Update digest prompt

[elie222]

Note

Refines the email digest summarization prompt with clearer bullet-structured guidance and removes explicit NextRequest typings in several API callbacks; bumps version to v2.12.3.

• AI/Digest:
  • Refines summarize-email-for-digest.ts prompt: avoid mentioning sender, start directly, prefer bullet points, structured "Key: Value" lists for orders/receipts, concise newsletter topics, and second-person phrasing for direct messages.
• API:
  • Removes NextRequest type usage/imports and untypes GET handler params in google/calendar/callback, google/linking/callback, outlook/linking/callback, and sso/signin.
• Version:
  • Update version.txt to v2.12.3.

^{Written by Cursor Bugbot for commit f743c6e. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• New Features
  • Improved email digest summaries: clearer bullet-point structure, focuses on content (not sender), tailored formats for orders/receipts, newsletters, and direct messages, with concise action items.
• Refactor
  • Simplified request handler typing in several API routes to reduce type coupling without changing behavior.
• Chores
  • Bumped app version to v2.12.3.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
inbox-zero	Ready	Preview	Sep 30, 2025 10:57am

[coderabbitai]

Walkthrough

This PR removes NextRequest type annotations from four API GET handlers, revises the AI digest summarization system prompt with stricter formatting/content rules, and bumps the version from v2.12.2 to v2.12.3.

Changes

Cohort / File(s)	Summary of changes
API route handler type annotation removal apps/web/app/api/google/calendar/callback/route.ts, apps/web/app/api/google/linking/callback/route.ts, apps/web/app/api/outlook/linking/callback/route.ts, apps/web/app/api/sso/signin/route.ts	Dropped NextRequest import and type annotation in GET handler signatures; logic and control flow unchanged.
AI digest prompt update apps/web/utils/ai/digest/summarize-email-for-digest.ts	Updated system prompt: clarified bullet formatting, data-type-specific structures (orders/receipts, newsletters, DMs), exclude sender mentions and non-human-readable identifiers. No code-path changes.
Version bump version.txt	Updated version from v2.12.2 to v2.12.3.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Update digest prompt and summary schema. Update digest mail template and props #605 — Also edits summarize-email-for-digest.ts, reworking the prompt/output schema.
• fix: Update Digest summarization prompt #587 — Changes the same prompt file and aligns tests with new summarization behavior.
• Digest improvements: Exclude meaningless information #611 — Tightens the prompt to exclude opaque identifiers in the same utility file.

Poem

I nudge my whiskers at v2.12.3,
Four routes decluttered, types set free.
The inbox muse now speaks in bullets neat—
Orders, news, and notes concise and sweet.
I hop through diffs with gentle might,
Carrots up—prompts trimmed just right. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “Update digest prompt” only highlights changes to the digest summarization prompt, but the pull request also removes NextRequest type annotations across multiple API route handlers and updates the project version, so it does not accurately reflect the scope of the changes.	Revise the title to summarize the primary modifications, for example “Relax NextRequest typing in API routes and update digest prompt,” so it clearly conveys both the type‐annotation changes and the digest prompt update.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/update-digest-prompt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

apps/web/app/api/sso/signin/route.ts (1)

2-2: Same type annotation removal as other routes in this PR.

The explicit NextRequest type has been removed here as well. Refer to the comment on apps/web/app/api/google/linking/callback/route.ts for the type safety verification request that applies to all four modified routes.

Also applies to: 21-21

apps/web/app/api/outlook/linking/callback/route.ts (1)

1-1: Same type annotation removal as other routes in this PR.

The explicit NextRequest type has been removed here as well. Refer to the comment on apps/web/app/api/google/linking/callback/route.ts for the type safety verification request that applies to all four modified routes.

Also applies to: 13-13

apps/web/app/api/google/calendar/callback/route.ts (1)

1-1: Same type annotation removal as other routes in this PR.

The explicit NextRequest type has been removed here as well. Refer to the comment on apps/web/app/api/google/linking/callback/route.ts for the type safety verification request that applies to all four modified routes.

Also applies to: 18-18

🧹 Nitpick comments (1)

apps/web/utils/ai/digest/summarize-email-for-digest.ts (1)

71-92: Consider adding retry logic for transient failures.

The error handling correctly returns null as a fallback, which is appropriate for digest summarization. However, consider adding retry logic using withRetry for transient failures to improve reliability, especially for temporary network or API issues.

As per coding guidelines, which recommend: "Add retry logic for transient failures using withRetry" for AI feature implementations.

This is optional since returning null for a single digest item is an acceptable degradation, but retries could improve the user experience by reducing the frequency of missing summaries.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8bdce3 and f743c6e.

📒 Files selected for processing (6)

• apps/web/app/api/google/calendar/callback/route.ts (2 hunks)
• apps/web/app/api/google/linking/callback/route.ts (2 hunks)
• apps/web/app/api/outlook/linking/callback/route.ts (2 hunks)
• apps/web/app/api/sso/signin/route.ts (2 hunks)
• apps/web/utils/ai/digest/summarize-email-for-digest.ts (1 hunks)
• version.txt (1 hunks)

🧰 Additional context used

📓 Path-based instructions (14)

apps/web/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Path aliases: Use @/ for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Leverage TypeScript inference for better DX

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

apps/web/app/**

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

NextJS app router structure with (app) directory

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

apps/web/app/api/**/route.ts

📄 CodeRabbit inference engine (apps/web/CLAUDE.md)

apps/web/app/api/**/route.ts: Use withAuth for user-level operations
Use withEmailAccount for email-account-level operations
Do NOT use POST API routes for mutations - use server actions instead
No need for try/catch in GET routes when using middleware
Export response types from GET routes

apps/web/app/api/**/route.ts: Wrap all GET API route handlers with withAuth or withEmailAccount middleware for authentication and authorization.
Export response types from GET API routes for type-safe client usage.
Do not use try/catch in GET API routes when using authentication middleware; rely on centralized error handling.

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

!{.cursor/rules/*.mdc}

📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)

Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location

Files:

• apps/web/app/api/google/linking/callback/route.ts
• version.txt
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)

**/*.ts: The same validation should be done in the server action too
Define validation schemas using Zod

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)

**/*.{ts,tsx}: Use createScopedLogger for logging in backend TypeScript files
Typically add the logger initialization at the top of the file when using createScopedLogger
Only use .with() on a logger instance within a specific function, not for a global logger

Import Prisma in the project using import prisma from "@/utils/prisma";

**/*.{ts,tsx}: Don't use TypeScript enums.
Don't use TypeScript const enum.
Don't use the TypeScript directive @ts-ignore.
Don't use primitive type aliases or misleading types.
Don't use empty type parameters in type aliases and interfaces.
Don't use any or unknown as type constraints.
Don't use implicit any type on variable declarations.
Don't let variables evolve into any type through reassignments.
Don't use non-null assertions with the ! postfix operator.
Don't misuse the non-null assertion operator (!) in TypeScript files.
Don't use user-defined types.
Use as const instead of literal types and type annotations.
Use export type for types.
Use import type for types.
Don't declare empty interfaces.
Don't merge interfaces and classes unsafely.
Don't use overload signatures that aren't next to each other.
Use the namespace keyword instead of the module keyword to declare TypeScript namespaces.
Don't use TypeScript namespaces.
Don't export imported variables.
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions.
Don't use parameter properties in class constructors.
Use either T[] or Array consistently.
Initialize each enum member value explicitly.
Make sure all enum members are literal values.

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

**/api/**/route.ts

📄 CodeRabbit inference engine (.cursor/rules/security.mdc)

**/api/**/route.ts: ALL API routes that handle user data MUST use appropriate authentication and authorization middleware (withAuth or withEmailAccount).
ALL database queries in API routes MUST be scoped to the authenticated user/account (e.g., include userId or emailAccountId in query filters).
Always validate that resources belong to the authenticated user before performing operations (resource ownership validation).
Use withEmailAccount middleware for API routes that operate on a specific email account (i.e., use or require emailAccountId).
Use withAuth middleware for API routes that operate at the user level (i.e., use or require only userId).
Use withError middleware (with proper validation) for public endpoints, custom authentication, or cron endpoints.
Cron endpoints MUST use withError middleware and validate the cron secret using hasCronSecret(request) or hasPostCronSecret(request).
Cron endpoints MUST capture unauthorized attempts with captureException and return a 401 status for unauthorized requests.
All parameters in API routes MUST be validated for type, format, and length before use.
Request bodies in API routes MUST be validated using Zod schemas before use.
All Prisma queries in API routes MUST only return necessary fields and never expose sensitive data.
Error messages in API routes MUST not leak internal information or sensitive data; use generic error messages and SafeError where appropriate.
API routes MUST use a consistent error response format, returning JSON with an error message and status code.
All findUnique and findFirst Prisma calls in API routes MUST include ownership filters (e.g., userId or emailAccountId).
All findMany Prisma calls in API routes MUST be scoped to the authenticated user's data.
Never use direct object references in API routes without ownership checks (prevent IDOR vulnerabilities).
Prevent mass assignment vulnerabilities by only allowing explicitly whitelisted fields in update operations in AP...

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

apps/web/app/api/**/*.{ts,js}

📄 CodeRabbit inference engine (.cursor/rules/security-audit.mdc)

apps/web/app/api/**/*.{ts,js}: All API route handlers in 'apps/web/app/api/' must use authentication middleware: withAuth, withEmailAccount, or withError (with custom authentication logic).
All Prisma queries in API routes must include user/account filtering (e.g., emailAccountId or userId in WHERE clauses) to prevent unauthorized data access.
All parameters used in API routes must be validated before use; do not use parameters from 'params' or request bodies directly in queries without validation.
Request bodies in API routes should use Zod schemas for validation.
API routes should only return necessary fields using Prisma's 'select' and must not include sensitive data in error messages.
Error messages in API routes must not reveal internal details; use generic errors and SafeError for user-facing errors.
All QStash endpoints (API routes called via publishToQstash or publishToQstashQueue) must use verifySignatureAppRouter to verify request authenticity.
All cron endpoints in API routes must use hasCronSecret or hasPostCronSecret for authentication.
Do not hardcode weak or plaintext secrets in API route files; secrets must not be directly assigned as string literals.
Review all new withError usage in API routes to ensure custom authentication is implemented where required.

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

**/*.{js,jsx,ts,tsx}: Don't use elements in Next.js projects.
Don't use elements in Next.js projects.
Don't use namespace imports.
Don't access namespace imports dynamically.
Don't use global eval().
Don't use console.
Don't use debugger.
Don't use var.
Don't use with statements in non-strict contexts.
Don't use the arguments object.
Don't use consecutive spaces in regular expression literals.
Don't use the comma operator.
Don't use unnecessary boolean casts.
Don't use unnecessary callbacks with flatMap.
Use for...of statements instead of Array.forEach.
Don't create classes that only have static members (like a static namespace).
Don't use this and super in static contexts.
Don't use unnecessary catch clauses.
Don't use unnecessary constructors.
Don't use unnecessary continue statements.
Don't export empty modules that don't change anything.
Don't use unnecessary escape sequences in regular expression literals.
Don't use unnecessary labels.
Don't use unnecessary nested block statements.
Don't rename imports, exports, and destructured assignments to the same name.
Don't use unnecessary string or template literal concatenation.
Don't use String.raw in template literals when there are no escape sequences.
Don't use useless case statements in switch statements.
Don't use ternary operators when simpler alternatives exist.
Don't use useless this aliasing.
Don't initialize variables to undefined.
Don't use the void operators (they're not familiar).
Use arrow functions instead of function expressions.
Use Date.now() to get milliseconds since the Unix Epoch.
Use .flatMap() instead of map().flat() when possible.
Use literal property access instead of computed property access.
Don't use parseInt() or Number.parseInt() when binary, octal, or hexadecimal literals work.
Use concise optional chaining instead of chained logical expressions.
Use regular expression literals instead of the RegExp constructor when possible.
Don't use number literal object member names th...

Files:

• apps/web/app/api/google/linking/callback/route.ts
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

!pages/_document.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)

!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.

Files:

• apps/web/app/api/google/linking/callback/route.ts
• version.txt
• apps/web/utils/ai/digest/summarize-email-for-digest.ts
• apps/web/app/api/outlook/linking/callback/route.ts
• apps/web/app/api/google/calendar/callback/route.ts
• apps/web/app/api/sso/signin/route.ts

apps/web/utils/**

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Create utility functions in utils/ folder for reusable logic

Files:

• apps/web/utils/ai/digest/summarize-email-for-digest.ts

apps/web/utils/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

apps/web/utils/**/*.ts: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle size

Files:

• apps/web/utils/ai/digest/summarize-email-for-digest.ts

apps/web/utils/ai/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)

apps/web/utils/ai/**/*.{ts,tsx}: Place main LLM feature implementations under apps/web/utils/ai/
LLM feature functions should follow the provided TypeScript pattern (separate system/user prompts, use createGenerateObject, Zod schema validation, early validation, return result.object)
Keep system prompts and user prompts separate
System prompt should define the LLM's role and task specifications
User prompt should contain the actual data and context
Always define a Zod schema for response validation
Make Zod schemas as specific as possible to guide LLM output
Use descriptive scoped loggers for each feature
Log inputs and outputs with appropriate log levels and include relevant context
Implement early returns for invalid inputs
Use proper error types and logging for failures
Implement fallbacks for AI failures
Add retry logic for transient failures using withRetry
Use XML-like tags to structure data in prompts
Remove excessive whitespace and truncate long inputs in prompts
Format prompt data consistently across similar functions
Use TypeScript types for all parameters and return values in LLM features
Define clear interfaces for complex input/output structures in LLM features

Files:

• apps/web/utils/ai/digest/summarize-email-for-digest.ts

apps/web/utils/{ai,llms}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/llm.mdc)

Keep related AI functions co-located and extract common patterns into utilities; document complex AI logic with clear comments

Files:

• apps/web/utils/ai/digest/summarize-email-for-digest.ts

🧬 Code graph analysis (4)

apps/web/app/api/google/linking/callback/route.ts (2)

apps/web/app/api/google/calendar/callback/route.ts (1)

• GET (18-174)

apps/web/utils/middleware.ts (1)

• withError (283-288)

apps/web/app/api/outlook/linking/callback/route.ts (3)

apps/web/app/api/google/calendar/callback/route.ts (1)

• GET (18-174)

apps/web/app/api/google/linking/callback/route.ts (1)

• GET (13-190)

apps/web/utils/middleware.ts (1)

• withError (283-288)

apps/web/app/api/google/calendar/callback/route.ts (2)

apps/web/app/api/google/linking/callback/route.ts (1)

• GET (13-190)

apps/web/utils/middleware.ts (1)

• withError (283-288)

apps/web/app/api/sso/signin/route.ts (4)

apps/web/app/api/google/calendar/callback/route.ts (1)

• GET (18-174)

apps/web/app/api/google/linking/callback/route.ts (1)

• GET (13-190)

apps/web/app/api/outlook/linking/callback/route.ts (1)

• GET (13-273)

apps/web/utils/middleware.ts (1)

• withError (283-288)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: cubic · AI code reviewer
• GitHub Check: Vercel Agent Review

🔇 Additional comments (2)

version.txt (1)

1-1: LGTM!

Version bump to v2.12.3 is appropriate for this patch-level change.

apps/web/app/api/google/linking/callback/route.ts (1)

1-1: No action needed: request is inferred as NextRequest via contextual typing
The withError wrapper’s NextHandler<T extends NextRequest = NextRequest> signature provides the handler’s request parameter as NextRequest by default, so removing the explicit annotation does not affect type safety.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix escaped newlines in prompt examples.

The examples use \\n (double backslash) which will render as literal \n text in the prompt string, rather than demonstrating actual line breaks. Since this is already within a template string, use \n (single backslash) instead.

Apply this diff:

 - For structured data (orders, confirmations, receipts):
   • Use bullet points with "Key: Value" format
-  • Example: "• Order Total: $99.99\\n• Delivery Date: March 15"
+  • Example: "• Order Total: $99.99\n• Delivery Date: March 15"
 - For newsletters and announcements:
   • List the key topics or news items as bullet points
   • Focus on the actual content, not who sent it
-  • Example: "• New feature launches next week\\n• 20% discount on all plans\\n• Webinar scheduled for Friday"
+  • Example: "• New feature launches next week\n• 20% discount on all plans\n• Webinar scheduled for Friday"

🤖 Prompt for AI Agents

In apps/web/utils/ai/digest/summarize-email-for-digest.ts around lines 44 to 49,
the prompt examples contain escaped newlines written as double backslashes
("\\n") which will render as literal "\n" in the template string; change those
to actual newline escapes ("\n") so the examples produce real line breaks in the
prompt string (update both examples shown to use "\n" instead of "\\n").

[cubic-dev-ai]

No issues found across 6 files