Reset branch to commit bf6043b

[ngoiyaeric]

User description

The user requested to make commit bf6043b the head of the branch feature/radial-drawing-tool-15881425069546006738 and discard later changes. This was achieved via git reset --hard bf6043b.

---

PR created automatically by Jules for task 5794459265562258649 started by @ngoiyaeric

---

PR Type

Bug fix, Enhancement

---

Description

• Removed deleted type definitions and simplified utility functions

• Refactored drawing tool to remove type safety constraints and simplify logic

• Improved environment variable logging with partial masking for security

• Simplified map state management and portal detection in header search

• Updated toast library from sonner to react-toastify

• Cleaned up schema validation and removed unnecessary type constraints

---

Diagram Walkthrough

flowchart LR
  A["Removed Type Definitions"] --> B["Simplified Drawing Tool"]
  C["Refactored Utilities"] --> B
  D["Updated Dependencies"] --> E["Improved Security Logging"]
  B --> F["Cleaner Codebase"]
  E --> F

Loading

File Walkthrough

	Relevant files
Deletion	1 files tools.ts Removed tool type definitions file                                              +0/-20
Enhancement	7 files index.ts Simplified Google Maps URL generation                                        +1/-15    mcp.ts Improved logging and simplified client closure                      +4/-13    header-search-button.tsx Simplified portal detection and map availability checks    +7/-31    map-query-handler.tsx Inlined type definitions and simplified error handling      +34/-26  mobile-icons-bar.tsx Replaced portal with direct search button                                +3/-4      drawing.tsx Removed type imports and simplified feature handling          +34/-46  drawing.tsx Inlined coordinate schema and removed validation rules      +15/-17
Bug fix	1 files chat.tsx Simplified router refresh logic and state management          +23/-16
Formatting	1 files resolution-image.tsx Updated CSS classes for glassmorphic styling                          +2/-2
Documentation	1 files researcher.tsx Reordered tool decision flow and removed priority note      +2/-3

---

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
qcx	Ready	Preview, Comment	Feb 5, 2026 0:08am

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/radial-drawing-tool-15881425069546006738-5794459265562258649

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[qodo-code-review]

ⓘ You are approaching your monthly quota for Qodo. Upgrade your plan

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴	Secret logging Description: Partial secrets (first 8 characters) of COMPOSIO_API_KEY, MAPBOX_ACCESS_TOKEN, and COMPOSIO_USER_ID are logged via console.log, which can leak credentials into server logs/observability systems and enable offline brute-force or replay if logs are accessed. mcp.ts [15-19] Referred Code console.log('[MCP Utility] Environment check:', { composioApiKey: composioApiKey ? `${composioApiKey.substring(0, 8)}...` : 'MISSING', mapboxAccessToken: mapboxAccessToken ? `${mapboxAccessToken.substring(0, 8)}...` : 'MISSING', composioUserId: composioUserId ? `${composioUserId.substring(0, 8)}...` : 'MISSING', });
⚪	Sensitive data logging Description: The code logs mapData.drawnFeatures to the console before calling updateDrawingContext, which may expose sensitive user-drawn geospatial data (e.g., home/work locations or routes) in client logs and any log collection tooling. chat.tsx [95-103] Referred Code // useEffect to call the server action when drawnFeatures changes useEffect(() => { if (id && mapData.drawnFeatures && mapData.cameraState) { console.log('Chat.tsx: drawnFeatures changed, calling updateDrawingContext', mapData.drawnFeatures); updateDrawingContext(id, { drawnFeatures: mapData.drawnFeatures, cameraState: mapData.cameraState, }); }
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Missing API key check: The updated getGoogleStaticMapUrl no longer validates GOOGLE_MAPS_API_KEY, allowing a malformed URL (e.g., key=undefined) to be generated without an actionable error. Referred Code export function getGoogleStaticMapUrl(latitude: number, longitude: number): string { const apiKey = process.env.GOOGLE_MAPS_API_KEY; return `https://maps.googleapis.com/maps/api/staticmap?center=${latitude},${longitude}&zoom=14&size=600x300&maptype=roadmap&markers=color:red%7C${latitude},${longitude}&key=${apiKey}`; } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Secrets logged in console: The environment check logs the first 8 characters of secrets (COMPOSIO_API_KEY, MAPBOX_ACCESS_TOKEN, COMPOSIO_USER_ID), which still exposes sensitive data in logs. Referred Code console.log('[MCP Utility] Environment check:', { composioApiKey: composioApiKey ? `${composioApiKey.substring(0, 8)}...` : 'MISSING', mapboxAccessToken: mapboxAccessToken ? `${mapboxAccessToken.substring(0, 8)}...` : 'MISSING', composioUserId: composioUserId ? `${composioUserId.substring(0, 8)}...` : 'MISSING', }); Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Validation constraints removed: The updated drawingToolSchema removes coordinate bounds, minimum vertex/segment counts, and positive radius enforcement, allowing invalid/untrusted external inputs to reach map-drawing logic. Referred Code export const drawingToolSchema = z.discriminatedUnion('type', [ z.object({ type: z.literal('polygon'), location: z.string().optional().describe('Name of the place to draw a polygon around'), coordinates: z.array(z.object({ lat: z.number(), lng: z.number() })).optional().describe('List of coordinates for the polygon vertices'), label: z.string().optional().describe('Label for the polygon'), color: z.string().optional().describe('Color for the polygon (e.g., "#ff0000")') }), z.object({ type: z.literal('line'), location: z.string().optional().describe('Name of the place to draw a line at'), coordinates: z.array(z.object({ lat: z.number(), lng: z.number() })).optional().describe('List of coordinates for the line segments'), label: z.string().optional().describe('Label for the line'), color: z.string().optional().describe('Color for the line (e.g., "#0000ff")') }), ... (clipped 13 lines) Learn more about managing compliance generic rules or creating your own custom rules
⚪
	Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

ⓘ You are approaching your monthly quota for Qodo. Upgrade your plan

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix disabled button for Google Maps Fix the disabled condition for the search buttons to correctly handle both Mapbox and Google Maps providers, preventing the button from being permanently disabled for Google Maps. components/header-search-button.tsx [105-126] +const isMapAvailable = mapProvider === 'mapbox' ? !!map : !!mapData.cameraState + const desktopButton = ( <Button variant="ghost" size="icon" onClick={handleResolutionSearch} - disabled={isAnalyzing || !map || !actions} + disabled={isAnalyzing || !isMapAvailable || !actions} title="Analyze current map view" > ... </Button> ) const mobileButton = ( - <Button variant="ghost" size="sm" onClick={handleResolutionSearch} disabled={isAnalyzing || !map || !actions}> + <Button variant="ghost" size="sm" onClick={handleResolutionSearch} disabled={isAnalyzing || !isMapAvailable || !actions}> <Search className="h-4 w-4 mr-2" /> Search </Button> ) [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a regression bug where the search button would be incorrectly disabled when using the Google Maps provider, as the disabled condition was changed to only check for the Mapbox map object.	High
	Prevent repeated refresh loops Reintroduce the lastRefreshedMessageIdRef to prevent potential infinite loops caused by router.refresh() on new 'response' messages. components/chat.tsx [78-83] +const lastRefreshedMessageIdRef = useRef<string | null>(null); useEffect(() => { - if (aiState.messages[aiState.messages.length - 1]?.type === 'response') { - // Refresh the page to chat history updates + const lastMsg = aiState.messages[aiState.messages.length - 1]; + if (lastMsg?.type === 'response' && lastMsg.id !== lastRefreshedMessageIdRef.current) { + lastRefreshedMessageIdRef.current = lastMsg.id; router.refresh() } -}, [aiState, router]) +}, [aiState.messages, router]) Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies that removing the lastRefreshedMessageIdRef check introduces a critical bug, a potential infinite refresh loop, and proposes re-adding the logic that was removed in the PR.	High
	Reinstate drawing parameter validation Restore Zod schema validations for drawing tools, including minimum coordinate counts for polygons and lines, and ensuring circles have a location or center. lib/schema/drawing.tsx [3-36] +const coordinateSchema = z.object({ + lat: z.number().min(-90).max(90), + lng: z.number().min(-180).max(180) +}); export const drawingToolSchema = z.discriminatedUnion('type', [ z.object({ type: z.literal('polygon'), - location: z.string().optional().describe('Name of the place to draw a polygon around'), - coordinates: z.array(z.object({ - lat: z.number(), - lng: z.number() - })).optional().describe('List of coordinates for the polygon vertices'), + location: z.string().optional(), + coordinates: z.array(coordinateSchema).min(3).describe('At least 3 vertices'), ... }), z.object({ type: z.literal('line'), - location: z.string().optional().describe('Name of the place to draw a line at'), - coordinates: z.array(z.object({ - lat: z.number(), - lng: z.number() - })).optional().describe('List of coordinates for the line segments'), + location: z.string().optional(), + coordinates: z.array(coordinateSchema).min(2).describe('At least 2 points'), ... }), z.object({ type: z.literal('circle'), - location: z.string().optional().describe('Name of the place to draw a circle around'), - center: z.object({ - lat: z.number(), - lng: z.number() - }).optional().describe('Center coordinates for the circle'), - radius: z.number().describe('Radius of the circle'), + location: z.string().optional(), + center: coordinateSchema.optional(), + radius: z.number().positive(), ... }) -]); +]).refine(data => { + if (data.type === 'circle') { + return Boolean(data.location || data.center); + } + return true; +}, { message: 'Either location or center must be provided for circles' }); [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 8 __ Why: This suggestion correctly points out that removing schema validations (min coordinates, .positive radius, refine for circle location/center) weakens input validation and could lead to runtime errors in the drawing tool.	Medium
General	Handle or require line coordinates Update the line drawing tool to handle the optional location property from the schema by adding geocoding logic, or make the coordinates property required. lib/agents/tools/drawing.tsx [108-120] } else if (type === 'line') { - const lineCoords = params.coordinates - ? params.coordinates.map(c => [c.lng, c.lat]) - : null; - - if (!lineCoords) throw new Error('No coordinates provided for line'); - + // If no coordinates but a location is provided, geocode it into a default two-point line or throw. + let lineCoords = params.coordinates?.map(c => [c.lng, c.lat]) || null; + if (!lineCoords && params.location) { + // geocode locationToGeocode similar to polygon, then create a small default line segment + const point = center || await geocode(params.location); + lineCoords = [[point[0], point[1]], [point[0] + 0.001, point[1] + 0.001]]; + } + if (!lineCoords) { + throw new Error('No coordinates or location provided for line'); + } const line = turf.lineString(lineCoords, { user_label: params.label, user_color: params.color }); features.push(line); } Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a mismatch where the schema for line was updated to allow an optional location, but the tool implementation does not handle geocoding this location, only coordinates.	Low
Update

[charliecreates]

This reset reintroduces several regressions and reliability/security risks: a likely router.refresh() loop in Chat, mobile search becoming non-functional due to portal removal, and provider-incompatible search button disabling logic. The drawing tool and schema have been weakened with any casts and reduced validation, increasing runtime failures and type drift (especially after deleting lib/types/tools.ts). Additionally, MCP utilities now log partial secrets (security issue) and Google static map URL generation no longer fails fast when misconfigured.

Additional notes (7)

• Maintainability | components/chat.tsx:76-83
router.refresh() is now triggered whenever the last AI message is a response, but the effect depends on the entire aiState object. If router.refresh() causes aiState to be re-instantiated (or causes repeated server re-renders that rehydrate state), this can re-trigger the effect repeatedly and create a refresh loop. The previous code used a lastRefreshedMessageIdRef guard, which was specifically preventing this class of bug.

• Performance | components/chat.tsx:94-101
  This effect calls a server action every time drawnFeatures or cameraState changes, and also logs full feature payloads. Drawing interactions can update state at high frequency, which can spam the server, increase costs, and degrade UX. It also risks racing updates (out-of-order writes) and producing inconsistent persisted context.

• Compatibility | components/header-search-button.tsx:105-105
  The disabled logic now uses !map for all providers, but earlier logic allowed Google Maps to work based on mapData.cameraState. As written, the search button will be disabled for Google Maps even when the camera state is available (because map likely refers to a Mapbox instance). That’s a behavioral regression.

• Readability | components/header-search-button.tsx:33-33
  Removing the MutationObserver portal discovery means portals will only be found if the portal nodes exist at the time this component mounts. If those portal targets are rendered later (common with conditional headers/layouts), the search button will never render.

The deleted observer logic was there to handle exactly that.

• Compatibility | components/mobile-icons-bar.tsx:45-51
  The mobile portal target (#mobile-header-search-portal) was removed, but HeaderSearchButton still attempts to render into it. Result: the mobile header search button will never appear via portal, and the new search icon button added here has no onClick handler, so search is effectively broken on mobile.

• Maintainability | lib/agents/tools/drawing.tsx:16-16
  The drawing tool introduces multiple unsafe-but-type-valid patterns (any[], (params as any).location, units as any) and removes the earlier guarded parsing/timeout behavior for MCP calls. The current JSON parsing path (JSON.parse(...)) is unguarded; if the MCP returns non-JSON or unexpected content, the tool will throw and you’ll lose the opportunity to provide a controlled fallback. Also, returning { type: 'DRAWING_TRIGGER', error } without timestamp changes the output shape consumers might rely on.

• Maintainability | lib/utils/index.ts:121-124
getGoogleStaticMapUrl no longer throws when GOOGLE_MAPS_API_KEY is missing, and will generate a URL containing key=undefined. That creates confusing failures downstream (broken images) and makes debugging harder. The previous explicit error was better for correctness.

Summary of changes

Summary

This PR is a branch reset to bf6043b, which effectively reverts/discards later commits and restores earlier versions of multiple files.

Notable code-level deltas visible in the diff

• Chat + map context wiring: components/chat.tsx now reads drawnFeatures/cameraState from useMapData() and calls updateDrawingContext(id, …) when they change; also changes the router refresh effect.
• Header search button behavior: components/header-search-button.tsx simplifies portal discovery logic and switches notifications from sonner to react-toastify; changes the disabled condition to depend on map.
• Map query handling types: components/map/map-query-handler.tsx removes the shared ToolOutput import and inlines a ToolOutput/McpResponseData definition.
• Mobile UI: components/mobile-icons-bar.tsx removes the mobile portal target and adds a standalone search icon button (without click behavior).
• Drawing tool + schema:
  • lib/agents/tools/drawing.tsx loosens typing (any[], (params as any).location, units as any), simplifies MCP call parsing, and changes returned payload fields.
  • lib/schema/drawing.tsx relaxes validation (removes lat/lng bounds and the circle “location or center required” refinement; makes line coordinates optional).
• Utilities:
  • lib/utils/index.ts changes getGoogleStaticMapUrl to a simple string template and no longer throws when GOOGLE_MAPS_API_KEY is missing.
  • lib/utils/mcp.ts logs partial secrets (first 8 chars) and removes throwOnError from closeClient.
• Type file removed: lib/types/tools.ts deleted; equivalent types are partially duplicated elsewhere.

[charliecreates]

Switching from sonner to react-toastify is a breaking change unless the app is already configured with ToastContainer and CSS imports. In this diff there’s no corresponding setup, so runtime toasts may silently fail or look unstyled.

Suggestion

Either revert to the previously configured toast library (sonner) or ensure react-toastify is globally configured (e.g., <ToastContainer /> in the root layout and the CSS import once). If you keep react-toastify, add/verify the app-wide setup in the same PR to avoid a partial migration.

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.

[charliecreates]

ToolOutput is redefined locally and includes features?: any[], while the shared lib/types/tools.ts was deleted. This creates type drift risk across the codebase and makes it easy for tool producers/consumers to diverge silently.

Suggestion

Reintroduce a single shared ToolOutput type (e.g., lib/types/tools.ts) and import it in both tool producers and UI consumers. Avoid any[] for features—use geojson.Feature[] (or a narrower type used across drawing/map components).

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.

[charliecreates]

drawingToolSchema was weakened significantly:

• removed lat/lng bounds
• made line.coordinates optional (but the executor throws if missing)
• removed circle refinement enforcing location || center
• removed radius.positive() constraint

This increases invalid tool calls and pushes validation failures into runtime errors, which is worse for reliability and model/tool behavior.

Suggestion

Restore strict validation:

• bring back coordinate bounds
• keep line.coordinates required with .min(2)
• keep circle.radius as .positive()
• re-add .refine to enforce location || center for circles (and possibly polygons)

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.

[charliecreates]

This now logs the first 8 characters of secrets. That’s still sensitive information and can materially help an attacker correlate/validate leaked keys; it also violates the common best practice of never logging secrets (even partially). Earlier code only logged PRESENT/MISSING, which is safer.

Suggestion

Revert to non-secret logging (PRESENT/MISSING) or log only boolean flags. If you need debugging, gate more detailed logging behind a local-only dev flag and ensure it cannot run in production.

Example:

console.log('[MCP Utility] Environment check:', {
  composioApiKey: composioApiKey ? 'PRESENT' : 'MISSING',
  mapboxAccessToken: mapboxAccessToken ? 'PRESENT' : 'MISSING',
  composioUserId: composioUserId ? 'PRESENT' : 'MISSING',
})

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.