Azure openai #1084
Azure openai #1084
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughAdds Azure OpenAI as a new LLM provider (env, model selection, CLI, dependency) and introduces an Organization Analytics feature: tabbed org navigation, a stats page/component with date-range filters and charts, and a new API endpoint that computes bucketed org metrics. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Browser as OrgStats UI (React)
participant NextAPI as /api/organizations/[id]/stats (Next route)
participant Auth as withAuth / Admin check
participant DB as Database (Prisma/SQL)
User->>Browser: Navigate to /organization/{id}/stats
Browser->>Browser: Init date range (last 7 days)
Browser->>NextAPI: GET /api/organizations/{id}/stats?fromDate=&toDate=
NextAPI->>Auth: withAuth + fetchAndCheckIsAdmin
Auth-->>NextAPI: auth ok / admin confirmed
NextAPI->>DB: Query per-member email counts (date bounds)
DB-->>NextAPI: email counts
NextAPI->>DB: Query per-member executed rules (date bounds)
DB-->>NextAPI: rule counts
NextAPI->>DB: Query totals (emails, rules, active members)
DB-->>NextAPI: totals
NextAPI->>NextAPI: Bucket results & build response
NextAPI-->>Browser: OrgStatsResponse (buckets + totals)
Browser->>Browser: Render StatCards & BucketCharts
Browser->>User: Display analytics UI and charts
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Areas requiring extra attention:
Possibly related PRs
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Add Azure OpenAI provider support across web app, CLI, and env configuration to enable Azure-backed modelsIntroduce 📍Where to StartStart with the Azure branch in Macroscope summarized eaec6b6. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (5)
apps/web/app/api/organizations/[organizationId]/stats/route.ts (3)
16-32: Consider consolidating duplicate bucket definitions.
EMAIL_BUCKETSandRULES_BUCKETSare identical. Consider using a single shared constant to reduce duplication and ensure consistency.-// Bucket boundaries for email volume per user -const EMAIL_BUCKETS = [ - { min: 500, label: "500+" }, - { min: 200, max: 500, label: "200-500" }, - { min: 100, max: 200, label: "100-200" }, - { min: 50, max: 100, label: "50-100" }, - { min: 0, max: 50, label: "<50" }, -]; - -// Bucket boundaries for executed rules per user -const RULES_BUCKETS = [ - { min: 500, label: "500+" }, - { min: 200, max: 500, label: "200-500" }, - { min: 100, max: 200, label: "100-200" }, - { min: 50, max: 100, label: "50-100" }, - { min: 0, max: 50, label: "<50" }, -]; +// Bucket boundaries for volume metrics per user +const VOLUME_BUCKETS = [ + { min: 500, label: "500+" }, + { min: 200, max: 500, label: "200-500" }, + { min: 100, max: 200, label: "100-200" }, + { min: 50, max: 100, label: "50-100" }, + { min: 0, max: 50, label: "<50" }, +];
130-180: Consider extracting shared bucketing logic.The bucketing loop (lines 165-177) is identical to lines 113-125 in
getEmailVolumeBuckets. Consider extracting a helper function to reduce duplication.function bucketResults<T extends { count: bigint }>( results: T[], buckets: typeof VOLUME_BUCKETS, countKey: keyof T, ) { const bucketCounts = buckets.map((bucket) => ({ label: bucket.label, userCount: 0, })); for (const item of results) { const count = Number(item[countKey]); for (let i = 0; i < buckets.length; i++) { const bucket = buckets[i]; if (count >= bucket.min && (bucket.max === undefined || count < bucket.max)) { bucketCounts[i].userCount++; break; } } } return bucketCounts; }
1-6: Consider adding scoped logger for observability.As per coding guidelines, backend code should use
createScopedLoggerfor logging. This would help with debugging and monitoring.import { NextResponse } from "next/server"; import { z } from "zod"; import prisma from "@/utils/prisma"; import { withAuth } from "@/utils/middleware"; import { fetchAndCheckIsAdmin } from "@/utils/organizations/access"; import { Prisma } from "@/generated/prisma/client"; +import { createScopedLogger } from "@/utils/logger"; + +const logger = createScopedLogger("organizations/stats");apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx (1)
39-41: Consider adding dark mode support for border.The border uses
border-neutral-200without a dark mode variant, which may not contrast well in dark theme.- <div className="border-b border-neutral-200"> + <div className="border-b border-neutral-200 dark:border-neutral-700">apps/web/.env.example (1)
88-95: Azure block is correct; consider clearer example placeholders.The Azure OpenAI block matches the rest of the configuration and aligns with
env.ts. To make it more self-explanatory for self-hosters, you could add explicit placeholder values:-# AZURE_RESOURCE_NAME= -# AZURE_API_KEY= +# AZURE_RESOURCE_NAME=your-azure-openai-resource-name +# AZURE_API_KEY=your-azure-openai-api-key
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (14)
apps/web/.env.example(1 hunks)apps/web/app/(app)/organization/[organizationId]/Members.tsx(2 hunks)apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx(1 hunks)apps/web/app/(app)/organization/[organizationId]/page.tsx(2 hunks)apps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsx(1 hunks)apps/web/app/(app)/organization/[organizationId]/stats/page.tsx(1 hunks)apps/web/app/api/organizations/[organizationId]/stats/route.ts(1 hunks)apps/web/components/InviteMemberModal.tsx(1 hunks)apps/web/env.ts(2 hunks)apps/web/package.json(1 hunks)apps/web/utils/llms/config.ts(2 hunks)apps/web/utils/llms/model.ts(3 hunks)docs/hosting/environment-variables.md(2 hunks)version.txt(1 hunks)
🧰 Additional context used
📓 Path-based instructions (30)
**/package.json
📄 CodeRabbit inference engine (.cursor/rules/installing-packages.mdc)
Use
pnpmas the package manager
Files:
apps/web/package.json
apps/web/package.json
📄 CodeRabbit inference engine (.cursor/rules/installing-packages.mdc)
Don't install packages in root; install in
apps/webworkspace instead
Files:
apps/web/package.json
!(pages/_document).{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
Don't use the next/head module in pages/_document.js on Next.js projects
Files:
apps/web/package.jsonapps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/.env.exampleapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsversion.txtapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsdocs/hosting/environment-variables.mdapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Use@/path aliases for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Follow consistent naming conventions using PascalCase for components
Centralize shared types in dedicated type filesImport specific lodash functions rather than entire lodash library to minimize bundle size (e.g.,
import groupBy from 'lodash/groupBy')
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/app/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
Follow NextJS app router structure with (app) directory
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/**/*.tsx
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.tsx: Follow tailwindcss patterns with prettier-plugin-tailwindcss for class sorting
Prefer functional components with hooks over class components
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach
Use LoadingContent component for async data with loading and error states
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/components/InviteMemberModal.tsxapps/web/app/(app)/organization/[organizationId]/Members.tsx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)
**/*.{ts,tsx}: For API GET requests to server, use theswrpackage
Useresult?.serverErrorwithtoastErrorfrom@/components/Toastfor error handling in async operations
**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls
**/*.{ts,tsx}: For early access feature flags, create hooks using the naming conventionuse[FeatureName]Enabledthat return a boolean fromuseFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming conventionuse[FeatureName]Variantthat define variant types, useuseFeatureFlagVariantKey()with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g.,inbox-cleaner,pricing-options-2)
Always define types for A/B test variant flags (e.g.,type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting
**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the!postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Useas constinstead of literal types and type annotations
Use eitherT[]orArray<T>consistently
Initialize each enum member value explicitly
Useexport typefor types
Use `impo...
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/app/(app)/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)
apps/web/app/(app)/**/*.{ts,tsx}: Components for the page are either put inpage.tsx, or in theapps/web/app/(app)/PAGE_NAMEfolder
If we're in a deeply nested component we will useswrto fetch via API
If you need to useonClickin a component, that component is a client component and file must start withuse client
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/app/(app)/organization/[organizationId]/Members.tsx
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)
Always import Prisma enums from
@/generated/prisma/enumsinstead of@/generated/prisma/clientto avoid Next.js bundling errors in client componentsImport Prisma using the project's centralized utility:
import prisma from '@/utils/prisma'
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
**/*.{tsx,ts}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Usenext/imagepackage for images
For API GET requests to server, use theswrpackage with hooks likeuseSWRto fetch data
For text inputs, use theInputcomponent withregisterPropsfor form integration and error handling
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
**/*.{tsx,ts,css}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
Implement responsive design with Tailwind CSS using a mobile-first approach
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
**/*.tsx: Use theLoadingContentcomponent to handle loading states instead of manual loading state management
For text areas, use theInputcomponent withtype='text',autosizeTextareaprop set to true, andregisterPropsfor form integration
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/components/InviteMemberModal.tsxapps/web/app/(app)/organization/[organizationId]/Members.tsx
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{js,jsx,ts,tsx}: Don't useaccessKeyattribute on any HTML element
Don't setaria-hidden="true"on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like<marquee>or<blink>
Only use thescopeprop on<th>elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assigntabIndexto non-interactive HTML elements
Don't use positive integers fortabIndexproperty
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include atitleelement for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
AssigntabIndexto non-interactive HTML elements witharia-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include atypeattribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden witharia-hidden)
Always include alangattribute on the html element
Always include atitleattribute for iframe elements
AccompanyonClickwith at least one of:onKeyUp,onKeyDown, oronKeyPress
AccompanyonMouseOver/onMouseOutwithonFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
**/*.{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{jsx,tsx}: Don't use unnecessary fragments
Don't pass children as props
Don't use the return value of React.render
Make sure all dependencies are correctly specified in React hooks
Make sure all React hooks are called from the top level of component functions
Don't forget key props in iterators and collection literals
Don't define React components inside other components
Don't use event handlers on non-interactive elements
Don't assign to React component props
Don't use bothchildrenanddangerouslySetInnerHTMLprops on the same element
Don't use dangerous JSX props
Don't use Array index in keys
Don't insert comments as text nodes
Don't assign JSX properties multiple times
Don't add extra closing tags for components without children
Use<>...</>instead of<Fragment>...</Fragment>
Watch out for possible "wrong" semicolons inside JSX elements
Make sure void (self-closing) elements don't have children
Don't usetarget="_blank"withoutrel="noopener"
Don't use<img>elements in Next.js projects
Don't use<head>elements in Next.js projects
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/components/InviteMemberModal.tsxapps/web/app/(app)/organization/[organizationId]/Members.tsx
**/*.{js,ts,jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)
**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g.,import groupBy from 'lodash/groupBy')
Files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsxapps/web/app/(app)/organization/[organizationId]/page.tsxapps/web/env.tsapps/web/components/InviteMemberModal.tsxapps/web/utils/llms/config.tsapps/web/app/(app)/organization/[organizationId]/Members.tsxapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/**/{.env.example,env.ts,turbo.json}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
Add environment variables to
.env.example,env.ts, andturbo.json
Files:
apps/web/env.tsapps/web/.env.example
apps/web/env.ts
📄 CodeRabbit inference engine (.cursor/rules/environment-variables.mdc)
apps/web/env.ts: Add server-only environment variables toapps/web/env.tsunder theserverobject with Zod schema validation
Add client-side environment variables toapps/web/env.tsunder theclientobject withNEXT_PUBLIC_prefix and Zod schema validation
Add client-side environment variables toapps/web/env.tsunder theexperimental__runtimeEnvobject to enable runtime access
Files:
apps/web/env.ts
{.env.example,apps/web/env.ts}
📄 CodeRabbit inference engine (.cursor/rules/environment-variables.mdc)
Client-side environment variables must be prefixed with
NEXT_PUBLIC_
Files:
apps/web/env.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/*.ts: ALL database queries MUST be scoped to the authenticated user/account by including user/account filtering in WHERE clauses to prevent unauthorized data access
Always validate that resources belong to the authenticated user before performing operations, using ownership checks in WHERE clauses or relationships
Always validate all input parameters for type, format, and length before using them in database queries
Use SafeError for error responses to prevent information disclosure. Generic error messages should not reveal internal IDs, logic, or resource ownership details
Only return necessary fields in API responses using Prisma'sselectoption. Never expose sensitive data such as password hashes, private keys, or system flags
Prevent Insecure Direct Object References (IDOR) by validating resource ownership before operations. AllfindUnique/findFirstcalls MUST include ownership filters
Prevent mass assignment vulnerabilities by explicitly whitelisting allowed fields in update operations instead of accepting all user-provided data
Prevent privilege escalation by never allowing users to modify system fields, ownership fields, or admin-only attributes through user input
AllfindManyqueries MUST be scoped to the user's data by including appropriate WHERE filters to prevent returning data from other users
Use Prisma relationships for access control by leveraging nested where clauses (e.g.,emailAccount: { id: emailAccountId }) to validate ownership
Files:
apps/web/env.tsapps/web/utils/llms/config.tsapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/components/**/*.tsx
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/components/**/*.tsx: Use React Hook Form with Zod validation for form components
Useresult?.serverErrorwithtoastErrorandtoastSuccessfor error handling in form submissionsUse
LoadingContentcomponent to consistently handle loading and error states, passingloading,error, andchildrenpropsUse PascalCase for component file names (e.g.,
components/Button.tsx)
Files:
apps/web/components/InviteMemberModal.tsx
**/{pages,routes,components}/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/gmail-api.mdc)
Never call Gmail API directly from routes or components - always use wrapper functions from the utils folder
Files:
apps/web/components/InviteMemberModal.tsx
apps/web/{utils/ai,utils/llms,__tests__}/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)
LLM-related code must be organized in specific directories:
apps/web/utils/ai/for main implementations,apps/web/utils/llms/for core utilities and configurations, andapps/web/__tests__/for LLM-specific tests
Files:
apps/web/utils/llms/config.tsapps/web/utils/llms/model.ts
**/{server,api,actions,utils}/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)
**/{server,api,actions,utils}/**/*.ts: UsecreateScopedLoggerfrom "@/utils/logger" for logging in backend code
Add thecreateScopedLoggerinstantiation at the top of the file with an appropriate scope name
Use.with()method to attach context variables only within specific functions, not on global loggers
For large functions with reused variables, usecreateScopedLogger().with()to attach context once and reuse the logger without passing variables repeatedly
Files:
apps/web/utils/llms/config.tsapps/web/utils/llms/model.tsapps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/utils/llms/{index,model}.ts
📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)
Core LLM functionality must be defined in
utils/llms/index.ts, model definitions and configurations inutils/llms/model.ts, and usage tracking inutils/usage.ts
Files:
apps/web/utils/llms/model.ts
apps/web/app/api/**/*.ts
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/app/api/**/*.ts: Wrap GET API routes withwithAuthorwithEmailAccountmiddleware for authentication
Export response types from GET API routes usingAwaited<ReturnType<>>pattern for type-safe client usage
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/app/api/**/route.ts
📄 CodeRabbit inference engine (.cursor/rules/fullstack-workflow.mdc)
apps/web/app/api/**/route.ts: Create GET API routes usingwithAuthorwithEmailAccountmiddleware inapps/web/app/api/*/route.ts, export response types asGetExampleResponsetype alias for client-side type safety
Always export response types from GET routes asGet[Feature]Responseusing type inference from the data fetching function for type-safe client consumption
Do NOT use POST API routes for mutations - always use server actions withnext-safe-actioninstead
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
**/app/**/route.ts
📄 CodeRabbit inference engine (.cursor/rules/get-api-route.mdc)
**/app/**/route.ts: Always wrap GET API route handlers withwithAuthorwithEmailAccountmiddleware for consistent error handling and authentication in Next.js App Router
Infer and export response type for GET API routes usingAwaited<ReturnType<typeof functionName>>pattern in Next.js
Use Prisma for database queries in GET API routes
Return responses usingNextResponse.json()in GET API routes
Do not use try/catch blocks in GET API route handlers when usingwithAuthorwithEmailAccountmiddleware, as the middleware handles error handling
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/app/**/[!.]*/route.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)
Use kebab-case for route directories in Next.js App Router (e.g.,
api/hello-world/route)
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
apps/web/app/api/**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/security-audit.mdc)
apps/web/app/api/**/*.{ts,tsx}: API routes must usewithAuth,withEmailAccount, orwithErrormiddleware for authentication
All database queries must include user scoping withemailAccountIdoruserIdfiltering in WHERE clauses
Request parameters must be validated before use; avoid direct parameter usage without type checking
Use generic error messages instead of revealing internal details; throwSafeErrorinstead of exposing user IDs, resource IDs, or system information
API routes should only return necessary fields usingselectin database queries to prevent unintended information disclosure
Cron endpoints must usehasCronSecretorhasPostCronSecretto validate cron requests and prevent unauthorized access
Request bodies should use Zod schemas for validation to ensure type safety and prevent injection attacks
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
**/app/api/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/app/api/**/*.ts: ALL API routes that handle user data MUST use appropriate middleware: usewithEmailAccountfor email-scoped operations, usewithAuthfor user-scoped operations, or usewithErrorwith proper validation for public/custom auth endpoints
UsewithEmailAccountmiddleware for operations scoped to a specific email account, including reading/writing emails, rules, schedules, or any operation usingemailAccountId
UsewithAuthmiddleware for user-level operations such as user settings, API keys, and referrals that use onlyuserId
UsewithErrormiddleware only for public endpoints, custom authentication logic, or cron endpoints. For cron endpoints, MUST usehasCronSecret()orhasPostCronSecret()validation
Cron endpoints without proper authentication can be triggered by anyone. CRITICAL: All cron endpoints MUST validate cron secret usinghasCronSecret(request)orhasPostCronSecret(request)and capture unauthorized attempts withcaptureException()
Always validate request bodies using Zod schemas to ensure type safety and prevent invalid data from reaching database operations
Maintain consistent error response format across all API routes to avoid information disclosure while providing meaningful error feedback
Files:
apps/web/app/api/organizations/[organizationId]/stats/route.ts
🧠 Learnings (24)
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx` with components either colocated in the same folder or in `page.tsx`
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx`
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/**/*.{ts,tsx} : Components for the page are either put in `page.tsx`, or in the `apps/web/app/(app)/PAGE_NAME` folder
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/page.tsx
📚 Learning: 2025-11-25T14:38:18.874Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:18.874Z
Learning: Applies to apps/web/app/(app)/**/page.tsx : Create new pages at `apps/web/app/(app)/PAGE_NAME/page.tsx`
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/page.tsx
📚 Learning: 2025-11-25T14:38:18.874Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:18.874Z
Learning: Applies to apps/web/app/(app)/**/*.tsx : Components for pages are either put in `page.tsx`, or in the `apps/web/app/(app)/PAGE_NAME` folder
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsxapps/web/app/(app)/organization/[organizationId]/stats/page.tsxapps/web/app/(app)/organization/[organizationId]/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Applies to apps/web/components/ui/**/*.tsx : Shadcn UI components are located in `components/ui` directory
Applied to files:
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/app/**/*.{ts,tsx} : Follow NextJS app router structure with (app) directory
Applied to files:
apps/web/app/(app)/organization/[organizationId]/stats/page.tsx
📚 Learning: 2025-11-25T14:38:23.265Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/page-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:23.265Z
Learning: Applies to apps/web/app/(app)/*/page.tsx : Pages are Server components so you can load data into them directly
Applied to files:
apps/web/app/(app)/organization/[organizationId]/stats/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Main Next.js application is located in `apps/web`
Applied to files:
apps/web/app/(app)/organization/[organizationId]/stats/page.tsx
📚 Learning: 2025-11-25T14:38:56.992Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-25T14:38:56.992Z
Learning: Applies to apps/web/app/*/page.tsx : Pages must be Server components that load data directly
Applied to files:
apps/web/app/(app)/organization/[organizationId]/stats/page.tsx
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add server-only environment variables to `apps/web/env.ts` under the `server` object with Zod schema validation
Applied to files:
apps/web/env.ts
📚 Learning: 2025-11-25T14:36:43.454Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : Define environment variables in `apps/web/env.ts` using Zod schema validation, organizing them into `server` and `client` sections
Applied to files:
apps/web/env.ts
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `client` object with `NEXT_PUBLIC_` prefix and Zod schema validation
Applied to files:
apps/web/env.ts
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `experimental__runtimeEnv` object to enable runtime access
Applied to files:
apps/web/env.tsapps/web/.env.example
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`
Applied to files:
apps/web/env.tsapps/web/.env.example
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : LLM feature functions must import from `zod` for schema validation, use `createScopedLogger` from `@/utils/logger`, `chatCompletionObject` and `createGenerateObject` from `@/utils/llms`, and import `EmailAccountWithAI` type from `@/utils/llms/types`
Applied to files:
apps/web/env.tsapps/web/utils/llms/config.tsapps/web/utils/llms/model.ts
📚 Learning: 2025-11-25T14:36:43.454Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : For client-side environment variables in `apps/web/env.ts`, prefix them with `NEXT_PUBLIC_` and add them to both the `client` and `experimental__runtimeEnv` sections
Applied to files:
apps/web/env.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : LLM feature functions must follow a standard structure: accept options with `inputData` and `emailAccount` parameters, implement input validation with early returns, define separate system and user prompts, create a Zod schema for response validation, and use `createGenerateObject` to execute the LLM call
Applied to files:
apps/web/env.tsapps/web/utils/llms/model.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : Use TypeScript types for all LLM function parameters and return values, and define clear interfaces for complex input/output structures
Applied to files:
apps/web/env.tsapps/web/utils/llms/model.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : Use descriptive scoped loggers for each LLM feature, log inputs and outputs with appropriate log levels, and include relevant context in log messages
Applied to files:
apps/web/env.ts
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to .env.example : Add new environment variables to `.env.example` with example values
Applied to files:
apps/web/.env.example
📚 Learning: 2025-11-25T14:36:43.454Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to .env.example : Add environment variables to `.env.example` with example values in the format `VARIABLE_NAME=value_example`
Applied to files:
apps/web/.env.example
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/llms/{index,model}.ts : Core LLM functionality must be defined in `utils/llms/index.ts`, model definitions and configurations in `utils/llms/model.ts`, and usage tracking in `utils/usage.ts`
Applied to files:
apps/web/utils/llms/config.tsapps/web/utils/llms/model.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/{utils/ai,utils/llms,__tests__}/**/*.ts : LLM-related code must be organized in specific directories: `apps/web/utils/ai/` for main implementations, `apps/web/utils/llms/` for core utilities and configurations, and `apps/web/__tests__/` for LLM-specific tests
Applied to files:
apps/web/utils/llms/model.ts
🧬 Code graph analysis (7)
apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx (1)
apps/web/components/TabSelect.tsx (1)
TabSelect(44-103)
apps/web/app/(app)/organization/[organizationId]/stats/page.tsx (3)
apps/web/components/PageWrapper.tsx (1)
PageWrapper(3-20)apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx (1)
OrganizationTabs(12-44)apps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsx (1)
OrgStats(22-128)
apps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsx (3)
apps/web/app/api/organizations/[organizationId]/stats/route.ts (1)
OrgStatsResponse(14-14)apps/web/components/DatePickerWithRange.tsx (1)
DatePickerWithRange(37-115)apps/web/components/new-landing/common/Card.tsx (3)
Card(67-105)CardHeader(22-54)CardContent(10-12)
apps/web/app/(app)/organization/[organizationId]/page.tsx (2)
apps/web/components/PageWrapper.tsx (1)
PageWrapper(3-20)apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx (1)
OrganizationTabs(12-44)
apps/web/app/(app)/organization/[organizationId]/Members.tsx (2)
apps/web/components/new-landing/icons/Link.tsx (1)
Link(1-18)apps/web/components/InviteMemberModal.tsx (1)
InviteMemberModal(34-144)
apps/web/utils/llms/model.ts (2)
apps/web/utils/llms/config.ts (1)
Provider(7-17)apps/web/env.ts (1)
env(18-250)
apps/web/app/api/organizations/[organizationId]/stats/route.ts (2)
apps/web/utils/middleware.ts (1)
withAuth(378-386)apps/web/utils/organizations/access.ts (1)
fetchAndCheckIsAdmin(60-82)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: cubic · AI code reviewer
- GitHub Check: Review for correctness
- GitHub Check: test
🔇 Additional comments (19)
apps/web/app/api/organizations/[organizationId]/stats/route.ts (4)
1-14: LGTM on API setup and type exports.The route correctly uses
withAuthmiddleware, exportsOrgStatsResponseusing theAwaited<ReturnType<>>pattern as per guidelines, and validates query params with Zod.
34-56: LGTM on the GET handler.Correctly uses
withAuthwith admin validation viafetchAndCheckIsAdmin, validates query params with Zod, and returnsNextResponse.json()as expected.
78-128: LGTM on email volume bucketing.The raw SQL query is properly parameterized using
Prisma.sqltemplate literals, preventing SQL injection. The bucketing logic correctly handles BigInt conversion and boundary checks.
235-240: Verify:active_membersis not date-filtered.The
active_memberscount returns all organization members regardless of thefromDate/toDatefilters, whiletotal_emailsandtotal_rulesare filtered. This may be intentional (showing total org size), but could be confusing if users expect "members active during period."apps/web/components/InviteMemberModal.tsx (1)
83-85: LGTM on button size change.The
size="sm"change aligns with the new Analytics button styling inMembers.tsx, maintaining UI consistency.apps/web/app/(app)/organization/[organizationId]/Members.tsx (1)
118-129: LGTM on the Analytics button addition.Clean implementation grouping the Analytics link and InviteMemberModal together. The
Linkusage withasChildis correct for client-side navigation, and button styling is consistent.apps/web/app/(app)/organization/[organizationId]/page.tsx (1)
20-27: LGTM on OrganizationTabs integration.The component properly handles the optional
organizationNamewith optional chaining, and the spacing adjustment improves visual consistency with the new tab layout.apps/web/app/(app)/organization/[organizationId]/OrganizationTabs.tsx (1)
1-44: LGTM on the new OrganizationTabs component.Well-structured client component that correctly uses
usePathnamefor tab state derivation. The component location follows the project's page structure conventions (per learnings). The TabSelect integration looks correct based on the relevant code snippets.apps/web/app/(app)/organization/[organizationId]/stats/page.tsx (1)
6-11: LGTM! Correct Next.js 15 async params pattern.The function signature and params resolution correctly implement the Next.js 15 pattern for dynamic route parameters as Promises.
apps/web/app/(app)/organization/[organizationId]/stats/OrgStats.tsx (5)
1-20: LGTM! Proper client component setup and imports.The component correctly uses the
"use client"directive and follows best practices for specific imports to minimize bundle size.
22-54: LGTM! Clean state management and data fetching.The component properly uses React hooks and SWR for data fetching as per coding guidelines. The date range handling and query parameter construction are well-implemented.
56-127: LGTM! Well-structured loading and data presentation.The component properly uses the
LoadingContentwrapper with appropriate skeleton states and follows responsive design patterns. The conditional rendering ensures data exists before accessing nested properties.
130-150: LGTM! Clean presentational component.The
StatCardcomponent follows best practices for functional components and properly uses shadcn/ui Card components.
152-209: LGTM! Robust chart component with good error handling.The
BucketChartcomponent includes proper empty state handling, defensive coding with themaxValuefallback, and clear data visualization. The inline style for dynamic width calculation is appropriate for this use case.version.txt (1)
1-1: Version bump looks consistent with new features.v2.21.60 aligns with the added Azure provider and related changes; no issues here.
apps/web/utils/llms/config.ts (1)
15-16: Provider enum and options correctly extended for Azure.
Provider.AZUREand the corresponding"Azure"option integrate cleanly with the existing provider map and conditional Ollama handling; no further changes needed here.Also applies to: 24-30
apps/web/env.ts (1)
14-16: Env schema correctly extended for Azure provider.Including
"azure"inllmProviderEnumand adding optionalAZURE_RESOURCE_NAME/AZURE_API_KEYin the server schema keeps env validation in sync with the new provider and docs.If you change Azure-related requirements (e.g. making these mandatory when Azure is the default provider), ensure any future validation logic remains consistent across
env.ts,.env.example, and the docs.Also applies to: 62-64
docs/hosting/environment-variables.md (1)
39-49: Environment-variable docs are aligned with Azure support and new LLM options.The updated provider list (including
azure), new economy/chat/backup LLM variables, and the dedicated Azure OpenAI rows accurately reflect the currentenv.tsschema and.env.example.Also applies to: 57-59
apps/web/package.json (1)
21-21: Azure AI SDK dependency fits existing provider stack.Adding
@ai-sdk/azurealongside the other@ai-sdk/*providers is coherent with the existing pattern and correctly scoped toapps/web/package.json. The version 2.0.82 aligns with the existing @ai-sdk/* versions in the workspace.
| const organization = await prisma.organization.findUnique({ | ||
| where: { id: organizationId }, | ||
| select: { name: true }, | ||
| }); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
rg -n "useOrganizationMembers" apps/web/ -A 5Repository: elie222/inbox-zero
Length of output: 1895
🏁 Script executed:
fd -t f "middleware" apps/web/ | head -20Repository: elie222/inbox-zero
Length of output: 124
🏁 Script executed:
rg -n "Members" apps/web/app/\(app\)/organization/\[organizationId\]/page.tsx -B 5 -A 5Repository: elie222/inbox-zero
Length of output: 754
🏁 Script executed:
cat -n apps/web/utils/middleware.tsRepository: elie222/inbox-zero
Length of output: 16885
🏁 Script executed:
fd -t f "members" apps/web/app/api/ | grep organizationsRepository: elie222/inbox-zero
Length of output: 44
🏁 Script executed:
rg -n "api/organizations" apps/web/app/ --type ts --type tsxRepository: elie222/inbox-zero
Length of output: 89
🏁 Script executed:
fd -t f -p "members" apps/web/app/apiRepository: elie222/inbox-zero
Length of output: 126
🏁 Script executed:
rg -n "organizations.*members" apps/web/app/api/ -lRepository: elie222/inbox-zero
Length of output: 126
🏁 Script executed:
find apps/web/app/api -type f -name "*members*" -o -path "*organizations*members*"Repository: elie222/inbox-zero
Length of output: 182
🏁 Script executed:
cat apps/web/utils/organizations/access.tsRepository: elie222/inbox-zero
Length of output: 1813
🏁 Script executed:
cat -n apps/web/app/api/organizations/[organizationId]/members/route.tsRepository: elie222/inbox-zero
Length of output: 2456
🏁 Script executed:
find apps/web/app/\(app\) -name "layout.tsx" -o -name "middleware.ts"Repository: elie222/inbox-zero
Length of output: 91
🏁 Script executed:
cat -n apps/web/app/\(app\)/organization/\[organizationId\]/page.tsxRepository: elie222/inbox-zero
Length of output: 1093
🏁 Script executed:
rg -n "getServerSession|auth\(\)" apps/web/app/\(app\)/organization/ -A 3Repository: elie222/inbox-zero
Length of output: 44
🏁 Script executed:
cat -n apps/web/app/\(app\)/layout.tsxRepository: elie222/inbox-zero
Length of output: 3399
🏁 Script executed:
rg -n "organizationName" apps/web/app/\(app\)/organization/\[organizationId\]/ -B 2 -A 2Repository: elie222/inbox-zero
Length of output: 2524
🏁 Script executed:
rg -n "organization.*findUnique\|findFirst" apps/web/app/ --type ts --type tsx | head -20Repository: elie222/inbox-zero
Length of output: 89
Add authorization check before accessing organization data.
The page queries organization data by organizationId from URL params without verifying the current user is a member of that organization. Any authenticated user can access any organization's name by manipulating the URL. Add a membership check (e.g., using fetchAndCheckIsAdmin or a similar member-level validator) before rendering the page, or at minimum before querying the organization data.
🤖 Prompt for AI Agents
In apps/web/app/(app)/organization/[organizationId]/page.tsx around lines 13 to
16, the code queries organization data directly from the URL param without
verifying the current user is a member; add an authorization check before any DB
access by calling the existing membership validator (e.g., fetchAndCheckIsAdmin
or a member-level check) with the request/context and organizationId, handle
failures by throwing a redirect or 403 response, and only after the check
succeeds perform the prisma.organization.findUnique query to fetch the name.
| const organization = await prisma.organization.findUnique({ | ||
| where: { id: organizationId }, | ||
| select: { name: true }, | ||
| }); |
There was a problem hiding this comment.
Add authorization check before querying organization data.
This query fetches organization data without verifying the current user has permission to view this organization's statistics. An authorization check is needed to ensure the user is a member or admin of the organization. Additionally, if the organization doesn't exist, organization will be null, which should be handled explicitly rather than passing undefined values to the page render.
| return ( | ||
| <PageWrapper> | ||
| <OrganizationTabs | ||
| organizationId={organizationId} | ||
| organizationName={organization?.name} | ||
| /> | ||
|
|
||
| <div className="mt-6"> | ||
| <OrgStats organizationId={organizationId} /> | ||
| </div> | ||
| </PageWrapper> | ||
| ); |
There was a problem hiding this comment.
Handle missing organization gracefully.
If the organization doesn't exist, the page still renders but with organizationName as undefined. This creates a poor user experience and may cause display issues.
Consider adding a check and returning a not-found response:
const organization = await prisma.organization.findUnique({
where: { id: organizationId },
select: { name: true },
});
+
+ if (!organization) {
+ notFound();
+ }
return (
<PageWrapper>You'll need to import notFound from next/navigation:
+import { notFound } from "next/navigation";
import { PageWrapper } from "@/components/PageWrapper";Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In apps/web/app/(app)/organization/[organizationId]/stats/page.tsx around lines
18-29, the page renders even when the fetched organization is missing, passing
organizationName as undefined; add a null-check after fetching the organization
and call notFound() (imported from next/navigation) when organization is falsy
so the route returns a 404 instead of rendering with undefined props; ensure you
add the import at the top and perform the check before returning the JSX.
| import { createGroq } from "@ai-sdk/groq"; | ||
| import { createOpenRouter } from "@openrouter/ai-sdk-provider"; | ||
| import { createGateway } from "@ai-sdk/gateway"; | ||
| import { createAzure } from "@ai-sdk/azure"; |
There was a problem hiding this comment.
Azure provider integration follows established patterns.
The createAzure import, Provider.AZURE case, and getProviderApiKey mapping align with how other providers (OpenAI, Google, Groq) are integrated. Defaulting to "gpt-5.1" is consistent with the OpenAI approach.
However, unlike other providers, the Azure configuration relies on two environment variables (AZURE_RESOURCE_NAME and AZURE_API_KEY) rather than a single API key. If AZURE_RESOURCE_NAME is missing or misconfigured, errors occur only at runtime. Consider adding an explicit validation check early in the provider selection logic to fail fast with a clear error message when Azure is selected but AZURE_RESOURCE_NAME is not configured.
🤖 Prompt for AI Agents
In apps/web/utils/llms/model.ts around line 9, when Provider.AZURE is selected
there is no early validation that AZURE_RESOURCE_NAME is set, which leads to
runtime failures; update the provider selection logic to check
process.env.AZURE_RESOURCE_NAME (and optionally AZURE_API_KEY) immediately when
Provider.AZURE is chosen and throw or return a clear, descriptive error if
missing so the app fails fast with guidance to set the environment variable(s).
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
apps/web/.env.example (1)
88-94: Fix invalid Azure OpenAI model names and naming inconsistency.Two issues:
- The model names "gpt-5.1" and "gpt-5-mini" are invalid—GPT-5 has not been released.
- Inconsistent naming: Line 92 uses "gpt-5-mini" while the CLI (line 419 in
packages/cli/src/main.ts) uses "gpt-5.1-mini".Use valid Azure OpenAI model identifiers such as "gpt-4o", "gpt-4o-mini", or other supported models, and ensure consistency between the CLI and .env.example.
This issue is related to the model name problem flagged in
packages/cli/src/main.tsline 419.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
apps/web/.env.example(1 hunks)apps/web/env.ts(2 hunks)apps/web/utils/llms/config.ts(1 hunks)apps/web/utils/llms/model.ts(3 hunks)docs/hosting/environment-variables.md(2 hunks)packages/cli/src/main.ts(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- apps/web/utils/llms/model.ts
- apps/web/env.ts
🧰 Additional context used
📓 Path-based instructions (12)
!(pages/_document).{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
Don't use the next/head module in pages/_document.js on Next.js projects
Files:
docs/hosting/environment-variables.mdapps/web/.env.exampleapps/web/utils/llms/config.tspackages/cli/src/main.ts
apps/web/**/{.env.example,env.ts,turbo.json}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
Add environment variables to
.env.example,env.ts, andturbo.json
Files:
apps/web/.env.example
apps/web/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Use@/path aliases for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Follow consistent naming conventions using PascalCase for components
Centralize shared types in dedicated type filesImport specific lodash functions rather than entire lodash library to minimize bundle size (e.g.,
import groupBy from 'lodash/groupBy')
Files:
apps/web/utils/llms/config.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)
**/*.{ts,tsx}: For API GET requests to server, use theswrpackage
Useresult?.serverErrorwithtoastErrorfrom@/components/Toastfor error handling in async operations
**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls
**/*.{ts,tsx}: For early access feature flags, create hooks using the naming conventionuse[FeatureName]Enabledthat return a boolean fromuseFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming conventionuse[FeatureName]Variantthat define variant types, useuseFeatureFlagVariantKey()with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g.,inbox-cleaner,pricing-options-2)
Always define types for A/B test variant flags (e.g.,type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting
**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the!postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Useas constinstead of literal types and type annotations
Use eitherT[]orArray<T>consistently
Initialize each enum member value explicitly
Useexport typefor types
Use `impo...
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
apps/web/{utils/ai,utils/llms,__tests__}/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)
LLM-related code must be organized in specific directories:
apps/web/utils/ai/for main implementations,apps/web/utils/llms/for core utilities and configurations, andapps/web/__tests__/for LLM-specific tests
Files:
apps/web/utils/llms/config.ts
**/{server,api,actions,utils}/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)
**/{server,api,actions,utils}/**/*.ts: UsecreateScopedLoggerfrom "@/utils/logger" for logging in backend code
Add thecreateScopedLoggerinstantiation at the top of the file with an appropriate scope name
Use.with()method to attach context variables only within specific functions, not on global loggers
For large functions with reused variables, usecreateScopedLogger().with()to attach context once and reuse the logger without passing variables repeatedly
Files:
apps/web/utils/llms/config.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)
Always import Prisma enums from
@/generated/prisma/enumsinstead of@/generated/prisma/clientto avoid Next.js bundling errors in client componentsImport Prisma using the project's centralized utility:
import prisma from '@/utils/prisma'
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/*.ts: ALL database queries MUST be scoped to the authenticated user/account by including user/account filtering in WHERE clauses to prevent unauthorized data access
Always validate that resources belong to the authenticated user before performing operations, using ownership checks in WHERE clauses or relationships
Always validate all input parameters for type, format, and length before using them in database queries
Use SafeError for error responses to prevent information disclosure. Generic error messages should not reveal internal IDs, logic, or resource ownership details
Only return necessary fields in API responses using Prisma'sselectoption. Never expose sensitive data such as password hashes, private keys, or system flags
Prevent Insecure Direct Object References (IDOR) by validating resource ownership before operations. AllfindUnique/findFirstcalls MUST include ownership filters
Prevent mass assignment vulnerabilities by explicitly whitelisting allowed fields in update operations instead of accepting all user-provided data
Prevent privilege escalation by never allowing users to modify system fields, ownership fields, or admin-only attributes through user input
AllfindManyqueries MUST be scoped to the user's data by including appropriate WHERE filters to prevent returning data from other users
Use Prisma relationships for access control by leveraging nested where clauses (e.g.,emailAccount: { id: emailAccountId }) to validate ownership
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
**/*.{tsx,ts}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Usenext/imagepackage for images
For API GET requests to server, use theswrpackage with hooks likeuseSWRto fetch data
For text inputs, use theInputcomponent withregisterPropsfor form integration and error handling
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
**/*.{tsx,ts,css}
📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)
Implement responsive design with Tailwind CSS using a mobile-first approach
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{js,jsx,ts,tsx}: Don't useaccessKeyattribute on any HTML element
Don't setaria-hidden="true"on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like<marquee>or<blink>
Only use thescopeprop on<th>elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assigntabIndexto non-interactive HTML elements
Don't use positive integers fortabIndexproperty
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include atitleelement for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
AssigntabIndexto non-interactive HTML elements witharia-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include atypeattribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden witharia-hidden)
Always include alangattribute on the html element
Always include atitleattribute for iframe elements
AccompanyonClickwith at least one of:onKeyUp,onKeyDown, oronKeyPress
AccompanyonMouseOver/onMouseOutwithonFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
**/*.{js,ts,jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)
**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g.,import groupBy from 'lodash/groupBy')
Files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
🧠 Learnings (7)
📚 Learning: 2025-11-25T14:36:45.807Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to .env.example : Add new environment variables to `.env.example` with example values
Applied to files:
apps/web/.env.example
📚 Learning: 2025-11-25T14:36:18.416Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`
Applied to files:
apps/web/.env.example
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : LLM feature functions must import from `zod` for schema validation, use `createScopedLogger` from `@/utils/logger`, `chatCompletionObject` and `createGenerateObject` from `@/utils/llms`, and import `EmailAccountWithAI` type from `@/utils/llms/types`
Applied to files:
apps/web/utils/llms/config.tspackages/cli/src/main.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : LLM feature functions must follow a standard structure: accept options with `inputData` and `emailAccount` parameters, implement input validation with early returns, define separate system and user prompts, create a Zod schema for response validation, and use `createGenerateObject` to execute the LLM call
Applied to files:
packages/cli/src/main.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : Use TypeScript types for all LLM function parameters and return values, and define clear interfaces for complex input/output structures
Applied to files:
packages/cli/src/main.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : Use descriptive scoped loggers for each LLM feature, log inputs and outputs with appropriate log levels, and include relevant context in log messages
Applied to files:
packages/cli/src/main.ts
📚 Learning: 2025-11-25T14:38:07.606Z
Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/ai/**/*.ts : System prompts must define the LLM's role and task specifications
Applied to files:
packages/cli/src/main.ts
🧬 Code graph analysis (1)
packages/cli/src/main.ts (1)
apps/web/env.ts (1)
env(18-250)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: test
- GitHub Check: Review for correctness
🔇 Additional comments (5)
packages/cli/src/main.ts (3)
391-391: LGTM!The Azure OpenAI provider option is correctly added to the LLM provider selection.
472-502: Azure credential handling is well-structured.The implementation correctly:
- Prompts users for Azure Base URL and API Key with appropriate placeholders
- Validates that both fields are required
- Handles cancellation properly
- Stores credentials in the correct environment variables
This follows the same pattern as Bedrock credential handling and aligns with the environment variables defined in
apps/web/env.ts.
419-419: The Azure OpenAI model identifiers "gpt-5.1" and "gpt-5.1-mini" are valid. Both models are available in the Azure OpenAI catalog as of December 2025. No changes required.Likely an incorrect or invalid review comment.
docs/hosting/environment-variables.md (2)
39-39: LGTM!The documentation correctly adds "azure" to the list of supported LLM providers.
57-59: LGTM!The Azure OpenAI credentials section is well-documented with a clear example URL format and follows the same structure as other provider credential sections.
| GROQ: "groq", | ||
| OPENROUTER: "openrouter", | ||
| AI_GATEWAY: "aigateway", | ||
| AZURE: "azure", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# First, let's look at the config file to understand the full context
echo "=== Content of config.ts ==="
cat -n apps/web/utils/llms/config.ts | head -50
echo ""
echo "=== Search for providerOptions usage ==="
rg -nP --type=ts --type=tsx -C3 'providerOptions' -g '!node_modules' -g '!.next'Repository: elie222/inbox-zero
Length of output: 1308
🏁 Script executed:
#!/bin/bash
# Search for providerOptions usage
echo "=== Search for providerOptions usage in TypeScript/React files ==="
rg -nP 'providerOptions' -g '!node_modules' -g '!.next' -C 3
echo ""
echo "=== Search for Azure environment variables or config ==="
rg -nP 'AZURE' -g '!node_modules' -g '!.next' -C 2
echo ""
echo "=== Search for Bedrock in config or usage (to compare pattern) ==="
rg -nP 'BEDROCK|bedrock' -g '!node_modules' -g '!.next' -C 2Repository: elie222/inbox-zero
Length of output: 29822
Add Azure to the providerOptions array.
Azure is missing from the providerOptions UI dropdown (lines 19-30) despite having full backend support in model.ts (lines 142-151) and being selectable in the CLI. Users cannot currently select Azure as a provider in the web settings UI. Add Azure to providerOptions to match the pattern of other implemented providers like OpenAI, Anthropic, and Google.
🤖 Prompt for AI Agents
In apps/web/utils/llms/config.ts around lines 15–30, the providerOptions array
is missing the Azure entry even though backend support exists; add an Azure
entry to providerOptions following the same shape as the other providers (i.e.,
the same object keys used for OpenAI/Anthropic/Google such as provider
key/value/label and optional icon/meta fields) so "azure" appears in the UI
dropdown and matches backend model selection.
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
There was a problem hiding this comment.
Issue on line in packages/cli/src/main.ts:1:
azure creds collected in runSetup (AZURE_BASE_URL, AZURE_API_KEY) aren’t written to the .env. generateEnvFile only handles bedrock or generic API keys and never sets the Azure vars, so Azure will fail at runtime. Consider adding an azure branch that sets AZURE_BASE_URL and AZURE_API_KEY.
🚀 Reply to ask Macroscope to explain or update this suggestion.
👍 Helpful? React to give us feedback.
Summary by CodeRabbit
New Features
UI
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.