resync

[theg1239]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
examcooker-dev	Building	Preview, Comment	May 23, 2026 1:59am

[greptile-apps]

Greptile Summary

This PR bundles several independent improvements: an AI model rename (gpt-realtime-mini → gpt-realtime-2) across voice/realtime files, XSS hardening in the MCP widget's linkify/renderBtn helpers, truncated-PDF detection in the markdown route, and two data-integrity fixes for past-paper lookups (wrapping metadata updates in a transaction and filtering published-only papers in the detail/sibling queries).

• Transaction + new validations in update-paper-metadata.ts: the update is now atomic, tracks the previous questionPaperId so the old question paper's cache is also revalidated, and adds a linkedAnswerKey guard that prevents a paper from becoming an answer key when it is already acting as a question paper for another paper.
• isClear filter in past-paper-detail.ts: both loadPastPaperDetail and the getSiblingPastPaper question-paper branch now require isClear = true, and the Redis cache key prefix was renamed to match the new semantics, avoiding stale entries from the old unchecked cache.
• XSS fix in examcooker-widget.ts: a new safeHref validator enforces http:/https: protocol and passes URLs through esc() before injecting into HTML, patching a reflected-URL injection in linkify, renderRow, and renderBtn.

Confidence Score: 4/5

Safe to merge; all changes are additive hardening with no breaking interface changes.

The transaction wrapper and new answer-key guard in the metadata action are logically correct and improve data integrity. The isClear filter and cache-key rename in past-paper-detail are a clean, consistent pair. The XSS fix in the widget is straightforward and well-applied. The only minor concerns are a redundant ne clause and the expected slow expiry of old Redis cache entries under the previous key prefix.

app/actions/update-paper-metadata.ts and lib/data/past-paper-detail.ts carry the most logic change and are worth a quick second read.

Important Files Changed

Filename	Overview
app/actions/update-paper-metadata.ts	Logic wrapped in a DB transaction with new validation guards; previous question-paper ID now tracked for cache invalidation; ne(pastPaper.id, parsed.id) in the linkedAnswerKey check is redundant but harmless.
lib/data/past-paper-detail.ts	Adds isClear = true filter to loadPastPaperDetail and getSiblingPastPaper; Redis cache key prefix renamed to avoid serving old unchecked-paper results.
app/api/pdf/markdown/route.ts	Adds truncated-output detection via finishReason === 'length' and normalises the previously unresolved result.finishReason Promise before passing it to capture-event logging.
lib/mcp/examcooker-widget.ts	Introduces safeHref URL validator (protocol whitelist + URL parse) and consistently applies esc() to all injected href values, closing a reflected-URL XSS vector in the widget HTML.
app/api/realtime/session/route.ts	Model name constant updated from gpt-realtime-mini to gpt-realtime-2; no other logic changes.
app/components/voice/voice-agent-provider.tsx	Two model-name literals updated from gpt-realtime-mini to gpt-realtime-2; no logic changes.
app/components/voice/voice-runtime.tsx	Default model constant renamed to gpt-realtime-2; no other changes.

Sequence Diagram

sequenceDiagram
    participant Mod as Moderator
    participant Action as updatePaperMetadata
    participant DB as Database (tx)
    participant Cache as Next.js/Redis Cache

    Mod->>Action: submit metadata update
    Action->>Action: auth check (MODERATOR only)
    Action->>Action: zod schema parse
    Action->>DB: BEGIN TRANSACTION
    DB->>DB: fetch existingPaper (get previousQuestionPaperId)
    alt "hasAnswerKey = true"
        DB->>DB: fetch questionPaper
        DB->>DB: check conflictingLink (another answer key for same QP?)
        DB->>DB: check linkedAnswerKey (current paper already a question paper?)
    end
    DB->>DB: UPDATE pastPaper SET ...
    DB->>Action: "COMMIT → {questionPaperId, previousQuestionPaperId}"
    Action->>Cache: revalidateTag(past_paper:id)
    Action->>Cache: revalidateTag(past_paper:previousQuestionPaperId)
    Action->>Cache: revalidateTag(past_paper:questionPaperId)
    Action->>Cache: invalidatePastPapersSurfaceCache()
    Action-->>Mod: "{success: true}"

Loading

Comments Outside Diff (1)

1. lib/data/past-paper-detail.ts, line 157-169 (link)

   Stale Redis cache entries after isClear filter change

   getPastPaperDetail now queries only papers with isClear = true and uses the new published-past-paper-detail Redis key prefix, but any entry previously written under the old past-paper-detail prefix (for a paper that was already clear) is never explicitly evicted. Those entries will linger in Redis until their TTL expires (up to one hour per cacheLife). In practice this is cosmetically stale data rather than a correctness issue, but it is worth ensuring the Redis cache has an appropriate TTL so old-prefix entries do not persist indefinitely.

_{Reviews (1): Last reviewed commit: "Merge pull request #417 from ACM-VIT/cur..." | Re-trigger Greptile}

[greptile-apps]

The ne(pastPaper.id, parsed.id) predicate in the linkedAnswerKey query is never effective. The query already filters on eq(pastPaper.questionPaperId, parsed.id), so the only row whose id could equal parsed.id would be a paper whose questionPaperId equals its own id — a self-reference that is caught earlier in the same transaction. Removing the redundant clause makes the intent clearer.

Suggested change

	const [linkedAnswerKey] = await tx
	.select({
	id: pastPaper.id,
	title: pastPaper.title,
	})
	.from(pastPaper)
	.where(
	and(
	eq(pastPaper.questionPaperId, parsed.id),
	ne(pastPaper.id, parsed.id),
	),
	)
	.limit(1);
	const [linkedAnswerKey] = await tx
	.select({
	id: pastPaper.id,
	title: pastPaper.title,
	})
	.from(pastPaper)
	.where(
	eq(pastPaper.questionPaperId, parsed.id),
	)
	.limit(1);