Design

[gkorland]

Summary by CodeRabbit

• New Features

  • Enhanced landing page: site header with logo, Features section, added Sign In CTA.
  • Client-side SQL syntax highlighting in the demo.

• Bug Fixes

  • Stricter validation for database connection requests.
  • More robust OAuth callbacks and confirmation handling.

• Documentation

  • Updated run commands and environment variables to FASTAPI_*.
  • Refreshed testing docs accordingly.

• Style

  • Improved landing page visuals, button states, and demo styling.
  • Default light theme enabled via template attribute.

• Chores

  • Switched startup to FastAPI/uvicorn and refined Docker build.
  • Updated ESLint config and dependency versions.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
queryweaver	Building	Preview	Comment	Aug 21, 2025 11:03pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Framework/env migration from Flask to FastAPI across env vars, docs, startup scripts, and README. CI workflow adjusted (lint, frontend install gating removed). Dockerfile rebuilt as multi-stage with Python 3.12 and Node 22. Backend adds small validations and logging tweaks. Frontend switches ESLint config, updates templates/CSS/landing. Tests aligned.

Changes

Cohort / File(s)	Summary
Env vars and docs /.env.example, /.github/copilot-instructions.md, /README.md, /tests/e2e/README.md, /app/README.md	Rename FLASK_* to FASTAPI_* in env/docs; README start command switches to uvicorn.
CI workflow .github/workflows/tests.yml	Frontend deps always installed; replace FLASK_* with FASTAPI_* in test env; use make lint; remove frontend lint step.
Containerization /Dockerfile, /start.sh	Multi-stage build: Python 3.12 base + FalkorDB final; add Node 22; cacheable frontend deps; uvicorn startup with optional reload via FASTAPI_DEBUG.
App factory and server entry /api/app_factory.py, /api/index.py	Use FASTAPI_SECRET_KEY; description formatting; FASTAPI_DEBUG flag in server entry.
Auth modules /api/auth/__init__.py, /api/auth/oauth_handlers.py, /api/auth/user_management.py	Docstrings/formatting; OAuth callbacks add user_id/email validation and explicit ensure_user_in_organizations args; minor logging/unused import cleanup.
Routes: database and graphs /api/routes/database.py, /api/routes/graphs.py	Database connect adds URL presence/type checks; minor exception formatting. Graphs: docstrings, import cleanup, defensive confirm handling.
Frontend config and assets /app/.eslintrc.cjs (removed), /app/eslint.config.cjs (added), /app/templates/base.j2, /app/templates/landing.j2, /app/public/css/landing.css	Move to ESLint v9 flat config; add data-theme in base template; landing page header/CTAs, features section, client-side SQL highlighting; CSS for header, buttons, features, SQL tokens.
Frontend TS tweaks /app/ts/modules/chat.ts, /app/ts/modules/schema.ts	Use catch { } without binding; remove one ESLint directive; behavior unchanged.
Tests /tests/conftest.py, /tests/e2e/test_api_endpoints.py, /tests/e2e/test_basic_functionality.py, /tests/e2e/test_chat_functionality.py, /tests/test_mysql_loader.py	Import/formatting cleanups; align with FASTAPI; remove one None-case assertion in MySQL loader tests.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Shell as start.sh
  participant Falkor as FalkorDB
  participant Uvicorn as Uvicorn
  participant App as FastAPI app

  User->>Shell: Run container
  Shell->>Falkor: Wait for readiness
  Falkor-->>Shell: Ready
  alt FASTAPI_DEBUG true
    Shell->>Uvicorn: exec uvicorn api.index:app --reload --host 0.0.0.0 --port 5000
  else FASTAPI_DEBUG false
    Shell->>Uvicorn: exec uvicorn api.index:app --host 0.0.0.0 --port 5000
  end
  Uvicorn->>App: Initialize app (reads FASTAPI_SECRET_KEY)
  App-->>User: Serves requests

Loading

sequenceDiagram
  autonumber
  actor Provider as OAuth Provider
  participant App as FastAPI routes
  participant State as app.state handlers
  participant Users as Organization/User svc

  Provider->>App: OAuth callback (Google/GitHub) with token
  App->>State: Invoke provider callback handler
  State->>State: Extract user_id, email, name
  alt Missing user_id or email
    State->>App: return False (log error)
    App-->>Provider: 400/redirect as implemented
  else Valid data
    State->>Users: ensure_user_in_organizations(user_id, email, name, provider, picture)
    Users-->>State: ok/fail
    State-->>App: True/False
    App-->>Provider: Redirect to post-auth path
  end

Loading

sequenceDiagram
  autonumber
  actor Client
  participant API as /api/database/connect
  participant Loader as URL-based Loader

  Client->>API: POST { url }
  alt url missing or not a non-empty string
    API-->>Client: 400 Invalid URL
  else url provided
    API->>Loader: Choose Postgres/MySQL by scheme
    alt Loader match
      Loader-->>API: Attempt connect
      alt success
        API-->>Client: 200 { success: true }
      else failure
        API-->>Client: 500 Connection error
      end
    else No loader for scheme
      API-->>Client: 400 Invalid database URL
    end
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Staging #95 — Also migrates Flask to FastAPI across app factory, auth handlers, routes, and tests.
• initial e2e tests #35 — Adjusts CI workflows and e2e test environments overlapping with tests.yml and env vars.
• refactor routes break to files #26 — Modifies application setup and auth modules similar to app_factory and OAuth handlers.

Suggested reviewers

• galshubeli

Poem

A rabbit taps the keys with glee,
From Flask to FastAPI we flee.
Uvicorn hums, the engines purr,
CSS shines with gentle blur.
Tests hop green, the Docker’s light—
QueryWeaver’s sprint takes flight! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2d8b143 and 5ce6dda.

⛔ Files ignored due to path filters (1)

• Pipfile.lock is excluded by !**/*.lock

📒 Files selected for processing (30)

• .env.example (1 hunks)
• .github/copilot-instructions.md (2 hunks)
• .github/workflows/tests.yml (2 hunks)
• Dockerfile (3 hunks)
• Pipfile (2 hunks)
• README.md (2 hunks)
• api/app_factory.py (1 hunks)
• api/auth/__init__.py (2 hunks)
• api/auth/oauth_handlers.py (4 hunks)
• api/auth/user_management.py (1 hunks)
• api/index.py (1 hunks)
• api/loaders/mysql_loader.py (1 hunks)
• api/routes/auth.py (3 hunks)
• api/routes/database.py (4 hunks)
• api/routes/graphs.py (4 hunks)
• app/.eslintrc.cjs (0 hunks)
• app/README.md (1 hunks)
• app/eslint.config.cjs (1 hunks)
• app/public/css/landing.css (7 hunks)
• app/templates/base.j2 (1 hunks)
• app/templates/landing.j2 (5 hunks)
• app/ts/modules/chat.ts (2 hunks)
• app/ts/modules/schema.ts (3 hunks)
• start.sh (1 hunks)
• tests/conftest.py (1 hunks)
• tests/e2e/README.md (1 hunks)
• tests/e2e/test_api_endpoints.py (1 hunks)
• tests/e2e/test_basic_functionality.py (3 hunks)
• tests/e2e/test_chat_functionality.py (1 hunks)
• tests/test_mysql_loader.py (5 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch design

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

Pipfile

Package	Version	License	Issue Type
litellm	~> 1.75.9	Null	Unknown License

Pipfile.lock

Package	Version	License	Issue Type
litellm	1.75.9	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/litellm	~> 1.75.9	Unknown	Unknown
pip/playwright	~> 1.54.0	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all last 30 commits are reviewed through GitHub Maintained 🟢 10 30 commit(s) out of 30 and 25 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Packaging ⚠️ -1 no published package detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
pip/pytest-asyncio	~> 1.1.0	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 4/7 approved changesets -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/greenlet	3.2.4	🟢 5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 5 5 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/litellm	1.75.9	Unknown	Unknown
pip/playwright	1.54.0	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all last 30 commits are reviewed through GitHub Maintained 🟢 10 30 commit(s) out of 30 and 25 issue activity out of 30 found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Packaging ⚠️ -1 no published package detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
pip/pyee	13.0.0	🟢 3.8	Details Check Score Reason Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/6 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pytest-asyncio	1.1.0	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 4/7 approved changesets -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• Pipfile
• Pipfile.lock