Conversation
📝 WalkthroughWalkthroughThis PR configures Render deployment infrastructure and PostgreSQL migration. Changes include adding the psycopg2-binary dependency, creating a Render-managed PostgreSQL database, normalizing database URLs, updating CORS configuration, and extending gitignore for development tools. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
render.yaml (1)
17-18: MakeSECRET_KEYbootstrap-safe in Blueprint deployments.Because
SECRET_KEYis required bysrc/core/config.py, relying only on manual entry (sync: false) can cause startup failure on fresh deploys. PrefergenerateValue: true(or documented mandatory secret injection in deploy steps).
As per coding guidelines "Critical/blocker issues: Correctness issues such as functional bugs" andsrc/core/config.pyrequiresSECRET_KEY: strwith no default.🔐 Suggested change
- key: SECRET_KEY - sync: false + generateValue: true🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@render.yaml` around lines 17 - 18, The deployment config marks SECRET_KEY as sync: false which leaves new Blueprint deploys without a generated value and causes startup failure because src/core/config.py expects SECRET_KEY: str with no default; update the render.yaml entry for the SECRET_KEY key to ensure a value is auto-generated (e.g., replace or add generateValue: true and remove/avoid sync: false) so Blueprint deployments always get a bootstrap-safe secret injected before the app starts.src/main.py (1)
190-193: Move CORS origins to configuration instead of hardcoding.Current values work, but managing origins in
settings(env-driven) will reduce code churn across preview/prod/local environments.♻️ Suggested refactor
- app.add_middleware( - CORSMiddleware, - allow_origins=[ - "http://localhost:3000", - "https://assist-frontend-plum.vercel.app", - ], + app.add_middleware( + CORSMiddleware, + allow_origins=settings.CORS_ALLOW_ORIGINS, allow_methods=["GET", "POST", "OPTIONS"], allow_headers=["*"], )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/main.py` around lines 190 - 193, Replace the hardcoded allow_origins list in the CORS middleware setup with a configuration-driven value: add a CORS_ORIGINS (string or list) entry to your settings module (env-driven, e.g., comma-separated string parsed into a list) and default it to the current two origins for safety; then update the CORS middleware call in main.py to use settings.CORS_ORIGINS instead of the literal list so origins are controlled via env/config. Ensure the parsing handles empty values and preserves hostnames with schemes (http/https).src/db/database.py (1)
15-16: Use SQLAlchemy'smake_url()to safely detect and parse SQLite database URLs.Lines 15–16 use
startswith("sqlite")to match any SQLite URL variant but only strip thesqlite:///prefix. Driver-qualified URLs likesqlite+pysqlite:///path.dbwill produce malformed paths (e.g.,+pysqlite:///path.db), causing Path operations to fail. Similarly, line 23 should check the backend name, not the URL prefix.Use SQLAlchemy's recommended approach:
from sqlalchemy.engine import make_url url = make_url(database_url) if url.get_backend_name() == "sqlite": db_path = url.database if db_path and db_path != ":memory:": Path(db_path).parent.mkdir(parents=True, exist_ok=True)This correctly handles all SQLite URL forms:
sqlite:///path.db,sqlite+pysqlite:///path.db,sqlite:///:memory:, etc.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/db/database.py` around lines 15 - 16, The code currently checks database_url.startswith("sqlite") and strips "sqlite:///" which fails for driver-qualified URLs (e.g., "sqlite+pysqlite:///") and breaks Path ops; replace this logic by parsing the URL with SQLAlchemy's make_url (import make_url from sqlalchemy.engine), use url.get_backend_name() == "sqlite" to detect SQLite, set db_path = url.database, and only call Path(db_path).parent.mkdir(...) when db_path exists and is not ":memory:"; update checks that previously used database_url.startswith(...) to use get_backend_name() instead.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@pyproject.toml`:
- Line 26: The dependency "psycopg2-binary>=2.9.11" in pyproject.toml should be
replaced with the psycopg v3 package; update the dependency to "psycopg[c]>=3.0"
for production (system-linked C libraries) or "psycopg[binary]>=3.0" if you need
a quick binary install, ensuring compatibility with SQLAlchemy 2.x which expects
psycopg v3; update the dependency entry and any related install/readme guidance
accordingly.
---
Nitpick comments:
In `@render.yaml`:
- Around line 17-18: The deployment config marks SECRET_KEY as sync: false which
leaves new Blueprint deploys without a generated value and causes startup
failure because src/core/config.py expects SECRET_KEY: str with no default;
update the render.yaml entry for the SECRET_KEY key to ensure a value is
auto-generated (e.g., replace or add generateValue: true and remove/avoid sync:
false) so Blueprint deployments always get a bootstrap-safe secret injected
before the app starts.
In `@src/db/database.py`:
- Around line 15-16: The code currently checks database_url.startswith("sqlite")
and strips "sqlite:///" which fails for driver-qualified URLs (e.g.,
"sqlite+pysqlite:///") and breaks Path ops; replace this logic by parsing the
URL with SQLAlchemy's make_url (import make_url from sqlalchemy.engine), use
url.get_backend_name() == "sqlite" to detect SQLite, set db_path = url.database,
and only call Path(db_path).parent.mkdir(...) when db_path exists and is not
":memory:"; update checks that previously used database_url.startswith(...) to
use get_backend_name() instead.
In `@src/main.py`:
- Around line 190-193: Replace the hardcoded allow_origins list in the CORS
middleware setup with a configuration-driven value: add a CORS_ORIGINS (string
or list) entry to your settings module (env-driven, e.g., comma-separated string
parsed into a list) and default it to the current two origins for safety; then
update the CORS middleware call in main.py to use settings.CORS_ORIGINS instead
of the literal list so origins are controlled via env/config. Ensure the parsing
handles empty values and preserves hostnames with schemes (http/https).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 7f354250-0bff-4bc7-87da-b0b94e2c4b50
⛔ Files ignored due to path filters (1)
uv.lockis excluded by!**/*.lock
📒 Files selected for processing (5)
.gitignorepyproject.tomlrender.yamlsrc/db/database.pysrc/main.py
1 participant
어떤 변경사항인가요?
작업 상세 내용
psycopg2-binary의존성 추가render.yaml에 PostgreSQL DB 및 누락된 환경변수(SECRET_KEY,DATABASE_URL) 추가postgres://→postgresql://URL 자동 변환 처리 (src/db/database.py)NEXT_PUBLIC_API_BASE_URL을 Render 배포 URL로 업데이트allow_origins에 Vercel 도메인 추가체크리스트
관련 이슈
리뷰 포인트
render.yamlBlueprint 설정 — PostgreSQL 인스턴스와 Web Service 연결 구조database.py의postgres://→postgresql://변환 로직 (Render 제공 URL과 SQLAlchemy 요구사항 불일치 해소)참고사항 및 스크린샷(선택)
Summary by CodeRabbit
New Features
Chores