Conversation
- Convert Express backend to 11 Vercel serverless functions (api/) - Replace WebSocket with polling for Republic/Swarm engines - Update all frontend files to use same-origin /api/ paths - Remove Docker files, shell scripts, temp files, build artifacts - Remove deployment.json and .env.production from git tracking - Update .gitignore with comprehensive exclusions - Add security headers to vercel.json - Rewrite README for production deployment - KaggleLab gracefully degrades when no backend is configured
There was a problem hiding this comment.
Pull request overview
This PR transforms the architecture from a traditional full-stack application to a Vercel serverless deployment model, with significant security improvements and infrastructure modernization.
Changes:
- Serverless Migration: Refactored backend services into Vercel serverless functions under
/apidirectory - Security Hardening: Moved all API keys from frontend to backend proxies, preventing client-side exposure
- Smart Contract Optimizations: Fixed O(n) review lookup with paperReviewIds mapping and improved reviewer registry
- Frontend Refactoring: Added Privy auth integration, new UI components (SearchTab, SamplesTab, PdfTab, etc.), improved LLM abstraction
- Documentation: Removed outdated deployment guides, added SECURITY_GUIDE.md and CLAUDE.md
Reviewed changes
Copilot reviewed 106 out of 112 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| vercel.json | Added security headers, caching rules, API routing for serverless deployment |
| contracts/ResearchGraph.sol | Performance optimization: paperReviewIds mapping, fixed _getActiveReviewers, reviewerList tracking |
| frontend/src/config.jsx | Removed hardcoded S2_API_KEY, enabled backend proxy for all API calls |
| frontend/src/utils/llm.jsx | Refactored to use backend /api/llm/chat proxy, API keys in sessionStorage |
| api/* | Added 11 serverless functions for LLM, KG, oracle, blockchain, etc. |
| frontend/src/components/* | Added 8 new components (ApiKeySettings, AgentReviewPanel, SearchTab, etc.) |
| backend/services/* | Improved error handling, removed unused methods, added JSDoc comments |
| SECURITY_GUIDE.md | New comprehensive security documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| function _getActiveReviewers() internal view returns (address[] memory) { | ||
| // Simplified: return mock reviewers for demo | ||
| // In production, iterate through all reviewers | ||
| address[] memory active = new address[](5); | ||
| // Count active reviewers first | ||
| uint256 count = 0; | ||
| for (uint256 i = 0; i < reviewerList.length; i++) { | ||
| if (reviewers[reviewerList[i]].isActive) { | ||
| count++; | ||
| } | ||
| } | ||
|
|
||
| // Build array of active reviewers | ||
| address[] memory active = new address[](count); | ||
| uint256 idx = 0; | ||
| for (uint256 i = 0; i < reviewerList.length; i++) { | ||
| if (reviewers[reviewerList[i]].isActive) { | ||
| active[idx] = reviewerList[i]; | ||
| idx++; | ||
| } | ||
| } | ||
|
|
||
| // This would iterate through a reviewer registry in production | ||
| return active; | ||
| } |
There was a problem hiding this comment.
The _getActiveReviewers implementation has been fixed. Previously it returned a hardcoded mock array. Now it properly iterates through the reviewerList to collect active reviewers. However, this introduces unbounded gas consumption as reviewerList can grow indefinitely. Consider implementing pagination or a maximum limit for this function, especially since it's called during paper submission.
| // Auto-detect provider from key prefix | ||
| if (userApiKey) { | ||
| const detected = detectProviderFromKey(userApiKey); | ||
| if (detected && detected !== provider) provider = detected; |
There was a problem hiding this comment.
The LLM proxy serverless function implements provider auto-detection from key prefix (AIza=gemini, sk-=openai/openrouter). While convenient, this could lead to confusion if a user selects one provider but their key matches another. Consider adding explicit validation that warns users when detected provider doesn't match selected provider, rather than silently switching.
| if (detected && detected !== provider) provider = detected; | |
| if (detected) { | |
| if (!provider) { | |
| // No provider explicitly selected; use detected provider | |
| provider = detected; | |
| } else if (detected !== provider) { | |
| // Explicit provider and detected provider conflict; fail loudly instead of silently switching | |
| throw new Error( | |
| `Provider mismatch: selected "${provider}" but the API key looks like a "${detected}" key. ` + | |
| 'Please either change the selected provider or use an API key that matches your chosen provider.' | |
| ); | |
| } | |
| } |
| import { motion, AnimatePresence } from 'framer-motion'; | ||
| import { Wallet, ChevronDown, ExternalLink, Plus } from 'lucide-react'; | ||
| import { CONTRACTS, NETWORKS, ABIS } from './config'; | ||
| import { Wallet, ChevronDown, ExternalLink, Plus, LogOut, User as UserIcon, Settings } from 'lucide-react'; |
There was a problem hiding this comment.
Unused imports ChevronDown, ExternalLink.
| const [pipelineRunning, setPipelineRunning] = useState(false); | ||
| const [finalReport, setFinalReport] = useState(null); | ||
| const [hasApiKey, setHasApiKey] = useState(false); | ||
| const [hasApiKey, setHasApiKey] = useState(true); // API keys are server-side now |
There was a problem hiding this comment.
Unused variable setHasApiKey.
| import { X, Eye, EyeOff, KeyRound, Check, Trash2, AlertTriangle, Info } from 'lucide-react'; | ||
| import { Button } from '@/components/ui/button'; | ||
| import { Input } from '@/components/ui/input'; | ||
| import { Badge } from '@/components/ui/badge'; |
There was a problem hiding this comment.
Unused import Badge.
| @@ -1,12 +1,12 @@ | |||
| import React from 'react'; | |||
| import { X, ExternalLink, Play, FlaskConical, ArrowUpRight } from 'lucide-react'; | |||
| import { X, ExternalLink, Play, FlaskConical, ArrowUpRight, Trash2 } from 'lucide-react'; | |||
There was a problem hiding this comment.
Unused import ExternalLink.
| import { Trash2, ChevronUp, ChevronDown, ArrowUpDown } from 'lucide-react'; | ||
| import { Badge } from '@/components/ui/badge'; | ||
|
|
||
| const SORT_FIELDS = ['citationCount', 'title', 'year']; |
There was a problem hiding this comment.
Unused variable SORT_FIELDS.
No description provided.