endpoints

When developing new GitVerse API routes, always adhere to the following pattern:
1. Extract and validate the session `user`.
2. Fetch the resource and perform an ownership check.
3. Return `404 Not Found` if the ownership check fails.
4. Append `Cache-Control: no-store` to the `NextResponse` before returning.
31 changes: 31 additions & 0 deletions GOOGLE_OAUTH_SETUP.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,37 @@ When deploying to production:
3. Ensure all environment variables are set in your production environment
4. Run the database migration in production

## Provider Rate Limits & Retry Strategies

When GitVerse integrates with third-party providers (like GitHub or Google), it natively handles rate limiting and transient failures to ensure robust operation.

### Rate Limit Behavior (HTTP 429)

If a provider returns a `429 Too Many Requests` response, GitVerse will safely catch the error and surface a standardized response to the client. The frontend will typically display a message like:
`"Rate limit reached. Please retry after X seconds."`

GitVerse extracts the `retryAfter` or reset timing directly from the provider's HTTP headers and propagates it safely without exposing internal API responses.

### Retry with Exponential Backoff

For transient network failures or safe server errors (e.g., `502`, `503`, `504`), GitVerse employs an automatic exponential backoff mechanism.

**Retry Flow Example:**
- Attempt 1: Immediate Execution
- Attempt 2: 1s delay
- Attempt 3: 2s delay
- Attempt 4: 4s delay

This prevents infinite retry loops and respects provider rate limits while improving overall system reliability.

## Secure Logging Practices

To protect sensitive information, GitVerse enforces strict token sanitization requirements across all provider integrations:

1. **Token Redaction:** Never log raw OAuth access tokens, `Authorization` headers, or provider credentials.
2. **Error Sanitization:** If an HTTP fetch fails, the underlying `AxiosError` or `fetch` error is sanitized to strip out sensitive config and request headers before it reaches `console.error`.
3. **Safe Debugging:** Logs will output the HTTP status code, safe message strings, and endpoint paths (excluding query string secrets) to preserve debuggability without compromising security.

## Troubleshooting

### Error: "redirect_uri_mismatch"
Expand Down
Loading