Add Civic Eye UI and robust camera fallbacks by RohanExploit · Pull Request #767 · RohanExploit/VishwaGuru

RohanExploit · 2026-05-16T10:47:16Z

This PR adds the Civic Eye UI integration to the home page, adds voice commands for it, and implements robust fallback for camera stream initialization across detectors so they don't silently fail when strict facingMode constraints aren't met on certain devices. It also fixes test suites running locally by installing correct test environment packages (pytest-asyncio and jest-environment-jsdom) and applies code formatting.

PR created automatically by Jules for task 17668311478762952937 started by @RohanExploit

Summary by cubic

Adds Civic Eye (Safety Checker) to Home with voice triggers and robust camera fallbacks. Also fixes frontend build chunking to unblock deploys, tightens upload security, and removes sensitive logs.

New Features
- Civic Eye button on Home and Safety Checker view.
- Voice commands “civic eye”/“civic-eye” open Civic Eye.
- Camera fallback in CivicEyeDetector, EmotionDetector, and PotholeDetector when facingMode fails.
Bug Fixes
- Removed sensitive data/location logs in backend/cache.py and backend/geofencing_service.py.
- Strengthened path traversal prevention for field officer image uploads: enforce VISIT_IMAGES_DIR boundary and sanitize file extensions in backend/routers/field_officer.py.
- Frontend build stabilized by splitting node_modules into a vendor chunk and raising the chunk size limit in frontend/vite.config.js.
- Local tests run reliably by adding pytest-asyncio and jest-environment-jsdom.

^{Written for commit d4cca59. Summary will update on new commits. Review in cubic}

Summary by CodeRabbit

New Features
- Civic Eye safety checker UI + voice-command entry
- Issue creation/field-officer flows now return created timestamps; image upload limits enforced
- Issue responses may include AI action plans; resolution/evidence endpoints now return success messages and totals
Improvements
- Camera access falls back to alternate devices for greater reliability
- Enhanced voice transcription: format conversion, multi-language detection, confidence & auto-correction flags, optional translation
- Detection endpoints: stronger upload validation and clearer “temporarily unavailable” responses
Style & Refactor
- Large formatting and schema refinements across backend/frontend

- Exposed the Civic Eye (Safety Checker) feature button on the Home view's Auxiliary Systems section. - Added voice commands to trigger Civic Eye ("civic eye" or "civic-eye") via FloatingButtonsManager. - Implemented robust `try-catch` fallback mechanisms for `navigator.mediaDevices.getUserMedia()` in `EmotionDetector`, `CivicEyeDetector`, and `PotholeDetector` to default to any available camera if specific `facingMode` constraints fail. - Fixed backend test suite by resolving async testing requirements (`pytest-asyncio` integration). - Applied code formatting using `black` on backend.

google-labs-jules · 2026-05-16T10:47:17Z

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

netlify · 2026-05-16T10:47:20Z

❌ Deploy Preview for fixmybharat failed. Why did it fail? →

Name	Link
🔨 Latest commit	`d4cca59`
🔍 Latest deploy log	https://app.netlify.com/projects/fixmybharat/deploys/6a086c4208db0900080e82f8

github-actions · 2026-05-16T10:47:23Z

🙏 Thank you for your contribution, @RohanExploit!

PR Details:

Title: Add Civic Eye UI and robust camera fallbacks
Number: Add Civic Eye UI and robust camera fallbacks #767

Quality Checklist:
Please ensure your PR meets the following criteria:

Code follows the project's style guidelines
Self-review of code completed
Code is commented where necessary
Documentation updated (if applicable)
No new warnings generated
Tests added/updated (if applicable)
All tests passing locally
No breaking changes to existing functionality

Review Process:

Automated checks will run on your code
A maintainer will review your changes
Address any requested changes promptly
Once approved, your PR will be merged! 🎉

Note: The maintainers will monitor code quality and ensure the overall project flow isn't broken.

coderabbitai · 2026-05-16T10:47:27Z

📝 Walkthrough

Walkthrough

Repo-wide formatting pass plus detector, voice, resolution-proof, schema, router, cache, and frontend camera fallback updates; includes added HF detectors, unified detection backend selection, voice transcription/translation flow changes, and a new ResolutionEvidence timestamp field.

Changes

Repo-wide updates

Layer / File(s)	Summary
Bootstrap & entrypoint `backend/__main__.py`, `backend/main.py`, `backend/main_fixed.py`	App startup, uvicorn invocation, FastAPI lifespan and startup wiring, logging and startup validation reformatted; behavior preserved.
AI services & Gemini `backend/ai_service.py`, `backend/gemini_services.py`, `backend/gemini_summary.py`, `backend/ai_interfaces.py`	Retry/backoff, Gemini init, AI service container wiring and in-memory chat caching reformatted; final retry failures wrapped into structured AIServiceException.
Detection & HF API `backend/hf_api_service.py`, `backend/hf_service.py`, `backend/unified_detection_service.py`, `backend/routers/detection.py`	Added/expanded HF/CLIP detectors (severity, smart-scan, civic-eye, depth map, facial emotion), normalized outputs, introduced cached detection helper and unified backend selection (local vs HF).
Voice pipeline & routes `backend/voice_service.py`, `backend/routers/voice.py`	Transcription writes temp files, converts to WAV, tries language candidates, translates when needed, flags manual-correction; routes updated for form defaults, validation, and audio storage.
Resolution proof & audit `backend/resolution_proof_service.py`, `backend/routers/resolution_proof.py`, `backend/models.py`	Evidence token signing/validation and audit-log chaining reformatted; explicit prev-hash fetch and HMAC chaining retained; `ResolutionEvidence.uploaded_at` timestamp added.
Field-officer & geofencing `backend/routers/field_officer.py`, `backend/geofencing_service.py`	Check-in/out, visit hashing, upload-images endpoint with per-request/cumulative limits and validation, stats aggregation and verify endpoint DB injection; geofencing helper formatting and SECRET_KEY multi-line assignment.
Schemas & routers `backend/schemas.py`, `backend/routers/issues.py`, `backend/routers/grievances.py`, `backend/routers/utility.py`, `backend/routers/resolution_proof.py`	Large schema expansions (voice, evidence, officer visits, tokens), router response-shape additions (evidence totals, messages), and many router formatting/refactors preserving behavior.
Local ML & models `backend/local_ml_service.py`, `backend/pothole_detection.py`, `backend/garbage_detection.py`, `backend/grievance_classifier.py`, `backend/ml/train_grievance.py`	Local YOLO loading adjustments, threadpool inference, detection heuristics, model path quoting and training script formatting.
Cache, utils, config, DB & scheduler `backend/cache.py`, `backend/utils.py`, `backend/config.py`, `backend/database.py`, `backend/init_db.py`, `backend/scheduler.py`	Cache miss/counting changes, upload validation with python-magic, config.from_env reflow, DB URL handling and migrations rewritten into multiline text blocks, scheduler formatting.
Tests & frontend `backend/tests/`, `frontend/src/`, `frontend/vite.config.js`	Many tests reformatted and small test-entry improvements; frontend camera startCamera fallbacks and a new Civic Eye sidebar button; Vite build chunking added.

Estimated code review effort
🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

RohanExploit/VishwaGuru#248 — Gemini retry/final-failure exception handling overlaps ai_service changes.
RohanExploit/VishwaGuru#293 — Escalation/audit integrity-hash chaining refactor is related to escalation_engine changes.
RohanExploit/VishwaGuru#328 — Closure/confirmation workflow changes relate to closure_service edits.

Suggested labels
ECWoC26, ECWoC26-L3

"I’m a rabbit in the CI stream,
Hopping through refactors like a dream.
Cameras retry, voices transcribe,
Evidence chains now neatly scribed.
Cheers — tests pass, deploy’s a gleam!"

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch add-civic-eye-and-camera-fallback-17668311478762952937

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

coderabbitai

Actionable comments posted: 18

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

backend/utils.py (1)

87-103: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not swallow HTTPException from MIME validation.

Both MIME-check blocks catch Exception and pass, which also swallows intentional HTTPException(400) rejections and weakens enforcement.

Suggested fix

-        except Exception as e:
+        except HTTPException:
+            raise
+        except Exception as e:
             logger.error(f"Magic validation failed: {e}")
             # Fallback to PIL if magic fails unexpectedly
             pass

Apply the same pattern in process_uploaded_image_sync.

Also applies to: 179-191

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/utils.py` around lines 87 - 103, The try/except in the MIME
validation (inside the file read/detected_mime block) currently catches all
Exceptions and swallows raised HTTPException(400); change the except to re-raise
HTTPException instances while only handling unexpected errors: in the except
block, if isinstance(e, HTTPException): raise, otherwise log the error and
continue with the PIL fallback. Apply the identical pattern in
process_uploaded_image_sync so intentional HTTPException validation failures are
not suppressed.

backend/pothole_detection.py (1)

97-104: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid permanently locking the singleton into a failed state.

On Line 100, setting _model_initialized = True inside the failure path prevents retries after transient failures (e.g., temporary network/model download issues), so the detector can stay down indefinitely.

Suggested fix

         except Exception as e:
             # Cache the error to prevent repeated failed initialization attempts
             _model_loading_error = e
-            _model_initialized = True  # Mark as initialized (even though it failed)
+            _model_initialized = False  # Allow retry on next request
             logger.error(f"Model initialization failed: {e}")
             raise ModelLoadException(
                 "keremberke/yolov8n-pothole-segmentation", details={"error": str(e)}
             ) from e

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/pothole_detection.py` around lines 97 - 104, The failure path
currently sets _model_initialized = True which permanently blocks retries;
change the exception handling in the model initialization block so you do NOT
set _model_initialized = True on error—keep it False (allowing future retries),
optionally store the exception in _model_loading_error for diagnostics, and
re-raise ModelLoadException as before; update the code around the try/except
that uses _model_loading_error and _model_initialized (the symbols
_model_loading_error, _model_initialized, and ModelLoadException) so transient
download/network failures can be retried instead of locking the singleton in a
failed state.

backend/unified_detection_service.py (2)

268-299: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

detect_fire() skips HF fallback when AUTO selects local backend.

When AUTO mode picks "local", fire detection returns [] (Line 292 onward) without trying HF, even if HF is available. This causes false negatives.

Suggested fix

-        backend = await self._get_detection_backend()
-
-        if backend == "huggingface" or backend == "auto":
-            # Even in auto, if we don't have local fire model, we fallback or use HF if enabled
-            if await self._check_hf_available():
+        backend = await self._get_detection_backend()
+
+        # Fire currently has no local model; prefer HF whenever available unless backend is forced LOCAL.
+        if self.backend != DetectionBackend.LOCAL and await self._check_hf_available():
                 from backend.hf_api_service import detect_fire_clip
                 result = await detect_fire_clip(image)
                 if isinstance(result, list):
                     return result
                 if isinstance(result, dict) and "detections" in result:
                     return result["detections"]
                 if isinstance(result, dict):
                     return [result]
                 return []

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/unified_detection_service.py` around lines 268 - 299, The detect_fire
implementation currently returns early when backend resolves to "local" and
never tries HF; update detect_fire (the method using
self._get_detection_backend() and self._check_hf_available()) so that when
backend == "local" but await self._check_hf_available() is True (i.e., AUTO
should fall back to HF), it imports and calls
backend.hf_api_service.detect_fire_clip (same handling of list/dict results as
the existing HF branch) instead of immediately returning []; ensure existing
logging for local-only fallback remains when HF is not available.

86-90: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

HF availability check always returns true, even without credentials.

HF_TOKEN is read but ignored. This marks HF backend as available even when it cannot authenticate, causing avoidable runtime failures.

Suggested fix

         try:
             # HF token present indicates API might be available
             token = os.environ.get("HF_TOKEN")
-            self._hf_available = True  # Assume available, actual call will verify
+            self._hf_available = bool(token)
             return self._hf_available

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/unified_detection_service.py` around lines 86 - 90, The HF
availability check in unified_detection_service.py currently reads HF_TOKEN into
the local variable token but always sets self._hf_available = True; update the
availability logic in the method that performs the HF check so that it verifies
token is present (e.g., token = os.environ.get("HF_TOKEN"); if not token: set
self._hf_available = False and return False) and only set self._hf_available =
True after confirming credentials exist (optionally followed by a lightweight
API/auth call to further validate); ensure you reference and update the existing
token variable and self._hf_available flag so HF is not marked available when
HF_TOKEN is missing or invalid.

backend/routers/detection.py (2)

342-349: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Oversized audio can be misreported as 400 instead of 413.

Inside the read try block, an intentional HTTPException(413) is caught by broad except Exception and converted to 400. Re-raise HTTPException first.

Suggested fix

     try:
         audio_bytes = await file.read()
         if len(audio_bytes) > 10 * 1024 * 1024:
             raise HTTPException(status_code=413, detail="Audio file too large")
+    except HTTPException:
+        raise
     except Exception as e:
         logger.error(f"Invalid audio file: {e}", exc_info=True)
         raise HTTPException(status_code=400, detail="Invalid audio file")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/routers/detection.py` around lines 342 - 349, The broad except in the
audio read block swallows intentionally raised HTTPException(413) and converts
it to a 400; update the exception handling in the try around await file.read() /
len(audio_bytes) so that HTTPException is re-raised unchanged (either add an
except HTTPException: raise or check isinstance(e, HTTPException) and re-raise)
and only log/raise HTTPException(status_code=400, ...) for other exceptions;
refer to the await file.read(), audio_bytes, logger.error(...) and the existing
raise HTTPException(status_code=413, detail="Audio file too large") when making
the change.

518-524: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

detect-nsfw and detect-emotion use the upload helpers with incompatible types.

validate_uploaded_file() returns a PIL image/None, not a dict with "error"/"bytes". Also, process_uploaded_image is async and expects UploadFile, but it’s being passed to run_in_threadpool with img_data["bytes"]. This path will fail at runtime.

Suggested fix

-    img_data = await validate_uploaded_file(image)
-    if "error" in img_data:
-        raise HTTPException(status_code=400, detail=img_data["error"])
-
-    processed_bytes = await run_in_threadpool(process_uploaded_image, img_data["bytes"])
+    _, processed_bytes = await process_uploaded_image(image)
     client = get_http_client(request)
-    result = await detect_nsfw_content(processed_bytes, client)
+    result = await detect_nsfw_content(processed_bytes, client=client)

Apply the same correction pattern to detect_emotion_endpoint.

Also applies to: 538-544

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/routers/detection.py` around lines 518 - 524, validate_uploaded_file
returns a PIL Image (or None) and process_uploaded_image is an async function
that expects the original UploadFile, so the current flow calling
validate_uploaded_file then checking for "error" and piping img_data["bytes"]
into run_in_threadpool will fail; instead, in the detect_nsfw endpoint call
validate_uploaded_file to check/obtain the PIL image (or raise HTTPException if
None), then call await process_uploaded_image(image_file) directly (not via
run_in_threadpool and not passing img_data["bytes"]), get the processed bytes
and pass them to detect_nsfw_content with the HTTP client; apply the same
correction to the detect_emotion_endpoint so both use validate_uploaded_file and
await process_uploaded_image correctly with the original UploadFile/PIL
handling.

backend/routers/issues.py (1)

104-107: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Sanitize the multipart filename before joining it into the upload path.

Prefixing image.filename with a UUID does not neutralize embedded /, \, or .. segments. A crafted multipart filename can still create unexpected nested paths or escape data/uploads. Derive the saved name from a generated basename plus a validated extension instead of reusing the client-supplied path component.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/routers/issues.py` around lines 104 - 107, The current construction
of filename and image_path uses the raw image.filename which can contain path
traversal; change this to derive the stored name from a UUID plus a validated
extension rather than using the client-supplied path: extract ext =
os.path.splitext(os.path.basename(image.filename))[1], check ext against an
allowlist (e.g., .jpg, .png, .gif, .webp), then set filename =
f"{uuid.uuid4()}{ext}" and use os.path.join(upload_dir, filename) (references:
upload_dir, filename, image_path, image.filename).

backend/main_fixed.py (1)

362-366: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Sanitize the multipart filename before building image_path.

This has the same path-traversal problem as the router version: uuid + image.filename still preserves attacker-controlled separators and .. segments. Generate the stored basename yourself and keep only a validated extension from the upload metadata.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/main_fixed.py` around lines 362 - 366, The current construction of
filename and image_path uses attacker-controlled image.filename which allows
path traversal; replace that by computing a safe stored basename yourself: keep
upload_dir, generate a UUID (as you already do), then validate and extract only
the extension from image.filename (or from image.content_type) using a whitelist
of allowed extensions, normalize/strip any path separators and dots, and build
filename as f"{uuid}.{extension}" so image_path = os.path.join(upload_dir,
safe_basename); continue to call save_file_blocking(image.file, image_path).
Ensure you reject or default when the uploaded extension is missing or not
allowed.

🧹 Nitpick comments (2)

frontend/src/EmotionDetector.jsx (1)

24-40: 💤 Low value

Consider cleaning up the failed stream before fallback attempt.

Similar to CivicEyeDetector, if the first getUserMedia call partially succeeds but fails on constraint negotiation, a stream might be allocated. Although rare, explicitly stopping it would prevent potential resource leaks.

♻️ Optional: Add stream cleanup in the outer catch block

         } catch (err) {
             console.warn("Front camera failed, trying any available camera...", err);
+            // Clean up any partially allocated stream
+            if (stream) {
+                stream.getTracks().forEach(track => track.stop());
+            }
             try {
                 const stream = await navigator.mediaDevices.getUserMedia({

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/src/EmotionDetector.jsx` around lines 24 - 40, The outer catch
should stop any partially-allocated MediaStream before attempting the fallback
to avoid leaks: in the block catching the initial getUserMedia error, capture
the stream returned by that first attempt (or check navigator.mediaDevices if a
stream variable exists), and if a stream is present call
stream.getTracks().forEach(t => t.stop()) before invoking the fallback
getUserMedia; update references in EmotionDetector.jsx around videoRef and the
outer catch to ensure you stop tracks (and clear videoRef.current.srcObject if
set) prior to trying the fallback and before calling setError/setIsDetecting.

frontend/src/CivicEyeDetector.jsx (1)

28-41: 💤 Low value

Consider cleaning up the failed stream before fallback attempt.

When the first getUserMedia call partially succeeds but then fails (e.g., permission granted but device constraint unsupported), a stream might be allocated. Although unlikely, not explicitly stopping it could leak resources.

♻️ Optional: Add stream cleanup in the outer catch block

         } catch (err) {
             console.warn("Environment camera failed, trying any available camera...", err);
+            // Clean up any partially allocated stream
+            if (mediaStream) {
+                mediaStream.getTracks().forEach(track => track.stop());
+            }
             try {
                 const mediaStream = await navigator.mediaDevices.getUserMedia({

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/src/CivicEyeDetector.jsx` around lines 28 - 41, The outer catch
should stop any partially-allocated MediaStream before attempting the fallback:
check the current stream state (e.g., the component's stream variable/state or
any mediaStream referenced in the try block) and call getTracks().forEach(t =>
t.stop()) to release tracks, and also clear setStream(null) if applicable; then
proceed to the fallback getUserMedia call and when assigning a new stream (in
setStream and videoRef.current.srcObject) ensure any previous stream was stopped
first. This affects the getUserMedia/fallback block around the mediaStream,
setStream, and videoRef usage in CivicEyeDetector.jsx.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/cache.py`:
- Around line 67-74: The debug log is emitting raw cache keys (logger.debug
f"Cache set: key={key}...") which may leak sensitive identifiers; change the log
to avoid raw keys by logging a redacted form or a stable hash of key (e.g.,
SHA-256 hex truncated) instead, updating the logger.debug call near the cache
set logic that manipulates self._data and self._timestamps so it uses the
hashed_or_redacted_key variable rather than key.

In `@backend/closure_service.py`:
- Around line 65-67: The code computes required_confirmations using int(...)
which floors the threshold and can allow closure below the intended quorum;
update the calculation in ClosureService where required_confirmations is set
(and the analogous occurrences around the block at lines ~196-198) to use a
ceiling instead (e.g., math.ceil(follower_count *
ClosureService.CONFIRMATION_THRESHOLD)) so the threshold rounds up correctly;
add the necessary import (math) if not present and ensure the variable names
follower_count and required_confirmations are used consistently.

In `@backend/config.py`:
- Line 121: The config currently uses a hardcoded fallback signing key
(secret_key / SECRET_KEY) which produces predictable JWTs; remove the static
literal and instead load SECRET_KEY from the environment and if missing either
generate a secure random key at startup for dev only or fail fast in non-dev
modes; update the same pattern at the other occurrences referenced (lines near
where secret_key is set and the block around 219-221) so all fallbacks are
eliminated and every JWT signing key is either env-provided or securely
generated per-process.

In `@backend/geofencing_service.py`:
- Around line 58-60: The current logger.debug call logs precise coordinates
(lat1, lon1, lat2, lon2) which is PII; update the logging in the geofencing
distance calculation to avoid exact coordinates: remove full precision values
and either log only the distance (distance variable) or log masked/rounded
coordinates (e.g., round lat1/lon1/lat2/lon2 to 2 decimal places or replace with
coarse grid/hash) before passing them to logger.debug; modify the logger.debug
invocation that formats "Calculated distance..." so it uses the sanitized values
(or only distance) instead of the raw lat*/lon* variables.
- Around line 18-20: The SECRET_KEY is currently set with a hardcoded default;
remove that default and require the environment provide it by reading SECRET_KEY
from the environment without a fallback (e.g., use os.environ or check os.getenv
and raise an exception if None) so the app fails fast when the variable is
missing; update the assignment of SECRET_KEY in backend/geofencing_service.py
(the SECRET_KEY variable) to load from the environment and .encode("utf-8") it,
and add a clear startup error message (or raise RuntimeError) if the env var is
not set.

In `@backend/grievance_service.py`:
- Line 386: The query uses and_(...) but and_ is not imported, causing a
NameError at runtime; add an import for and_ (e.g., from sqlalchemy import and_
or from sqlalchemy.sql import and_) at the top of the module where other
SQLAlchemy imports live, and ensure the symbol is referenced where the query
filter is built (the and_(...) call in grievance_service.py) so the filter
expression resolves correctly.

In `@backend/local_ml_service.py`:
- Around line 38-47: The current load_general_model() monkey-patches torch.load
to force weights_only=False (original_load, patched_load, torch.load) which is
unsafe; remove the global monkey-patch and instead call Ultralytics' safe loader
(e.g. ultralytics.utils.patches.torch_load) or pass a scoped loader to the
YOLO() instantiation so you don't modify torch.load globally; if your
PyTorch/YOLO combo truly requires enabling non-weights-only deserialization, use
torch.serialization.add_safe_globals to allowlist only the YOLO-related classes
before loading, then restore/cleanup that scoped allowlist after the YOLO() load
(referencing load_general_model, YOLO, and torch.load in your changes).

In `@backend/main_fixed.py`:
- Around line 709-715: The endpoint detect_illegal_parking_endpoint (and the
other HF-backed handlers at the same pattern) currently reads image bytes
directly from UploadFile and forwards them to HF; instead, call the existing
validate_uploaded_file(image) early (before await image.read()) to enforce
size/type checks and reject invalid uploads consistently, then proceed to read
image_bytes and forward them; locate the UploadFile parameter in
detect_illegal_parking_endpoint (and the similar handlers around lines
referenced) and insert the validate_uploaded_file(image) call and its error
handling so oversized or non-image payloads are rejected before any HF call.
- Around line 499-503: The endpoint is reading the wrong keys from
analyze_urgency_text (which returns urgency, score, sentiment) and also needs to
normalize the helper's "Low|Medium|High" to the lowercase values expected by
UrgencyAnalysisResponse; update the handler that calls analyze_urgency_text to
pull result.get("urgency"), result.get("score"), and result.get("sentiment")
(not urgency_level/reasoning/recommended_actions), set
urgency_level=result.get("urgency", "Medium").lower(), populate reasoning with a
string derived from score/sentiment (e.g. f"score: {score}, sentiment:
{sentiment}") or result.get("reasoning", "Analysis completed"), and leave
recommended_actions as [] or derive if available; reference analyze_urgency_text
and UrgencyAnalysisResponse to locate the change.

In `@backend/resolution_proof_service.py`:
- Around line 249-253: validate_token() currently only reads
ResolutionProofToken (queried by token_id) and submit_evidence() later sets
is_used, allowing race conditions where two requests both see unused and both
proceed; fix by consuming the token atomically inside the same transaction that
processes evidence: in the transaction surrounding submit_evidence() (or
validate_token() if called within it) select the ResolutionProofToken row for
update (or perform a conditional UPDATE setting is_used=true WHERE
token_id=:token_id AND is_used=false and check affected rows) so that if the
token is already consumed you abort/raise; ensure the code paths in
validate_token(), submit_evidence(), ResolutionProofToken and any token check
logic handle the failure case and do not proceed to commit evidence when the
conditional update/lock indicates the token was already used.

In `@backend/routers/field_officer.py`:
- Around line 300-308: The upload_visit_images endpoint (function
upload_visit_images) is missing authentication/authorization; require and inject
get_current_active_user as a dependency, validate that current_user has an
allowed role (e.g., "field-officer" or "admin"), and bind any writer actions to
current_user (do not trust form/path inputs for actor identity); similarly
enforce this pattern on the other writable endpoint referenced (lines ~540-545).
Concretely, add a parameter current_user: User =
Depends(get_current_active_user) to upload_visit_images, check current_user.role
against allowed roles and raise 403 if unauthorized, and use
current_user.email/id when recording uploader/verifier instead of trusting
supplied verifier_email (or restrict verifier_email changes to admins only).

In `@backend/routers/issues.py`:
- Around line 202-212: After committing the upvote mutation (after await
run_in_threadpool(db.commit) in the linked-issue upvote path), invalidate the
cached representations for that issue so other read paths don't serve stale
counts: call the appropriate cache-busting methods on recent_issues_cache,
user_issues_cache, and nearby_issues_cache for the affected linked_issue_id (use
the same identifier used in the update, e.g., linked_issue_id) so their entries
are removed/invalidated; ensure this runs after the commit and before returning
to the caller to guarantee consistency across read caches.

In `@backend/routers/utility.py`:
- Around line 26-27: The import list in backend/routers/utility.py contains a
duplicate entry for find_mla_by_constituency; remove the redundant import so the
symbol is only imported once (i.e., delete the second find_mla_by_constituency
line or deduplicate the import list) to keep imports clean and avoid redundancy.

In `@backend/routers/voice.py`:
- Around line 109-111: The handlers currently include str(e) in HTTP 500
responses (e.g., the voice transcription handler raising
HTTPException(status_code=500, detail=f"Voice transcription failed: {str(e)}")),
which leaks internal errors; change each such handler (voice transcription,
translation, and submit-issue handlers referenced around the other occurrences)
to log the full exception locally (use logger.exception(...) or
logging.exception(...)) and then raise a generic HTTPException with a
non-sensitive detail (e.g., "Voice transcription failed"), keeping the detailed
error only in the logs; apply the same pattern to the translation and
submit-issue exception blocks so clients receive generic messages while full
errors are recorded server-side.

In `@backend/sla_config_service.py`:
- Around line 31-32: Update the nullable `db` parameter annotations that are
currently written as `db: Session = None` to an explicit nullable type — either
`db: Session | None = None` (Python 3.10+) or `db: Optional[Session] = None`
(and add `from typing import Optional`) — for each function in
sla_config_service.py that declares `db: Session = None` (three occurrences).
Ensure you import `Optional` if you choose that form and leave the default value
`= None` in place.

In `@backend/tasks.py`:
- Around line 105-106: The parameter annotation for notes currently uses a
default of None without the explicit Optional type; update the signature to
annotate notes as Optional[str] (i.e., notes: Optional[str] = None) and add or
update the import from typing to include Optional so the type is recognized;
ensure any callers or type hints remain valid after this change by running type
checks.

In `@backend/utils.py`:
- Around line 331-333: The reference ID generator uses random.choices which is
not cryptographically secure; in generate_reference_id() remove any local
"import random" and replace the suffix generation to use the already-imported
secrets module: define alphabet = string.ascii_uppercase + string.digits and
build random_suffix by joining secrets.choice(alphabet) for 8 iterations
(increase from 4 to 8) so the function returns a cryptographically secure
8-character suffix.

In `@backend/voice_service.py`:
- Around line 229-236: The sync use of asyncio.run() inside translate_text is
fragile and violates googletrans's async context manager pattern; update
translate_text to either (A) become async and use "async with Translator() as
translator" and await translator.translate(...) so callers can await it, or (B)
keep translate_text sync but run the translation in a worker thread using the
same pattern inside a thread (e.g., run the async Translator context in
run_in_threadpool from the async caller like the transcribe endpoint does) so
you avoid calling asyncio.run(); locate translate_text and replace the inline
asyncio.run(_do_translation()) usage and instead use the async context-manager
pattern with Translator or delegate to run_in_threadpool as appropriate.

---

Outside diff comments:
In `@backend/main_fixed.py`:
- Around line 362-366: The current construction of filename and image_path uses
attacker-controlled image.filename which allows path traversal; replace that by
computing a safe stored basename yourself: keep upload_dir, generate a UUID (as
you already do), then validate and extract only the extension from
image.filename (or from image.content_type) using a whitelist of allowed
extensions, normalize/strip any path separators and dots, and build filename as
f"{uuid}.{extension}" so image_path = os.path.join(upload_dir, safe_basename);
continue to call save_file_blocking(image.file, image_path). Ensure you reject
or default when the uploaded extension is missing or not allowed.

In `@backend/pothole_detection.py`:
- Around line 97-104: The failure path currently sets _model_initialized = True
which permanently blocks retries; change the exception handling in the model
initialization block so you do NOT set _model_initialized = True on error—keep
it False (allowing future retries), optionally store the exception in
_model_loading_error for diagnostics, and re-raise ModelLoadException as before;
update the code around the try/except that uses _model_loading_error and
_model_initialized (the symbols _model_loading_error, _model_initialized, and
ModelLoadException) so transient download/network failures can be retried
instead of locking the singleton in a failed state.

In `@backend/routers/detection.py`:
- Around line 342-349: The broad except in the audio read block swallows
intentionally raised HTTPException(413) and converts it to a 400; update the
exception handling in the try around await file.read() / len(audio_bytes) so
that HTTPException is re-raised unchanged (either add an except HTTPException:
raise or check isinstance(e, HTTPException) and re-raise) and only log/raise
HTTPException(status_code=400, ...) for other exceptions; refer to the await
file.read(), audio_bytes, logger.error(...) and the existing raise
HTTPException(status_code=413, detail="Audio file too large") when making the
change.
- Around line 518-524: validate_uploaded_file returns a PIL Image (or None) and
process_uploaded_image is an async function that expects the original
UploadFile, so the current flow calling validate_uploaded_file then checking for
"error" and piping img_data["bytes"] into run_in_threadpool will fail; instead,
in the detect_nsfw endpoint call validate_uploaded_file to check/obtain the PIL
image (or raise HTTPException if None), then call await
process_uploaded_image(image_file) directly (not via run_in_threadpool and not
passing img_data["bytes"]), get the processed bytes and pass them to
detect_nsfw_content with the HTTP client; apply the same correction to the
detect_emotion_endpoint so both use validate_uploaded_file and await
process_uploaded_image correctly with the original UploadFile/PIL handling.

In `@backend/routers/issues.py`:
- Around line 104-107: The current construction of filename and image_path uses
the raw image.filename which can contain path traversal; change this to derive
the stored name from a UUID plus a validated extension rather than using the
client-supplied path: extract ext =
os.path.splitext(os.path.basename(image.filename))[1], check ext against an
allowlist (e.g., .jpg, .png, .gif, .webp), then set filename =
f"{uuid.uuid4()}{ext}" and use os.path.join(upload_dir, filename) (references:
upload_dir, filename, image_path, image.filename).

In `@backend/unified_detection_service.py`:
- Around line 268-299: The detect_fire implementation currently returns early
when backend resolves to "local" and never tries HF; update detect_fire (the
method using self._get_detection_backend() and self._check_hf_available()) so
that when backend == "local" but await self._check_hf_available() is True (i.e.,
AUTO should fall back to HF), it imports and calls
backend.hf_api_service.detect_fire_clip (same handling of list/dict results as
the existing HF branch) instead of immediately returning []; ensure existing
logging for local-only fallback remains when HF is not available.
- Around line 86-90: The HF availability check in unified_detection_service.py
currently reads HF_TOKEN into the local variable token but always sets
self._hf_available = True; update the availability logic in the method that
performs the HF check so that it verifies token is present (e.g., token =
os.environ.get("HF_TOKEN"); if not token: set self._hf_available = False and
return False) and only set self._hf_available = True after confirming
credentials exist (optionally followed by a lightweight API/auth call to further
validate); ensure you reference and update the existing token variable and
self._hf_available flag so HF is not marked available when HF_TOKEN is missing
or invalid.

In `@backend/utils.py`:
- Around line 87-103: The try/except in the MIME validation (inside the file
read/detected_mime block) currently catches all Exceptions and swallows raised
HTTPException(400); change the except to re-raise HTTPException instances while
only handling unexpected errors: in the except block, if isinstance(e,
HTTPException): raise, otherwise log the error and continue with the PIL
fallback. Apply the identical pattern in process_uploaded_image_sync so
intentional HTTPException validation failures are not suppressed.

---

Nitpick comments:
In `@frontend/src/CivicEyeDetector.jsx`:
- Around line 28-41: The outer catch should stop any partially-allocated
MediaStream before attempting the fallback: check the current stream state
(e.g., the component's stream variable/state or any mediaStream referenced in
the try block) and call getTracks().forEach(t => t.stop()) to release tracks,
and also clear setStream(null) if applicable; then proceed to the fallback
getUserMedia call and when assigning a new stream (in setStream and
videoRef.current.srcObject) ensure any previous stream was stopped first. This
affects the getUserMedia/fallback block around the mediaStream, setStream, and
videoRef usage in CivicEyeDetector.jsx.

In `@frontend/src/EmotionDetector.jsx`:
- Around line 24-40: The outer catch should stop any partially-allocated
MediaStream before attempting the fallback to avoid leaks: in the block catching
the initial getUserMedia error, capture the stream returned by that first
attempt (or check navigator.mediaDevices if a stream variable exists), and if a
stream is present call stream.getTracks().forEach(t => t.stop()) before invoking
the fallback getUserMedia; update references in EmotionDetector.jsx around
videoRef and the outer catch to ensure you stop tracks (and clear
videoRef.current.srcObject if set) prior to trying the fallback and before
calling setError/setIsDetecting.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 81924eb0-78e4-4907-97bc-7ea83fee0ce0

📥 Commits

Reviewing files that changed from the base of the PR and between f837f7b and b6caa98.

📒 Files selected for processing (87)

backend/__main__.py
backend/adaptive_weights.py
backend/ai_factory.py
backend/ai_interfaces.py
backend/ai_service.py
backend/bot.py
backend/cache.py
backend/civic_intelligence.py
backend/closure_service.py
backend/config.py
backend/database.py
backend/dependencies.py
backend/escalation_engine.py
backend/exceptions.py
backend/flooding_detection.py
backend/garbage_detection.py
backend/gemini_services.py
backend/gemini_summary.py
backend/geofencing_service.py
backend/grievance_classifier.py
backend/grievance_service.py
backend/hf_api_service.py
backend/hf_service.py
backend/hf_text_service.py
backend/hf_text_services.py
backend/infrastructure_detection.py
backend/init_admin.py
backend/init_db.py
backend/init_grievance_system.py
backend/local_ml_service.py
backend/maharashtra_locator.py
backend/main.py
backend/main_fixed.py
backend/ml/train_grievance.py
backend/mock_services.py
backend/models.py
backend/pothole_detection.py
backend/priority_engine.py
backend/rag_service.py
backend/resolution_proof_service.py
backend/routers/admin.py
backend/routers/analysis.py
backend/routers/auth.py
backend/routers/detection.py
backend/routers/field_officer.py
backend/routers/grievances.py
backend/routers/hf.py
backend/routers/issues.py
backend/routers/resolution_proof.py
backend/routers/utility.py
backend/routers/voice.py
backend/routing_service.py
backend/scheduler.py
backend/schemas.py
backend/sla_config_service.py
backend/spatial_utils.py
backend/tasks.py
backend/test_ai_services.py
backend/test_grievance_escalation.py
backend/tests/benchmark_cache.py
backend/tests/benchmark_closure_status.py
backend/tests/benchmark_serialization.py
backend/tests/benchmark_urgency.py
backend/tests/benchmark_urgency_unoptimized.py
backend/tests/test_cache_perf.py
backend/tests/test_cache_unit.py
backend/tests/test_civic_intelligence.py
backend/tests/test_detection_bytes.py
backend/tests/test_new_detectors.py
backend/tests/test_new_features.py
backend/tests/test_priority_engine.py
backend/tests/test_rag_service.py
backend/tests/test_schemas.py
backend/tests/test_severity.py
backend/tests/test_spatial_performance.py
backend/tests/test_spatial_utils.py
backend/tests/test_utils.py
backend/trend_analyzer.py
backend/unified_detection_service.py
backend/utils.py
backend/vandalism_detection.py
backend/voice_service.py
frontend/src/CivicEyeDetector.jsx
frontend/src/EmotionDetector.jsx
frontend/src/PotholeDetector.jsx
frontend/src/components/FloatingButtonsManager.jsx
frontend/src/views/Home.jsx

coderabbitai · 2026-05-16T10:54:04Z

+        required_confirmations = max(
+            1, int(follower_count * ClosureService.CONFIRMATION_THRESHOLD)
+        )


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use ceiling for confirmation threshold to avoid premature closure.

int(...) floors the threshold and can approve closure below the intended 60% quorum (e.g., 3 followers requires 2, not 1).

Suggested fix

+import math @@ - required_confirmations = max( - 1, int(follower_count * ClosureService.CONFIRMATION_THRESHOLD) - ) + required_confirmations = max( + 1, math.ceil(follower_count * ClosureService.CONFIRMATION_THRESHOLD) + ) @@ - required_confirmations = max( - 1, int(total_followers * ClosureService.CONFIRMATION_THRESHOLD) - ) + required_confirmations = max( + 1, math.ceil(total_followers * ClosureService.CONFIRMATION_THRESHOLD) + )

Also applies to: 196-198

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/closure_service.py` around lines 65 - 67, The code computes required_confirmations using int(...) which floors the threshold and can allow closure below the intended quorum; update the calculation in ClosureService where required_confirmations is set (and the analogous occurrences around the block at lines ~196-198) to use a ceiling instead (e.g., math.ceil(follower_count * ClosureService.CONFIRMATION_THRESHOLD)) so the threshold rounds up correctly; add the necessary import (math) if not present and ensure the variable names follower_count and required_confirmations are used consistently.

coderabbitai · 2026-05-16T10:54:04Z

                errors.append("SECRET_KEY is required in production environment")
            else:
-                secret_key = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7" # Fallback for dev only
+                secret_key = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"  # Fallback for dev only


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove the static fallback JWT secret.

Using a fixed hardcoded signing key creates predictable tokens whenever SECRET_KEY is unset.

Suggested fix

+import secrets @@ - secret_key = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7" # Fallback for dev only + secret_key = secrets.token_hex(32) # Ephemeral dev fallback @@ - secret_key = ( - "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7" - ) + secret_key = secrets.token_hex(32) # Ephemeral dev fallback

Also applies to: 219-221

🧰 Tools

🪛 Betterleaks (1.2.0)

[high] 121-121: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 Ruff (0.15.12)

[error] 121-121: Possible hardcoded password assigned to: "secret_key"

(S105)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/config.py` at line 121, The config currently uses a hardcoded fallback signing key (secret_key / SECRET_KEY) which produces predictable JWTs; remove the static literal and instead load SECRET_KEY from the environment and if missing either generate a secure random key at startup for dev only or fail fast in non-dev modes; update the same pattern at the other occurrences referenced (lines near where secret_key is set and the block around 219-221) so all fallbacks are eliminated and every JWT signing key is either env-provided or securely generated per-process.

coderabbitai · 2026-05-16T10:54:04Z

+SECRET_KEY = os.getenv(
+    "SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
+).encode("utf-8")


⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Remove hardcoded SECRET_KEY default value.

The hardcoded default secret key poses a security risk. If the SECRET_KEY environment variable is not set, the application will use a predictable, publicly visible key for HMAC operations, allowing attackers to forge visit hashes. In production, this completely undermines the integrity verification system.

🔒 Proposed fix to enforce SECRET_KEY from environment

-SECRET_KEY = os.getenv( - "SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7" -).encode("utf-8") +secret_key_str = os.getenv("SECRET_KEY") +if not secret_key_str: + raise ValueError("SECRET_KEY environment variable must be set for secure operation") +SECRET_KEY = secret_key_str.encode("utf-8")

🧰 Tools

🪛 Betterleaks (1.2.0)

[high] 19-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/geofencing_service.py` around lines 18 - 20, The SECRET_KEY is currently set with a hardcoded default; remove that default and require the environment provide it by reading SECRET_KEY from the environment without a fallback (e.g., use os.environ or check os.getenv and raise an exception if None) so the app fails fast when the variable is missing; update the assignment of SECRET_KEY in backend/geofencing_service.py (the SECRET_KEY variable) to load from the environment and .encode("utf-8") it, and add a clear startup error message (or raise RuntimeError) if the env var is not set.

coderabbitai · 2026-05-16T10:54:05Z

+        raise HTTPException(
+            status_code=500, detail=f"Voice transcription failed: {str(e)}"
+        )


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Do not expose internal exception details in 500 responses.

These handlers include str(e) in client-visible detail, which leaks internal errors. Return generic messages and keep full details only in logs.

Suggested fix

- raise HTTPException( - status_code=500, detail=f"Voice transcription failed: {str(e)}" - ) + raise HTTPException(status_code=500, detail="Voice transcription failed") from e

Apply similarly to translation and submit-issue exception blocks.

Also applies to: 158-160, 349-351

🧰 Tools

🪛 Ruff (0.15.12)

[warning] 109-111: Within an except clause, raise exceptions with raise ... from err or raise ... from None to distinguish them from errors in exception handling

(B904)

[warning] 110-110: Use explicit conversion flag

Replace with conversion flag

(RUF010)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/routers/voice.py` around lines 109 - 111, The handlers currently include str(e) in HTTP 500 responses (e.g., the voice transcription handler raising HTTPException(status_code=500, detail=f"Voice transcription failed: {str(e)}")), which leaks internal errors; change each such handler (voice transcription, translation, and submit-issue handlers referenced around the other occurrences) to log the full exception locally (use logger.exception(...) or logging.exception(...)) and then raise a generic HTTPException with a non-sensitive detail (e.g., "Voice transcription failed"), keeping the detailed error only in the logs; apply the same pattern to the translation and submit-issue exception blocks so clients receive generic messages while full errors are recorded server-side.

coderabbitai · 2026-05-16T10:54:05Z

+        db: Session = None,
+    ) -> int:


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

# First, check if the file exists and get its size ls -la backend/sla_config_service.py 2>/dev/null || echo "File not found in expected location" wc -l backend/sla_config_service.py 2>/dev/null || echo "Cannot determine line count"

Repository: RohanExploit/VishwaGuru

Length of output: 180

🏁 Script executed:

# Read the relevant sections of the file to verify the annotations echo "=== Lines 25-40 (around line 31-32) ===" sed -n '25,40p' backend/sla_config_service.py echo "" echo "=== Lines 115-125 (around line 120-121) ===" sed -n '115,125p' backend/sla_config_service.py echo "" echo "=== Top of file for imports ===" head -20 backend/sla_config_service.py

Repository: RohanExploit/VishwaGuru

Length of output: 1442

🏁 Script executed:

# Check if there are any other similar parameter patterns with Optional rg 'Session = None' backend/sla_config_service.py -n # Also check typing patterns used elsewhere in file rg 'Optional\[' backend/sla_config_service.py -n

Repository: RohanExploit/VishwaGuru

Length of output: 208

🏁 Script executed:

# Check Python version requirements in the project [ -f setup.py ] && head -30 setup.py || echo "No setup.py" [ -f setup.cfg ] && head -30 setup.cfg || echo "No setup.cfg" [ -f pyproject.toml ] && head -30 pyproject.toml || echo "No pyproject.toml"

Repository: RohanExploit/VishwaGuru

Length of output: 110

Annotate db parameters as explicitly nullable.

These parameters are typed as Session but default to None; use Session | None (or Optional[Session]) to keep type contracts accurate.

Line 31: db: Session = None,

Line 120: db: Session = None,

Line 158: db: Session = None

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/sla_config_service.py` around lines 31 - 32, Update the nullable `db` parameter annotations that are currently written as `db: Session = None` to an explicit nullable type — either `db: Session | None = None` (Python 3.10+) or `db: Optional[Session] = None` (and add `from typing import Optional`) — for each function in sla_config_service.py that declares `db: Session = None` (three occurrences). Ensure you import `Optional` if you choose that form and leave the default value `= None` in place.

coderabbitai · 2026-05-16T10:54:05Z

+    issue_id: int, old_status: str, new_status: str, notes: str = None
+):


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -e # Verify implicit-Optional annotations in touched files rg -nP ':\s*[A-Za-z_][A-Za-z0-9_\[\], ]*\s*=\s*None' backend/tasks.py backend/sla_config_service.py # Verify declared Python version compatibility for `| None` for f in pyproject.toml setup.cfg setup.py; do if [ -f "$f" ]; then echo "== $f ==" rg -n "python_requires|requires-python|Programming Language :: Python :: 3" "$f" || true fi done

Repository: RohanExploit/VishwaGuru

Length of output: 390

🏁 Script executed:

# Check Python version from project config files cd /root/repo 2>/dev/null || cd /repo 2>/dev/null || pwd # Search all common config files find . -maxdepth 2 -type f $ -name "pyproject.toml" -o -name "setup.py" -o -name "setup.cfg" -o -name ".python-version" $ -exec echo "=== {} ===" \; -exec cat {} \; # Also check if Optional is used elsewhere in the codebase echo "=== Checking for Optional usage ===" rg "from typing import.*Optional|Optional\[" backend/ --max-count=5 # Check for str | None usage (PEP 604 syntax) echo "=== Checking for str | None usage ===" rg ":\s*\w+\s*\|\s*None" backend/ --max-count=5

Repository: RohanExploit/VishwaGuru

Length of output: 6930

🏁 Script executed:

# Check Python version requirement - try reading config files directly if [ -f pyproject.toml ]; then echo "=== pyproject.toml ===" cat pyproject.toml | grep -A 5 "python" fi if [ -f setup.py ]; then echo "=== setup.py ===" cat setup.py | grep -i "python_requires\|Programming Language" fi if [ -f setup.cfg ]; then echo "=== setup.cfg ===" cat setup.cfg | grep -i "python" fi # Check what imports backend/tasks.py has echo "=== backend/tasks.py imports ===" head -20 backend/tasks.py # Check type hint patterns in backend/tasks.py echo "=== Type hints in backend/tasks.py ===" rg ":\s*(Optional|str|int|bool|List|Dict|Session)" backend/tasks.py | head -15

Repository: RohanExploit/VishwaGuru

Length of output: 989

🏁 Script executed:

# Get Python version requirement more directly grep -r "python_requires\|requires-python" . --include="*.toml" --include="*.cfg" --include="*.txt" 2>/dev/null | head -5 # Also check if pyproject.toml has python in tool.poetry or project section cat pyproject.toml 2>/dev/null | grep -A 10 "^\[project\]" | head -15 cat pyproject.toml 2>/dev/null | grep -A 5 "tool.poetry" | grep -i python | head -5 # Check setup.py if exists if [ -f setup.py ]; then grep "python_requires" setup.py fi

Repository: RohanExploit/VishwaGuru

Length of output: 49

🏁 Script executed:

# List all config files in root ls -la | grep -E "setup\.|pyproject\.|requirements" # Check if pyproject.toml exists and read it fully if [ -f pyproject.toml ]; then wc -l pyproject.toml cat pyproject.toml fi # Check backend/tasks.py around line 105 to see full function signature echo "=== Full context around line 105 in backend/tasks.py ===" sed -n '100,110p' backend/tasks.py

Repository: RohanExploit/VishwaGuru

Length of output: 380

🏁 Script executed:

# Check for Python version in various locations find . -maxdepth 3 -name ".python-version" -o -name ".python-version.txt" 2>/dev/null # Check GitHub workflows for Python version find . -path "./.github/workflows/*.yml" -o -path "./.github/workflows/*.yaml" 2>/dev/null | head -3 | xargs grep -h "python-version" 2>/dev/null | head -5 # Check docker/requirements files which might specify Python version find . -maxdepth 2 $ -name "Dockerfile*" -o -name "requirements*.txt" $ -exec grep -l "python" {} \; 2>/dev/null | head -3 # Check for any Python version constraints in package manifests find . -maxdepth 2 -name "*.txt" -o -name "*.toml" -o -name "*.cfg" | xargs grep -i "3\.[0-9]" 2>/dev/null | grep -i python | head -10

Repository: RohanExploit/VishwaGuru

Length of output: 230

🏁 Script executed:

# Check requirements.txt files for Python version hints echo "=== backend/requirements.txt ===" head -20 backend/requirements.txt echo "=== backend/requirements-render.txt ===" head -20 backend/requirements-render.txt # Check ruff.toml for more context echo "=== ruff.toml ===" cat ruff.toml 2>/dev/null | head -50 # Check if there's a .github/workflows or any CI config with Python version find . -type f -name "*.yml" -o -name "*.yaml" 2>/dev/null | xargs grep -l "python" 2>/dev/null | head -1 | xargs cat 2>/dev/null | grep -A 2 -B 2 "python"

Repository: RohanExploit/VishwaGuru

Length of output: 2031

🏁 Script executed:

# Check if there's any Python 3.9 or 3.10 specification grep -r "3\.9\|3\.10\|3\.11\|3\.12" . --include="*.md" --include="*.txt" --include="*.yml" --include="*.yaml" 2>/dev/null | grep -i python | head -10 # Check if there's a Dockerfile that specifies Python version find . -name "Dockerfile*" -exec cat {} \; 2>/dev/null | grep -i "from.*python"

Repository: RohanExploit/VishwaGuru

Length of output: 688

🏁 Script executed:

# Check if RUF013 (implicit Optional) is enabled in ruff config echo "=== Checking ruff.toml for RUF013 ===" grep -A 50 "\[lint\]" ruff.toml | grep -E "RUF|013" # Check what RUF rules are selected grep "RUF" ruff.toml # Verify if the implicit Optional pattern would trigger linting echo "=== Check if implicit Optional triggers linting ===" rg "RUF013" ruff.toml # Check how other Optional parameters are done in backend/sla_config_service.py echo "=== How Optional is used in sla_config_service.py ===" head -40 backend/sla_config_service.py | grep -A 2 -B 2 "import" sed -n '30,35p' backend/sla_config_service.py

Repository: RohanExploit/VishwaGuru

Length of output: 1002

Use explicit optional type for notes.

Line 105 should be annotated as nullable explicitly. Since the codebase follows the Optional[str] convention from typing throughout, use Optional[str] instead of the implicit str = None.

Proposed fix

+from typing import Optional + def send_status_notification( - issue_id: int, old_status: str, new_status: str, notes: str = None + issue_id: int, old_status: str, new_status: str, notes: Optional[str] = None

🧰 Tools

🪛 Ruff (0.15.12)

[warning] 105-105: PEP 484 prohibits implicit Optional

Convert to T | None

(RUF013)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/tasks.py` around lines 105 - 106, The parameter annotation for notes currently uses a default of None without the explicit Optional type; update the signature to annotate notes as Optional[str] (i.e., notes: Optional[str] = None) and add or update the import from typing to include Optional so the type is recognized; ensure any callers or type hints remain valid after this change by running type checks.

coderabbitai · 2026-05-16T10:54:05Z

+    timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
+    random_suffix = "".join(random.choices(string.ascii_uppercase + string.digits, k=4))
    return f"VOICE-{timestamp}-{random_suffix}"


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

# First, let's check if the file exists and read the relevant lines fd -t f "utils.py" backend/ || fd -t f "utils.py"

Repository: RohanExploit/VishwaGuru

Length of output: 173

🏁 Script executed:

# Read the relevant section around lines 331-333 wc -l backend/utils.py

Repository: RohanExploit/VishwaGuru

Length of output: 88

🏁 Script executed:

# Read lines 320-333 to see the code in context sed -n '320,333p' backend/utils.py

Repository: RohanExploit/VishwaGuru

Length of output: 499

🏁 Script executed:

# Check the imports at the top of the file and search for other uses of random head -30 backend/utils.py

Repository: RohanExploit/VishwaGuru

Length of output: 771

🏁 Script executed:

# Search for all uses of random in the file rg "random" backend/utils.py -n

Repository: RohanExploit/VishwaGuru

Length of output: 293

Use a cryptographically secure generator for reference IDs.

random.choices() is not suitable for externally exposed identifiers. Replace with secrets.choice() and increase the suffix length from 4 to 8 characters for better entropy.

The secrets module is already imported at the top of the file. Remove the local import random statement inside generate_reference_id() and update the suffix generation to use:

alphabet = string.ascii_uppercase + string.digits random_suffix = "".join(secrets.choice(alphabet) for _ in range(8))

🧰 Tools

🪛 Ruff (0.15.12)

[error] 332-332: Standard pseudo-random generators are not suitable for cryptographic purposes

(S311)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/utils.py` around lines 331 - 333, The reference ID generator uses random.choices which is not cryptographically secure; in generate_reference_id() remove any local "import random" and replace the suffix generation to use the already-imported secrets module: define alphabet = string.ascii_uppercase + string.digits and build random_suffix by joining secrets.choice(alphabet) for 8 iterations (increase from 4 to 8) so the function returns a cryptographically secure 8-character suffix.

coderabbitai · 2026-05-16T10:54:05Z

            # Wrap async translate call in asyncio.run for synchronous execution
            async def _do_translation():
                return await translator.translate(
-                    text,
-                    src=source_language,
-                    dest=target_language
+                    text, src=source_language, dest=target_language
                )
-            
+
            translation = asyncio.run(_do_translation())
-
-            logger.info(f"Successfully translated text: {translation.src} -> {translation.dest}")
-
+


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

For googletrans 4.0.2, is Translator.translate async-only, and what is the recommended invocation pattern when already inside a running asyncio event loop (e.g., FastAPI async endpoints)?

💡 Result:

Yes, in googletrans version 4.0.0 and later (including 4.0.2), the library is strictly async-only [1][2]. All synchronous APIs were removed in the 4.0.0 release, and the library now utilizes an asynchronous client (httpx.AsyncClient) by default [1][2]. When working inside an existing asyncio event loop, such as in a FastAPI async endpoint, you should use the async context manager pattern to ensure proper lifecycle management of the underlying HTTP client [3]. Recommended Invocation Pattern: Use the async with statement to instantiate the Translator. This ensures that the underlying connection pool is correctly opened and closed for each operation or session [3]. from googletrans import Translator @app.get("/translate") async def translate_endpoint(text: str): async with Translator as translator: result = await translator.translate(text, dest='en') return {"translated_text": result.text} Key Considerations: 1. Async-Only: You must use await when calling translator.translate [3]. Attempting to call it synchronously will not work as expected and will likely result in a coroutine object being returned rather than the translation result [4]. 2. Resource Management: Using the async context manager (async with Translator) is the preferred way to handle the client's lifecycle, preventing potential issues with unclosed connections or event loop errors [3]. 3. Avoid asyncio.run: Do not use asyncio.run inside an already running event loop (like those in FastAPI or other async frameworks), as this will raise a RuntimeError [5][6]. Simply await the coroutine directly within your existing async function [3].

Citations:

1: https://github.com/ssut/py-googletrans/releases/tag/v4.0.0

2: release: v4.0.0 ssut/py-googletrans#426

3: https://pypi.org/project/googletrans/

4: https://www.reddit.com/r/learnpython/comments/1kflqer/flask_googletrans_asyncawait_error_coroutine_was/

5: https://stackoverflow.com/questions/63860576/asyncio-event-loop-is-closed-when-using-asyncio-run

6: RuntimeError: Event loop is closed when using GoogleModel with asyncio.run() pydantic/pydantic-ai#3762

🏁 Script executed:

# Find and examine the voice_service.py file fd -t f "voice_service.py" backend/

Repository: RohanExploit/VishwaGuru

Length of output: 92

🏁 Script executed:

# Get the relevant code section around lines 229-236 head -250 backend/voice_service.py | tail -40 | cat -n

Repository: RohanExploit/VishwaGuru

Length of output: 1957

🏁 Script executed:

# Look for the method definition and context rg -B 20 "asyncio.run" backend/voice_service.py | head -60

Repository: RohanExploit/VishwaGuru

Length of output: 1343

🏁 Script executed:

# Check if the method containing this code is async or sync rg -B 30 "Wrap async translate call" backend/voice_service.py | head -70

Repository: RohanExploit/VishwaGuru

Length of output: 1320

🏁 Script executed:

# Check how this method is being called/invoked rg "def .*voice\|def .*translate" backend/voice_service.py -A 2

Repository: RohanExploit/VishwaGuru

Length of output: 49

🏁 Script executed:

# Search for the method definition containing this code rg "def.*translate" backend/voice_service.py -B 5 -A 40

Repository: RohanExploit/VishwaGuru

Length of output: 1855

🏁 Script executed:

# Check imports at the top of the file head -40 backend/voice_service.py | cat -n

Repository: RohanExploit/VishwaGuru

Length of output: 1304

🏁 Script executed:

# Check where and how this method is called from rg -r "translate_text\|voice_service" --iglob "*.py" | grep -v "voice_service.py:" | head -20

Repository: RohanExploit/VishwaGuru

Length of output: 464

🏁 Script executed:

# Look for FastAPI route decorators and async handlers rg "`@app`\|`@router`\|async def" backend/ --iglob "*.py" -B 2 | head -60

Repository: RohanExploit/VishwaGuru

Length of output: 49

🏁 Script executed:

# Search for where translate_text method is called rg "translate_text" --iglob "*.py" -B 3 -A 3

Repository: RohanExploit/VishwaGuru

Length of output: 1737

🏁 Script executed:

# Look for API routes that might call this method rg -r "VoiceService\|from.*voice_service\|import.*VoiceService" --iglob "*.py" -B 2 -A 5

Repository: RohanExploit/VishwaGuru

Length of output: 464

🏁 Script executed:

# Check main.py or similar entry point for route definitions fd -t f "main.py\|app.py\|routes.py" | head -5

Repository: RohanExploit/VishwaGuru

Length of output: 49

🏁 Script executed:

# Search for any FastAPI route decorator with async handlers rg "^@.*route|async def" --iglob "*.py" | head -30

Repository: RohanExploit/VishwaGuru

Length of output: 2683

🏁 Script executed:

# View the full route file around the translate_text endpoint cat -n backend/routers/voice.py | head -100

Repository: RohanExploit/VishwaGuru

Length of output: 4166

🏁 Script executed:

# Check if there are any other callers of translate_text that might be async rg "translate_text" backend/ -B 5 -A 5 | grep -E "async|await|@|def"

Repository: RohanExploit/VishwaGuru

Length of output: 292

🏁 Script executed:

# Look for lifecycle or app setup rg "FastAPI|lifespan|`@app`" backend/ --iglob "*.py" -B 2 -A 5 | head -60

Repository: RohanExploit/VishwaGuru

Length of output: 3518

🏁 Script executed:

# Check if process_voice_grievance is async or sync rg -A 30 "def process_voice_grievance" backend/voice_service.py | head -50

Repository: RohanExploit/VishwaGuru

Length of output: 1337

🏁 Script executed:

# View the full translate endpoint to confirm it's synchronous sed -n '107,130p' backend/routers/voice.py | cat -n

Repository: RohanExploit/VishwaGuru

Length of output: 1098

🏁 Script executed:

# Check the Translator instantiation - does it use async context manager anywhere? rg "Translator()" backend/ -B 2 -A 2

Repository: RohanExploit/VishwaGuru

Length of output: 860

🏁 Script executed:

# Verify there are no other async contexts calling translate_text rg "await.*translate_text\|\.translate_text" backend/ --iglob "*.py"

Repository: RohanExploit/VishwaGuru

Length of output: 49

Replace asyncio.run() with proper async pattern or synchronous blocking approach.

The current code uses asyncio.run() in a synchronous method, which works for the synchronous /voice/translate endpoint. However, googletrans 4.0.2 requires using the async context manager pattern (async with Translator) per official documentation. If this method is ever called from an async context (or refactored to async), asyncio.run() will raise RuntimeError.

For the synchronous context: either use run_in_threadpool() from the async caller (like the transcribe endpoint does), or refactor translate_text to async and use the proper async context manager pattern:

async def translate_text(...): async with Translator() as translator: return await translator.translate(...)

Current approach is fragile and does not follow googletrans best practices.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/voice_service.py` around lines 229 - 236, The sync use of asyncio.run() inside translate_text is fragile and violates googletrans's async context manager pattern; update translate_text to either (A) become async and use "async with Translator() as translator" and await translator.translate(...) so callers can await it, or (B) keep translate_text sync but run the translation in a worker thread using the same pattern inside a thread (e.g., run the async Translator context in run_in_threadpool from the async caller like the transcribe endpoint does) so you avoid calling asyncio.run(); locate translate_text and replace the inline asyncio.run(_do_translation()) usage and instead use the async context-manager pattern with Translator or delegate to run_in_threadpool as appropriate.

cubic-dev-ai

4 issues found across 87 files

Prompt for AI agents (unresolved issues)


Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="backend/closure_service.py">

<violation number="1" location="backend/closure_service.py:197">
P1: The confirmation threshold uses floor rounding (`int`) so grievances can be finalized with fewer than 60% approvals. Use ceiling rounding for required confirmations.</violation>
</file>

<file name="backend/geofencing_service.py">

<violation number="1" location="backend/geofencing_service.py:18">
P1: Do not use a hardcoded default HMAC secret; require `SECRET_KEY` from the environment to prevent predictable hash forgery.</violation>

<violation number="2" location="backend/geofencing_service.py:223">
P2: Check `avg_distance` against `None` explicitly so a valid `0.0` average is not dropped.</violation>
</file>

<file name="backend/grievance_service.py">

<violation number="1" location="backend/grievance_service.py:386">
P0: Import `and_` from SQLAlchemy before using it in this filter to prevent a runtime `NameError`.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Re-trigger cubic}

cubic-dev-ai · 2026-05-16T10:58:08Z

+            return (
+                db.query(Grievance)
+                .filter(
+                    and_(


P0: Import and_ from SQLAlchemy before using it in this filter to prevent a runtime NameError.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/grievance_service.py, line 386: <comment>Import `and_` from SQLAlchemy before using it in this filter to prevent a runtime `NameError`.</comment> <file context> @@ -332,13 +380,23 @@ def get_active_grievances_by_jurisdiction(self, jurisdiction_id: int, db: Sessio + return ( + db.query(Grievance) + .filter( + and_( + Grievance.current_jurisdiction_id == jurisdiction_id, + Grievance.status.in_( </file context>

cubic-dev-ai · 2026-05-16T10:58:08Z

-
+
+        required_confirmations = max(
+            1, int(total_followers * ClosureService.CONFIRMATION_THRESHOLD)


P1: The confirmation threshold uses floor rounding (int) so grievances can be finalized with fewer than 60% approvals. Use ceiling rounding for required confirmations.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/closure_service.py, line 197: <comment>The confirmation threshold uses floor rounding (`int`) so grievances can be finalized with fewer than 60% approvals. Use ceiling rounding for required confirmations.</comment> <file context> @@ -125,76 +153,101 @@ def submit_confirmation(grievance_id: int, user_email: str, confirmation_type: s - + + required_confirmations = max( + 1, int(total_followers * ClosureService.CONFIRMATION_THRESHOLD) + ) + </file context>

cubic-dev-ai · 2026-05-16T10:58:08Z

+SECRET_KEY = os.getenv(
+    "SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
+).encode("utf-8")


P1: Do not use a hardcoded default HMAC secret; require SECRET_KEY from the environment to prevent predictable hash forgery.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/geofencing_service.py, line 18: <comment>Do not use a hardcoded default HMAC secret; require `SECRET_KEY` from the environment to prevent predictable hash forgery.</comment> <file context> @@ -15,7 +15,9 @@ # Get secret key from environment for HMAC -SECRET_KEY = os.getenv("SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7").encode('utf-8') +SECRET_KEY = os.getenv( + "SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7" +).encode("utf-8") </file context>

Suggested change

SECRET_KEY = os.getenv(

"SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"

).encode("utf-8")

SECRET_KEY = os.getenv("SECRET_KEY")

if not SECRET_KEY:

raise RuntimeError("SECRET_KEY environment variable is required")

SECRET_KEY = SECRET_KEY.encode("utf-8")

cubic-dev-ai · 2026-05-16T10:58:08Z

+            "outside_geofence_count": outside_fence_count,
+            "unique_officers": unique_officers,
+            "average_distance_from_site": (
+                round(avg_distance, 2) if avg_distance else None


P2: Check avg_distance against None explicitly so a valid 0.0 average is not dropped.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/geofencing_service.py, line 223: <comment>Check `avg_distance` against `None` explicitly so a valid `0.0` average is not dropped.</comment> <file context> @@ -175,63 +184,67 @@ def verify_visit_integrity(visit_data: dict, stored_hash: str) -> bool: + "outside_geofence_count": outside_fence_count, + "unique_officers": unique_officers, + "average_distance_from_site": ( + round(avg_distance, 2) if avg_distance else None + ), } </file context>

Suggested change

round(avg_distance, 2) if avg_distance else None

round(avg_distance, 2) if avg_distance is not None else None

- Removed logging of sensitive private data in `backend/cache.py` (line 72). - Removed logging of sensitive private location data in `backend/geofencing_service.py` (line 59). - Secured file path generation against potential path traversal in `backend/routers/field_officer.py` (line 385) by enforcing `os.path.basename` on the user-provided filename extension input. - Validated fixes by running pytest for all backend features successfully.

coderabbitai

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/geofencing_service.py`:
- Around line 223-225: The average_distance_from_site field currently uses
"round(avg_distance, 2) if avg_distance else None", which treats legitimate 0.0
as falsy; change the conditional to detect None explicitly (e.g., use "if
avg_distance is not None else None") so that 0.0 is preserved and only None
yields None; update the expression building average_distance_from_site where
avg_distance is used.

In `@backend/routers/field_officer.py`:
- Around line 380-385: The current filename generation (safe_filename using
visit_id, timestamp, and idx) can collide for concurrent uploads; update the
generation in the block that sets timestamp/safe_filename/file_path to append a
per-file unique suffix (e.g., uuid4().hex) into the filename before calling
os.path.basename and joining with VISIT_IMAGES_DIR: build safe_filename as
"visit_{visit_id}_{timestamp}_{idx}_{uuid}.{extension}" (ensure you import uuid
and preserve extension), then continue to sanitize with os.path.basename and
create file_path as before.
- Around line 249-254: The code currently appends checkout text into
visit.visit_notes after check-in, which breaks integrity because visit_hash is
sealed from visit_notes; either stop mutating visit.visit_notes at checkout
(store the value from request.additional_notes in a separate mutable field like
visit.checkout_notes or visit.additional_checkout_notes) or, if you must update
visit.visit_notes, recompute and re-seal visit.visit_hash (and persist a new
version/timestamp) so /field-officer/{visit_id}/blockchain-verify reflects the
new hash; update the checkout handler where visit.visit_notes is modified and
ensure you update whichever symbol you choose (visit.visit_notes vs new
visit.checkout_notes or visit.visit_hash) consistently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9ea023d5-cf1b-4a09-9bd9-0db4575e9ede

📥 Commits

Reviewing files that changed from the base of the PR and between b6caa98 and 227c8ef.

📒 Files selected for processing (3)

backend/cache.py
backend/geofencing_service.py
backend/routers/field_officer.py

🚧 Files skipped from review as they are similar to previous changes (1)

backend/cache.py

coderabbitai · 2026-05-16T11:55:58Z

+            "average_distance_from_site": (
+                round(avg_distance, 2) if avg_distance else None
+            ),


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Preserve legitimate 0.0 average distances.

if avg_distance else None turns a real 0.0 average into None, so visits recorded exactly at the site get reported as “no data” instead of 0.0.

💡 Proposed fix

"average_distance_from_site": ( - round(avg_distance, 2) if avg_distance else None + round(avg_distance, 2) if avg_distance is not None else None ),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"average_distance_from_site": (

round(avg_distance, 2) if avg_distance else None

),

"average_distance_from_site": (

round(avg_distance, 2) if avg_distance is not None else None

),

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/geofencing_service.py` around lines 223 - 225, The average_distance_from_site field currently uses "round(avg_distance, 2) if avg_distance else None", which treats legitimate 0.0 as falsy; change the conditional to detect None explicitly (e.g., use "if avg_distance is not None else None") so that 0.0 is preserved and only None yields None; update the expression building average_distance_from_site where avg_distance is used.

coderabbitai · 2026-05-16T11:55:58Z

        # Append additional notes if provided
        if request.additional_notes:
            existing_notes = visit.visit_notes or ""
-            visit.visit_notes = f"{existing_notes}\n\n[Check-out notes]: {request.additional_notes}"
-
-        visit.status = 'checked_out'
+            visit.visit_notes = (
+                f"{existing_notes}\n\n[Check-out notes]: {request.additional_notes}"
+            )


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Appending check-out notes breaks later integrity verification.

visit_hash is sealed at check-in from visit_notes, but this block mutates visit.visit_notes afterward. Any checkout with additional_notes will make /field-officer/{visit_id}/blockchain-verify report tampering for a legitimate update. Keep mutable checkout data out of the hashed payload, or recompute/version the hash when those fields change.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/routers/field_officer.py` around lines 249 - 254, The code currently appends checkout text into visit.visit_notes after check-in, which breaks integrity because visit_hash is sealed from visit_notes; either stop mutating visit.visit_notes at checkout (store the value from request.additional_notes in a separate mutable field like visit.checkout_notes or visit.additional_checkout_notes) or, if you must update visit.visit_notes, recompute and re-seal visit.visit_hash (and persist a new version/timestamp) so /field-officer/{visit_id}/blockchain-verify reflects the new hash; update the checkout handler where visit.visit_notes is modified and ensure you update whichever symbol you choose (visit.visit_notes vs new visit.checkout_notes or visit.visit_hash) consistently.

coderabbitai · 2026-05-16T11:55:58Z

+            timestamp = datetime.now(timezone.utc).strftime("%Y%m%d_%H%M%S")
            safe_filename = f"visit_{visit_id}_{timestamp}_{idx}.{extension}"
+
+            # Ensure safe_filename doesn't contain path traversal characters
+            safe_filename = os.path.basename(safe_filename)
            file_path = os.path.join(VISIT_IMAGES_DIR, safe_filename)


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Filename generation can overwrite concurrent uploads.

The name only varies by visit_id, second-level timestamp, and loop index. Two requests uploading images for the same visit in the same second can produce the same filename, and the later write wins. Add a per-file unique suffix such as uuid4().hex before saving.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/routers/field_officer.py` around lines 380 - 385, The current filename generation (safe_filename using visit_id, timestamp, and idx) can collide for concurrent uploads; update the generation in the block that sets timestamp/safe_filename/file_path to append a per-file unique suffix (e.g., uuid4().hex) into the filename before calling os.path.basename and joining with VISIT_IMAGES_DIR: build safe_filename as "visit_{visit_id}_{timestamp}_{idx}_{uuid}.{extension}" (ensure you import uuid and preserve extension), then continue to sanitize with os.path.basename and create file_path as before.

- Added a check in `backend/routers/field_officer.py` (line 388) to verify that the absolute path of the destination file stays within the intended `VISIT_IMAGES_DIR` boundary. - Sanitized file extension explicitly to remove any non-alphanumeric characters. - These changes fully address the remaining high-severity CodeQL alert about user-provided values in path operations.

github-actions · 2026-05-16T12:27:08Z

🔍 Quality Reminder

Thanks for the updates! Please ensure:
- Your changes don't break existing functionality
- All tests still pass
- Code quality standards are maintained

*The maintainers will verify that the overall project flow remains intact.*

…rnings - Configured `build.rollupOptions.output.manualChunks` in `vite.config.js` to extract `node_modules` into a separate `vendor` chunk. - Increased `chunkSizeWarningLimit` to gracefully handle the size of vendor libraries. - This resolves build failures where the frontend deployment was blocked by chunk size limits. All test suites pass successfully.

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

backend/routers/field_officer.py (1)

386-392: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Add absolute path boundary check to resolve CodeQL alert.

The PR objective mentions adding "absolute-path boundary check" but the code only applies os.path.basename. Adding an explicit check that the resolved path stays within VISIT_IMAGES_DIR provides defense-in-depth and resolves the CodeQL high-severity alert.

🛡️ Proposed fix

             # Ensure safe_filename doesn't contain path traversal characters
             safe_filename = os.path.basename(safe_filename)
             file_path = os.path.join(VISIT_IMAGES_DIR, safe_filename)

+            # Absolute path boundary check - ensure file stays within allowed directory
+            abs_file_path = os.path.abspath(file_path)
+            abs_images_dir = os.path.abspath(VISIT_IMAGES_DIR)
+            if not abs_file_path.startswith(abs_images_dir + os.sep):
+                raise HTTPException(
+                    status_code=400,
+                    detail="Invalid file path detected",
+                )
+
             # Save file
-            with open(file_path, "wb") as f:
+            with open(abs_file_path, "wb") as f:
                 f.write(content)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/routers/field_officer.py` around lines 386 - 392, The code currently
only uses os.path.basename on safe_filename before joining with
VISIT_IMAGES_DIR; add an absolute-path boundary check by resolving both
VISIT_IMAGES_DIR and the constructed file_path (e.g., call os.path.realpath or
os.path.abspath on VISIT_IMAGES_DIR and on file_path) and verify the resolved
file_path starts with the resolved VISIT_IMAGES_DIR + os.sep; if the check fails
(meaning path traversal), raise an error or return a safe failure before
opening/writing the file. Apply this check around the symbols safe_filename,
file_path and VISIT_IMAGES_DIR to enforce the directory boundary.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/routers/field_officer.py`:
- Around line 371-384: The computed safe_extension is never used when building
the filename; update the filename generation in the block that computes
timestamp and safe_filename (referencing visit_id, timestamp, idx,
safe_extension) to use safe_extension instead of the original extension, and
ensure safe_extension is non-empty (fall back to a default like "bin" or raise a
validation error) before interpolating into safe_filename to maintain the
intended sanitization.

---

Duplicate comments:
In `@backend/routers/field_officer.py`:
- Around line 386-392: The code currently only uses os.path.basename on
safe_filename before joining with VISIT_IMAGES_DIR; add an absolute-path
boundary check by resolving both VISIT_IMAGES_DIR and the constructed file_path
(e.g., call os.path.realpath or os.path.abspath on VISIT_IMAGES_DIR and on
file_path) and verify the resolved file_path starts with the resolved
VISIT_IMAGES_DIR + os.sep; if the check fails (meaning path traversal), raise an
error or return a safe failure before opening/writing the file. Apply this check
around the symbols safe_filename, file_path and VISIT_IMAGES_DIR to enforce the
directory boundary.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2dee7a52-ce4d-49ce-ac30-49ffcdf6adfe

📥 Commits

Reviewing files that changed from the base of the PR and between 227c8ef and d4cca59.

📒 Files selected for processing (2)

backend/routers/field_officer.py
frontend/vite.config.js

Copilot AI review requested due to automatic review settings May 16, 2026 10:47

RohanExploit deployed to add-civic-eye-and-camera-fallback-17668311478762952937 - vishwaguru-backend PR #767 May 16, 2026 10:47 — with Render View deployment

github-actions Bot added the size/xl label May 16, 2026

Copilot started reviewing on behalf of RohanExploit May 16, 2026 10:47 View session

github-advanced-security AI found potential problems May 16, 2026

View reviewed changes

Comment thread backend/cache.py Fixed

Comment thread backend/geofencing_service.py Fixed

Comment thread backend/routers/field_officer.py

Copilot AI reviewed May 16, 2026

View reviewed changes

coderabbitai Bot reviewed May 16, 2026

View reviewed changes

cubic-dev-ai Bot reviewed May 16, 2026

View reviewed changes

RohanExploit deployed to add-civic-eye-and-camera-fallback-17668311478762952937 - vishwaguru-backend PR #767 May 16, 2026 11:49 — with Render View deployment

coderabbitai Bot reviewed May 16, 2026

View reviewed changes

RohanExploit deployed to add-civic-eye-and-camera-fallback-17668311478762952937 - vishwaguru-backend PR #767 May 16, 2026 12:27 — with Render View deployment

coderabbitai Bot reviewed May 16, 2026

View reviewed changes

Comment thread backend/routers/field_officer.py

		issue_id: int, old_status: str, new_status: str, notes: str = None
		):



		required_confirmations = max(
		1, int(total_followers * ClosureService.CONFIRMATION_THRESHOLD)

-SECRET_KEY = os.getenv(
-    "SECRET_KEY", "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
-).encode("utf-8")
+SECRET_KEY = os.getenv("SECRET_KEY")
+if not SECRET_KEY:
+    raise RuntimeError("SECRET_KEY environment variable is required")
+SECRET_KEY = SECRET_KEY.encode("utf-8")

	round(avg_distance, 2) if avg_distance else None
	round(avg_distance, 2) if avg_distance is not None else None

Conversation

RohanExploit commented May 16, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by cubic

Summary by CodeRabbit

Uh oh!

google-labs-jules Bot commented May 16, 2026

Uh oh!

netlify Bot commented May 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ Deploy Preview for fixmybharat failed. Why did it fail? →

Uh oh!

github-actions Bot commented May 16, 2026

🙏 Thank you for your contribution, @RohanExploit!

Uh oh!

coderabbitai Bot commented May 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 16, 2026

RohanExploit commented May 16, 2026 •

edited by coderabbitai Bot

Loading

netlify Bot commented May 16, 2026 •

edited

Loading

coderabbitai Bot commented May 16, 2026 •

edited

Loading