Skip to content

add kapa embedded ui #2921

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 20, 2025
Merged

add kapa embedded ui #2921

merged 2 commits into from
Oct 20, 2025

Conversation

@hadar-co
Copy link
Contributor

@hadar-co hadar-co commented Oct 20, 2025

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.

Added docs pages

Please also include the path for the added docs

  • Quickstart (/)
  • Blueprint (/platform-overview/port-components/blueprint)
  • ...

Updated docs pages

Please also include the path for the updated docs

  • Quickstart (/)
  • Blueprint (/platform-overview/port-components/blueprint)
  • ...

@aws-amplify-eu-west-1
Copy link

aws-amplify-eu-west-1 bot commented Oct 20, 2025

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2921.d2ngvl90zqbob8.amplifyapp.com

@hadar-co
Copy link
Contributor Author

hadar-co commented Oct 20, 2025

/review

@qodo-merge-pro
Copy link
Contributor

qodo-merge-pro bot commented Oct 20, 2025

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 Security concerns

Sensitive information exposure:
A hardcoded INTEGRATION_ID may constitute sensitive config and could be abused if not intended for public use. Also, rendering markdown from responses with react-markdown can introduce XSS if HTML is enabled or URLs are not sanitized. Ensure react-markdown is configured with safe options (no raw HTML) and validate/sanitize qa.answer and qa.sources content.

⚡ Recommended focus areas for review

Hardcoded ID

The INTEGRATION_ID is hardcoded which risks leaking non-dev credentials and makes environment-specific configuration difficult; consider sourcing from environment/config with a safe fallback.

 
const INTEGRATION_ID = "1aefba51-348e-4747-9a4c-93306459542d";
External Links

Links open in a new tab; ensure rel="noopener noreferrer" is consistently set to prevent reverse tabnabbing, and validate all qa.sources URLs before rendering to mitigate XSS via markdown/links.

 
<li key={index} className={styles.sourceItem}>
  <a
    href={source.url}
    target="_blank"
    rel="noopener noreferrer"
    className={styles.sourceLink}
  >
    {source.title || source.url}
  </a>
</li>
Dependency Risks

New deps (@kapaai/react-sdk, react-markdown, react-icons) increase bundle size and attack surface; confirm they are properly pinned, audited, tree-shakeable, and compatible with React 19.

 
"@kapaai/react-sdk": "^0.9.0",
"@mdx-js/react": "^3.1.1",
"@mui/material": "^7.3.4",
"@stackql/docusaurus-plugin-hubspot": "^1.0.1",
"clsx": "^2.1.1",
"docusaurus-plugin-hotjar": "^0.0.2",
"docusaurus-plugin-image-zoom": "^3.0.1",
"docusaurus-plugin-openapi-docs": "^4.5.1",
"docusaurus-theme-openapi-docs": "^4.5.1",
"prettier": "^3.6.2",
"prism-react-renderer": "^2.4.1",
"react": "^19.2.0",
"react-dom": "^19.2.0",
"react-icons": "^5.5.0",
"react-markdown": "^10.1.0",
"react-tooltip": "^5.30.0"

@hadar-co hadar-co merged commit 1d95f7f into main Oct 20, 2025
5 checks passed
@hadar-co hadar-co deleted the kapa-homepage-embed branch October 20, 2025 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Possible security concern Review effort 3/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hadar-co