Setup kapa.ai docs search

[michaeljguarino]

Should be much better than what algolia provides, I hope

Plural Flow: docs
Plural Preview: docs

[plural-copilot]

✅ Deploy preview for docs-pr-599 is ready!

Name	Details
⚡ Service	docs-pr-599 (5 / 5 ready)
☁️ Cluster	plural (eks)
Commit sha	9cacf86
Plural URL	https://console.mgmt.plural.sh/cd/clusters/446acdef-8524-425a-a49f-5336a...
🔍 Logs URL	https://console.mgmt.plural.sh/cd/clusters/446acdef-8524-425a-a49f-5336a...
🌊 Flow URL	https://console.mgmt.plural.sh/flows/08a17af1-8578-449e-9ae1-28ccd97eafc...
Preview Link	Preview

---

You can learn more about preview environments and Plural Flows here

[greptile-apps]

Greptile Summary

This PR replaces the Algolia DocSearch integration with the kapa.ai AI-powered docs widget, removing all Algolia dependencies, env vars, and UI components from the header.

• Algolia packages (@docsearch/react, algoliasearch), the SearchButton header component, DocSearchStyles, and all related env vars are deleted end-to-end across the Dockerfile, CI workflow, and source.
• A new KapaWidget component is added to ExternalScripts.tsx, loading the kapa.ai bundle via Next.js Script with strategy=\"afterInteractive\".

Confidence Score: 3/5

The Algolia-to-kapa.ai migration is otherwise clean, but the new widget loads without the Cookiebot consent gate that already protects HubSpot on the same page.

All the removal work (packages, env vars, Dockerfile args, CI build args, UI components) is correct and complete. The one live defect is that KapaWidget fires for every visitor regardless of cookie consent, bypassing the GDPR consent mechanism the codebase uses for HubSpot. kapa.ai processes user-submitted queries on its servers, making this a real data-handling gap on the changed path.

src/components/ExternalScripts.tsx — the new KapaWidget component needs Cookiebot consent attributes before this ships to production.

Security Review

• Missing Cookiebot consent gate — src/components/ExternalScripts.tsx: The KapaWidget script loads unconditionally (strategy=\"afterInteractive\") without the type=\"text/plain\" / data-cookieconsent attributes used by the HubSpot script in the same file. kapa.ai sends user queries to its servers, so loading without consent may violate GDPR for EU visitors who decline statistics cookies.

Important Files Changed

Filename	Overview
src/components/ExternalScripts.tsx	Adds KapaWidget component, but it loads unconditionally without Cookiebot consent attributes that protect HubSpot in the same file
src/components/PageHeaderButtons.tsx	Removes SearchButton (Algolia DocSearch) and its related imports cleanly
src/components/PageHeader.tsx	Removes SearchButton usage from the header; clean removal
pages/_app.tsx	Removes DocSearchStyles import and usage; straightforward cleanup
pages/_document.tsx	Removes Algolia CDN stylesheet link; clean removal
src/components/HtmlHead.tsx	Removes Algolia preconnect link that was keyed off the now-deleted env var
.github/workflows/publish.yml	Removes Algolia build args from Docker build step; correct cleanup
Dockerfile	Removes Algolia ARG/ENV declarations; clean and correct
package.json	Removes @docsearch/react and algoliasearch dependencies; lock file updated accordingly

_{Reviews (1): Last reviewed commit: "Setup kapa.ai docs search" | Re-trigger Greptile}

[greptile-apps]

kapa.ai widget bypasses Cookiebot consent

The HubSpot script immediately above is guarded with type="text/plain" and data-cookieconsent="statistics" so Cookiebot blocks it until the user consents to statistics cookies. KapaWidget has no such attributes, so it loads unconditionally — for any EU visitor who declines statistics/marketing cookies, the widget will still fire and send query data to kapa.ai's servers, breaking the GDPR consent flow already in place for this site.