CLI and onboarding fix

[elie222]

Populate DIRECT_URL in CLI env setup and extract UTM values before after() in onboarding and welcome pages

Add DIRECT_URL to CLI env generation and setup, and change server components to pass pre-extracted UTM values into fetchUserAndStoreUtms; also update the actions header copy in the assistant result display.

📍Where to Start

Start with extractUtmValues and its use in fetchUserAndStoreUtms in utms.tsx, then review the call sites in apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx and apps/web/app/(landing)/welcome/page.tsx.

---

📊 Macroscope summarized 18e3dfa. 6 files reviewed, 7 issues evaluated, 6 issues filtered, 1 comment posted

🗂️ Filtered Issues

apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx — 0 comments posted, 1 evaluated, 1 filtered

• line 97: ResultDisplayContent uses React hooks (useRuleDialog, useAccount) inside a file that is not marked as a Client Component (no top-level "use client" directive). In Next.js App Router, calling hooks in a Server Component throws at runtime. Add "use client" at the top of the file or move this component into a client-marked module to avoid runtime errors when rendering. [ Out of scope ]

apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx — 0 comments posted, 1 evaluated, 1 filtered

• line 26: step parsing does not guard against non-numeric values. const step = searchParams.step ? Number.parseInt(searchParams.step, 10) : 1; can produce NaN when searchParams.step is present but invalid (e.g., empty string, non-number). Passing NaN to OnboardingContent causes clampedStep to become NaN, breaking analytics (onNext(NaN)), routing (/onboarding?step=NaN), and indexing (steps[NaN - 1]). Add a numeric validation and fallback, e.g., const parsed = Number.parseInt(searchParams.step ?? '', 10); const step = Number.isFinite(parsed) && parsed > 0 ? parsed : 1;. [ Out of scope ]

apps/web/app/(landing)/welcome/page.tsx — 0 comments posted, 1 evaluated, 1 filtered

• line 26: questionIndex is derived directly from searchParams.question without validation: const questionIndex = searchParams.question ? Number.parseInt(searchParams.question) : 0;. If the URL contains a non-numeric value (e.g., ?question=foo) or an out-of-range value (negative or >= number of questions), Number.parseInt yields NaN or an invalid index. Passing NaN to the client component prop questionIndex can cause serialization/runtime errors, and even if serialization succeeds, downstream code (e.g., survey.questions[questionIndex]) will be undefined and will crash when dereferenced. Add guards to coerce NaN to 0 and clamp within valid bounds before rendering. [ Out of scope ]

packages/cli/src/utils.ts — 0 comments posted, 3 evaluated, 3 filtered

• line 22: wrapInQuotes does not escape existing double-quote characters in the input value. If value contains ", the resulting line (e.g., KEY="some"quoted"value") becomes malformed for typical .env parsers and can break parsing. Consider escaping quotes or using a safer quoting strategy. [ Low confidence ]
• line 31: The commented-line pattern only matches # ${key}=... with a space after #. Templates containing #${key}=... (no space) or with leading indentation will not be matched, causing the function to append a new KEY=value line instead of updating/uncommenting the existing one. This can leave stale commented entries plus a new active entry, resulting in duplicate definitions and ambiguity. [ Low confidence ]
• line 33: setValue replaces only the first matching occurrence and returns, leaving any additional occurrences of the same key elsewhere in content untouched. This can yield a final .env with duplicate keys containing conflicting values, which is ambiguous and may lead to incorrect configuration being read by consumers that pick the last or first occurrence unpredictably. [ Low confidence ]

Summary by CodeRabbit

Release Notes v2.21.31

• Chores

  • Bumped version to v2.21.31 for patch release.

• Style

  • Updated assistant results section label from "Actions taken:" to "Actions:" for improved clarity.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
inbox-zero	Ready	Preview	Dec 3, 2025 5:14am

[coderabbitai]

Walkthrough

Refactors UTM extraction logic by introducing extractUtmValues() function to pre-extract cookie values before calling fetchUserAndStoreUtms(), which now accepts pre-extracted UtmValues instead of raw cookies. Updates onboarding and welcome pages to use this pattern. Adds DIRECT_URL environment variable propagation in CLI setup. Includes minor label text change and version bump.

Changes

Cohort / File(s)	Summary
UTM Extraction Refactoring apps/web/app/(landing)/welcome/utms.tsx, apps/web/app/(landing)/welcome/page.tsx, apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx	Added extractUtmValues() function and UtmValues type. Updated fetchUserAndStoreUtms() signature to accept UtmValues instead of ReadonlyRequestCookies. Modified onboarding and welcome pages to extract UTM values from cookies prior to passing to fetchUserAndStoreUtms().
CLI Environment Variable Handling packages/cli/src/main.ts, packages/cli/src/utils.ts	Added DIRECT_URL environment variable mirroring to DATABASE_URL across Docker and external infrastructure code paths. Updated environment file generation to include DIRECT_URL output.
Minor Updates apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx, version.txt	Changed actions section label from "Actions taken:" to "Actions:" in ResultDisplayContent. Bumped version from v2.21.30 to v2.21.31.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• UTM refactoring: Verify UtmValues type is correctly defined and that all call sites pass pre-extracted values instead of raw cookies. Check that storeUtms() properly consumes UtmValues.
• CLI environment handling: Confirm DIRECT_URL is consistently mirrored across all three infrastructure paths (Docker, host, external) and that the environment file generation wraps the value correctly.

Possibly related PRs

• Fix store utm. Logger scopes env #747: Modifies the same UTM flow and fetchUserAndStoreUtms signature, moving extraction outside of store operations.
• Feat/unified-results #884: Changes the label text in ResultDisplay.tsx, directly related to the same component.
• Add homebrew formula #1038: CLI environment variable handling in packages/cli with similar DIRECT_URL propagation patterns.

Poem

🐰 A carrot's worth of code to pluck,
UTM values we extract with luck!
From cookies deep to functions clean,
The flow is sharp, direct, serene.
And DIRECT_URL joins the show—
thump thump thump — onward we go! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'CLI and onboarding fix' is vague and generic. While the PR does contain CLI changes and onboarding modifications, the title does not convey what specific problems are being fixed or what the main purpose of the changes is.	Provide a more specific and descriptive title that explains the main issue being addressed, such as 'Extract UTM values from cookies and set DIRECT_URL in environment configuration' or 'Refactor UTM extraction and add DIRECT_URL environment variable'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/cli-tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Persisting utms even when all values are undefined makes user.utms truthy and blocks saving real UTMs later. Consider only writing when at least one value is present (or treat an empty object as "no utms").

Suggested change

	if (user && !user.utms) {
	if (user && !user.utms && Object.values(utmValues).some((v) => v != null && v !== "")) {
	await storeUtms(userId, utmValues);
	}

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/web/app/(landing)/welcome/utms.tsx (1)

7-27: LGTM! Well-documented UTM extraction addresses Next.js limitation.

The extractUtmValues function with clear documentation effectively solves the issue of accessing request APIs inside after() callbacks. The UtmValues type provides good type safety for the extracted data.

Consider exporting the UtmValues type for better developer experience:

-type UtmValues = {
+export type UtmValues = {
   utmCampaign?: string;
   utmMedium?: string;
   utmSource?: string;
   utmTerm?: string;
   affiliate?: string;
 };

This would allow consumers of these functions to explicitly reference the type if needed, though TypeScript already infers it from function signatures.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72af5de and 18e3dfa.

📒 Files selected for processing (7)

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx (1 hunks)
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx (2 hunks)
• apps/web/app/(landing)/welcome/page.tsx (2 hunks)
• apps/web/app/(landing)/welcome/utms.tsx (2 hunks)
• packages/cli/src/main.ts (1 hunks)
• packages/cli/src/utils.ts (1 hunks)
• version.txt (1 hunks)

🧰 Additional context used

📓 Path-based instructions (14)

apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Use @/ path aliases for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Follow consistent naming conventions using PascalCase for components
Centralize shared types in dedicated type files

Import specific lodash functions rather than entire lodash library to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

apps/web/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

Follow NextJS app router structure with (app) directory

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

apps/web/**/*.tsx

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.tsx: Follow tailwindcss patterns with prettier-plugin-tailwindcss for class sorting
Prefer functional components with hooks over class components
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach
Use LoadingContent component for async data with loading and error states

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/data-fetching.mdc)

**/*.{ts,tsx}: For API GET requests to server, use the swr package
Use result?.serverError with toastError from @/components/Toast for error handling in async operations

**/*.{ts,tsx}: Use wrapper functions for Gmail message operations (get, list, batch, etc.) from @/utils/gmail/message.ts instead of direct API calls
Use wrapper functions for Gmail thread operations from @/utils/gmail/thread.ts instead of direct API calls
Use wrapper functions for Gmail label operations from @/utils/gmail/label.ts instead of direct API calls

**/*.{ts,tsx}: For early access feature flags, create hooks using the naming convention use[FeatureName]Enabled that return a boolean from useFeatureFlagEnabled("flag-key")
For A/B test variant flags, create hooks using the naming convention use[FeatureName]Variant that define variant types, use useFeatureFlagVariantKey() with type casting, and provide a default "control" fallback
Use kebab-case for PostHog feature flag keys (e.g., inbox-cleaner, pricing-options-2)
Always define types for A/B test variant flags (e.g., type PricingVariant = "control" | "variant-a" | "variant-b") and provide type safety through type casting

**/*.{ts,tsx}: Don't use primitive type aliases or misleading types
Don't use empty type parameters in type aliases and interfaces
Don't use this and super in static contexts
Don't use any or unknown as type constraints
Don't use the TypeScript directive @ts-ignore
Don't use TypeScript enums
Don't export imported variables
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions
Don't use TypeScript namespaces
Don't use non-null assertions with the ! postfix operator
Don't use parameter properties in class constructors
Don't use user-defined types
Use as const instead of literal types and type annotations
Use either T[] or Array<T> consistently
Initialize each enum member value explicitly
Use export type for types
Use `impo...

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

apps/web/app/(app)/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)

apps/web/app/(app)/**/*.{ts,tsx}: Components for the page are either put in page.tsx, or in the apps/web/app/(app)/PAGE_NAME folder
If we're in a deeply nested component we will use swr to fetch via API
If you need to use onClick in a component, that component is a client component and file must start with use client

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/prisma-enum-imports.mdc)

Always import Prisma enums from @/generated/prisma/enums instead of @/generated/prisma/client to avoid Next.js bundling errors in client components

Import Prisma using the project's centralized utility: import prisma from '@/utils/prisma'

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{tsx,ts}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

**/*.{tsx,ts}: Use Shadcn UI and Tailwind for components and styling
Use next/image package for images
For API GET requests to server, use the swr package with hooks like useSWR to fetch data
For text inputs, use the Input component with registerProps for form integration and error handling

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{tsx,ts,css}

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

Implement responsive design with Tailwind CSS using a mobile-first approach

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/ui-components.mdc)

**/*.tsx: Use the LoadingContent component to handle loading states instead of manual loading state management
For text areas, use the Input component with type='text', autosizeTextarea prop set to true, and registerProps for form integration

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use accessKey attribute on any HTML element
Don't set aria-hidden="true" on focusable elements
Don't add ARIA roles, states, and properties to elements that don't support them
Don't use distracting elements like <marquee> or <blink>
Only use the scope prop on <th> elements
Don't assign non-interactive ARIA roles to interactive HTML elements
Make sure label elements have text content and are associated with an input
Don't assign interactive ARIA roles to non-interactive HTML elements
Don't assign tabIndex to non-interactive HTML elements
Don't use positive integers for tabIndex property
Don't include "image", "picture", or "photo" in img alt prop
Don't use explicit role property that's the same as the implicit/default role
Make static elements with click handlers use a valid role attribute
Always include a title element for SVG elements
Give all elements requiring alt text meaningful information for screen readers
Make sure anchors have content that's accessible to screen readers
Assign tabIndex to non-interactive HTML elements with aria-activedescendant
Include all required ARIA attributes for elements with ARIA roles
Make sure ARIA properties are valid for the element's supported roles
Always include a type attribute for button elements
Make elements with interactive roles and handlers focusable
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden)
Always include a lang attribute on the html element
Always include a title attribute for iframe elements
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress
Accompany onMouseOver/onMouseOut with onFocus/onBlur
Include caption tracks for audio and video elements
Use semantic elements instead of role attributes in JSX
Make sure all anchors are valid and navigable
Ensure all ARIA properties (aria-*) are valid
Use valid, non-abstract ARIA roles for elements with ARIA roles
Use valid AR...

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{jsx,tsx}: Don't use unnecessary fragments
Don't pass children as props
Don't use the return value of React.render
Make sure all dependencies are correctly specified in React hooks
Make sure all React hooks are called from the top level of component functions
Don't forget key props in iterators and collection literals
Don't define React components inside other components
Don't use event handlers on non-interactive elements
Don't assign to React component props
Don't use both children and dangerouslySetInnerHTML props on the same element
Don't use dangerous JSX props
Don't use Array index in keys
Don't insert comments as text nodes
Don't assign JSX properties multiple times
Don't add extra closing tags for components without children
Use <>...</> instead of <Fragment>...</Fragment>
Watch out for possible "wrong" semicolons inside JSX elements
Make sure void (self-closing) elements don't have children
Don't use target="_blank" without rel="noopener"
Don't use <img> elements in Next.js projects
Don't use <head> elements in Next.js projects

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

!(pages/_document).{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

Don't use the next/head module in pages/_document.js on Next.js projects

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• version.txt
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/utilities.mdc)

**/*.{js,ts,jsx,tsx}: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size (e.g., import groupBy from 'lodash/groupBy')

Files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx
• packages/cli/src/main.ts
• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• packages/cli/src/utils.ts
• apps/web/app/(landing)/welcome/page.tsx
• apps/web/app/(landing)/welcome/utms.tsx

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/security.mdc)

**/*.ts: ALL database queries MUST be scoped to the authenticated user/account by including user/account filtering in WHERE clauses to prevent unauthorized data access
Always validate that resources belong to the authenticated user before performing operations, using ownership checks in WHERE clauses or relationships
Always validate all input parameters for type, format, and length before using them in database queries
Use SafeError for error responses to prevent information disclosure. Generic error messages should not reveal internal IDs, logic, or resource ownership details
Only return necessary fields in API responses using Prisma's select option. Never expose sensitive data such as password hashes, private keys, or system flags
Prevent Insecure Direct Object References (IDOR) by validating resource ownership before operations. All findUnique/findFirst calls MUST include ownership filters
Prevent mass assignment vulnerabilities by explicitly whitelisting allowed fields in update operations instead of accepting all user-provided data
Prevent privilege escalation by never allowing users to modify system fields, ownership fields, or admin-only attributes through user input
All findMany queries MUST be scoped to the user's data by including appropriate WHERE filters to prevent returning data from other users
Use Prisma relationships for access control by leveraging nested where clauses (e.g., emailAccount: { id: emailAccountId }) to validate ownership

Files:

• packages/cli/src/main.ts
• packages/cli/src/utils.ts

🧠 Learnings (14)

📚 Learning: 2025-11-25T14:37:09.306Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/fullstack-workflow.mdc:0-0
Timestamp: 2025-11-25T14:37:09.306Z
Learning: Applies to apps/web/components/**/*Form*.tsx : Handle form submission results using `result?.serverError` to show error toasts and `toastSuccess` to show success messages after server action completion

Applied to files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx

📚 Learning: 2025-11-25T14:36:36.276Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/data-fetching.mdc:0-0
Timestamp: 2025-11-25T14:36:36.276Z
Learning: Applies to **/*.{ts,tsx} : Use `result?.serverError` with `toastError` and `toastSuccess` for error handling in server actions

Applied to files:

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `experimental__runtimeEnv` object to enable runtime access

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add client-side environment variables to `apps/web/env.ts` under the `client` object with `NEXT_PUBLIC_` prefix and Zod schema validation

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:36:18.416Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: apps/web/CLAUDE.md:0-0
Timestamp: 2025-11-25T14:36:18.416Z
Learning: Applies to apps/web/**/{.env.example,env.ts,turbo.json} : Add environment variables to `.env.example`, `env.ts`, and `turbo.json`

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:36:43.454Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : For client-side environment variables in `apps/web/env.ts`, prefix them with `NEXT_PUBLIC_` and add them to both the `client` and `experimental__runtimeEnv` sections

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:36:45.807Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:45.807Z
Learning: Applies to apps/web/env.ts : Add server-only environment variables to `apps/web/env.ts` under the `server` object with Zod schema validation

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:36:43.454Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/environment-variables.mdc:0-0
Timestamp: 2025-11-25T14:36:43.454Z
Learning: Applies to apps/web/env.ts : Define environment variables in `apps/web/env.ts` using Zod schema validation, organizing them into `server` and `client` sections

Applied to files:

• packages/cli/src/main.ts

📚 Learning: 2025-11-25T14:37:22.660Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/gmail-api.mdc:0-0
Timestamp: 2025-11-25T14:37:22.660Z
Learning: Applies to **/{pages,routes,components}/**/*.{ts,tsx} : Never call Gmail API directly from routes or components - always use wrapper functions from the utils folder

Applied to files:

• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx

📚 Learning: 2025-07-08T13:14:07.449Z

Learnt from: elie222
Repo: elie222/inbox-zero PR: 537
File: apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx:30-34
Timestamp: 2025-07-08T13:14:07.449Z
Learning: The clean onboarding page in apps/web/app/(app)/[emailAccountId]/clean/onboarding/page.tsx is intentionally Gmail-specific and should show an error for non-Google email accounts rather than attempting to support multiple providers.

Applied to files:

• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx

📚 Learning: 2025-11-25T14:42:11.919Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/utilities.mdc:0-0
Timestamp: 2025-11-25T14:42:11.919Z
Learning: Applies to utils/**/*.{js,ts,jsx,tsx} : The `utils` folder contains core app logic such as Next.js Server Actions and Gmail API requests

Applied to files:

• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx
• apps/web/app/(landing)/welcome/page.tsx

📚 Learning: 2025-11-25T14:42:16.602Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/utilities.mdc:0-0
Timestamp: 2025-11-25T14:42:16.602Z
Learning: The `utils` folder contains core app logic such as Next.js Server Actions and Gmail API requests

Applied to files:

• apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx

📚 Learning: 2025-11-25T14:38:07.606Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/llm.mdc:0-0
Timestamp: 2025-11-25T14:38:07.606Z
Learning: Applies to apps/web/utils/llms/{index,model}.ts : Core LLM functionality must be defined in `utils/llms/index.ts`, model definitions and configurations in `utils/llms/model.ts`, and usage tracking in `utils/usage.ts`

Applied to files:

• apps/web/app/(landing)/welcome/page.tsx

📚 Learning: 2025-11-25T14:39:23.326Z

Learnt from: CR
Repo: elie222/inbox-zero PR: 0
File: .cursor/rules/security.mdc:0-0
Timestamp: 2025-11-25T14:39:23.326Z
Learning: Applies to app/api/**/*.ts : Use `withAuth` middleware for user-level operations (user settings, API keys, referrals) - provides only `userId` in `request.auth`

Applied to files:

• apps/web/app/(landing)/welcome/utms.tsx

🧬 Code graph analysis (2)

apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx (1)

apps/web/app/(landing)/welcome/utms.tsx (2)

• extractUtmValues (19-27)
• fetchUserAndStoreUtms (29-46)

apps/web/app/(landing)/welcome/page.tsx (1)

apps/web/app/(landing)/welcome/utms.tsx (2)

• extractUtmValues (19-27)
• fetchUserAndStoreUtms (29-46)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: cubic · AI code reviewer
• GitHub Check: Review for correctness
• GitHub Check: test
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (13)

version.txt (1)

1-1: LGTM! Version bump aligns with patch-level changes.

The version increment from v2.21.30 to v2.21.31 is appropriate for the UTM handling refactoring and environment variable additions in this PR.

apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx (1)

131-131: LGTM! Concise label improves UI brevity.

The shortened label "Actions:" maintains clarity while reducing visual clutter.

packages/cli/src/utils.ts (2)

53-53: LGTM! DIRECT_URL handling mirrors DATABASE_URL pattern.

The addition of DIRECT_URL for Docker infrastructure correctly follows the same pattern as DATABASE_URL, supporting Prisma's direct connection requirements for migrations.

---

59-59: LGTM! DIRECT_URL properly handled for external infrastructure.

Consistent with the Docker infrastructure path, this ensures DIRECT_URL is configured for external database setups.

packages/cli/src/main.ts (3)

528-528: LGTM! DIRECT_URL initialization appropriate for Docker setup.

Setting DIRECT_URL to match DATABASE_URL is correct for Docker environments. In production deployments with connection pooling (e.g., PgBouncer), users can override these values as needed.

---

533-533: LGTM! DIRECT_URL initialization appropriate for host setup.

Consistent with the Docker path, this correctly initializes DIRECT_URL for local development on the host.

---

539-539: LGTM! DIRECT_URL placeholder matches DATABASE_URL pattern.

The placeholder correctly mirrors DATABASE_URL for external infrastructure, maintaining consistency with the setup flow.

apps/web/app/(landing)/welcome/page.tsx (2)

9-12: LGTM! Import addition supports UTM extraction refactoring.

The extractUtmValues import enables the extraction of UTM values before the after() callback, which is necessary due to Next.js restrictions on using request APIs inside after() in Server Components.

---

33-38: LGTM! UTM extraction correctly moved outside after() callback.

This refactoring properly addresses the Next.js limitation where request APIs cannot be used inside after() in Server Components. Extracting UTM values at line 33 before passing them to fetchUserAndStoreUtms at line 38 ensures correct execution order and compatibility.

apps/web/app/(app)/[emailAccountId]/onboarding/page.tsx (2)

6-9: LGTM! Consistent UTM extraction pattern applied.

The import addition aligns with the refactoring applied to the landing welcome page, ensuring consistent handling of UTM values across both onboarding flows.

---

31-36: LGTM! UTM extraction properly implemented.

The extraction at line 31 and subsequent usage at line 36 correctly mirrors the pattern established in the welcome page, maintaining consistency across the codebase.

apps/web/app/(landing)/welcome/utms.tsx (2)

29-46: LGTM! Signature update maintains clean separation of concerns.

The updated fetchUserAndStoreUtms signature accepting utmValues instead of raw cookies is a clean refactoring that properly delegates cookie extraction to the caller (outside after() callbacks).

---

48-57: LGTM! Internal implementation correctly updated.

The storeUtms function properly consumes the UtmValues parameter instead of extracting from cookies, completing the refactoring consistently.

[cubic-dev-ai]

No issues found across 7 files