refactor(website): Remove ZIP file caching and extend remote repo cache

[yamadashy]

Summary

• Remove caching for ZIP file uploads to avoid storing user-uploaded code in server memory for security reasons
• Extend remote repository cache TTL from 3 minutes to 10 minutes for better cache hit rate while staying within Cloud Run idle timeout (15 minutes)

Checklist

• Run npm run test
• Run npm run lint

---

[gemini-code-assist]

Summary of Changes

Hello @yamadashy, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the website's backend to improve both security and performance. It eliminates the caching of user-uploaded ZIP files to mitigate security risks associated with storing arbitrary code in memory. Concurrently, it optimizes the remote repository caching strategy by extending its duration, which is expected to boost efficiency without exceeding serverless platform limitations.

Highlights

• ZIP File Caching Removal: Caching for user-uploaded ZIP files has been removed to enhance security by preventing the storage of user code in server memory.
• Remote Repository Cache Extension: The Time-To-Live (TTL) for the remote repository cache has been increased from 3 minutes to 10 minutes. This aims to improve the cache hit rate while ensuring compatibility with Cloud Run's 15-minute idle timeout.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

📝 Walkthrough

Walkthrough

Removed caching logic from ZIP file processing while extending the shared cache time-to-live window from 180 to 600 milliseconds. Cache read/write operations are eliminated from the main processing flow, and the shared instance's PackResult cache lifetime is increased to 10 minutes.

Changes

Cohort / File(s)	Summary
Cache removal from ZIP processing website/server/src/domains/pack/processZipFile.ts	Deleted generateCacheKey and cache imports; removed cache.get() check with early return and cache.set() storage of final results. ZIP extraction, result construction, and logging remain unchanged.
Shared instance cache duration increase website/server/src/domains/pack/utils/sharedInstance.ts	Extended cache TTL parameter from 180 to 600 milliseconds, increasing PackResult cache lifetime from 3 to 10 minutes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• PR #254: Modifies RequestCache implementation details (compression, cleanup, key generation), affecting the same caching codepath being adjusted here.
• PR #640: Changes processZipFile to use async cache.get/set operations and updates the cache implementation, directly impacting the caching layer being modified in this PR.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the two main changes: removing ZIP file caching and extending remote repo cache TTL.
Description check	✅ Passed	The description covers both changes with clear rationale, includes a completed checklist, and matches the required template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/website-server-cache-improvements

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.17%. Comparing base (39a17b4) to head (891cd15).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1106   +/-   ##
=======================================
  Coverage   87.17%   87.17%           
=======================================
  Files         116      116           
  Lines        4382     4382           
  Branches     1019     1019           
=======================================
  Hits         3820     3820           
  Misses        562      562           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

Code Review

Summary

This PR makes two targeted improvements to the website server caching strategy:

1. Removes ZIP file caching - Eliminates caching of user-uploaded files for security reasons
2. Extends remote repo cache TTL - Increases from 3 to 10 minutes for better cache hit rates

Overall Assessment

Approved - This is a well-scoped, clean refactoring with appropriate security considerations. The changes are minimal and low-risk.

Detailed Analysis

Code Quality

• The removal of caching from processZipFile.ts is clean - unused imports (generateCacheKey, cache) are properly removed
• The TTL change in sharedInstance.ts is straightforward and includes a helpful comment explaining the rationale

Security Considerations

The security rationale for removing ZIP caching is sound:

• User-uploaded code is unpredictable and could contain sensitive data
• Caching this data in server memory creates unnecessary exposure
• Remote repository URLs are deterministic and public, so caching them carries minimal security risk

Performance Considerations

• ZIP files: No significant performance impact since each file upload creates a unique cache key anyway (based on name-size-lastModified). Cache hits would be rare for user uploads.
• Remote repos: Extending TTL from 3 to 10 minutes should improve cache efficiency for repeated requests to the same repository, while staying within Cloud Run's 15-minute idle timeout.

Potential Concerns (Minor)

1. Cache memory usage: With a longer 10-minute TTL, the cache could grow larger. However, since ZIP caching is removed (which stored the actual packed content), this is likely offset.

2. setInterval cleanup: The RequestCache cleanup runs on a fixed interval (now 600 seconds). This is a long interval between cleanups, but since entries are checked for staleness on get() as well, this is acceptable.

Premortem Analysis

Potential Failure Scenarios

Scenario	Risk	Mitigation
Memory pressure from longer cache TTL	Low	ZIP cache removal offsets this; cache compresses data
Cache stale reads	None	TTL is checked on both get() and cleanup()
Deployment risk	None	Changes are purely subtractive/config
Backwards compatibility	None	No API changes

Test Coverage

Note: The website server directory (website/server/) doesn't appear to have unit tests. This is existing technical debt, not introduced by this PR.

---

LGTM - the security reasoning is appropriate and the implementation is clean.

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying repomix with    Cloudflare Pages

Latest commit:	891cd15
Status:	🚫  Deploy failed.

View logs

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional flags.

[gemini-code-assist]

Code Review

This pull request removes caching for ZIP file uploads for security reasons and extends the cache time-to-live (TTL) for remote repositories to improve performance. The changes are logical and correctly implemented. I have provided one suggestion to make the cache TTL configurable via an environment variable, which would improve maintainability and align with existing configuration patterns in the codebase.

[gemini-code-assist]

For better maintainability and flexibility, consider making the cache TTL configurable via an environment variable. This would allow for easier adjustments in different environments without requiring code changes, and it follows the pattern already used for the rate limiter configuration in this file.

Suggested change

	export const cache = new RequestCache<PackResult>(600); // 10 minutes cache
	export const cache = new RequestCache<PackResult>(parseInt(process.env.REMOTE_REPO_CACHE_TTL_SECONDS || '600', 10)); // 10 minutes cache by default