Feature: Find your numainda

[aliirz]

closes #46

• Added new directories to .gitignore for data and generated images.
• Updated package dependencies, including Playwright and AWS SDKs, to support new functionalities.
• Introduced new API routes for managing representatives, including search, filters, and location-based queries.
• Added scripts for downloading high-resolution images and generating embeddings for representatives.
• Enhanced the layout with a floating chat bubble for improved user interaction.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
numainda	Ready	Preview, Comment	Jan 3, 2026 3:45pm

[claude]

Pull Request Review: Feature - Find your numainda

This is a substantial feature addition that introduces representative search capabilities. Overall, the implementation is solid with good architectural decisions.

✅ Strengths

Excellent Architecture:

• Dual RAG system intelligently separates document embeddings from representative embeddings
• AI-powered query routing using detectQueryTypes() with GPT-4o-mini is clever
• Parallel search execution using Promise.all() optimizes performance
• Haversine formula for geographic searches

Good Database Design:

• Proper indexing on representatives table
• HNSW index on embeddings for cosine similarity
• Cascading deletes maintain referential integrity

Best Practices:

• Batch processing in embedding generation (5 at a time, 1s delay)
• Proper error handling with try-catch blocks
• Force-dynamic export prevents unwanted caching

🚨 Critical Issues

1. SQL Injection Risk
Location: app/api/representatives/by-location/route.ts:32-67 and nearby/route.ts:30-62

Raw SQL with user input. Add validation: cap radius at 500km, limit at 100, validate lat/lng ranges.

2. Path Traversal Vulnerability
Location: app/api/representatives/[id]/route.ts:33 and similar

Use path.basename() instead of .pop() for image path extraction.

3. Missing Input Validation
Location: app/api/representatives/route.ts:24-30

Add query length validation (max 8000 chars) before generating embeddings.

4. Unclosed File Backup
Delete app/chat.backup/page.tsx - it's in git history.

⚠️ Important Issues

1. AI query detection fallback could be improved with heuristics
2. Race condition with isGenerating/isLoading state in floating chat
3. Missing error boundaries on floating chat component
4. Inconsistent similarity thresholds (0.75 vs 0.70) - document if intentional
5. Code duplication - extract image URL transformation to utility

💡 Suggestions

• Optimize 95-line system prompt to reduce token costs
• Add JSDoc comments to API routes
• Add test coverage for critical paths
• Implement rate limiting on public APIs
• Add observability/monitoring for RAG pipeline

📊 Metrics

Metric	Score
Architecture	⭐⭐⭐⭐⭐
Security	⭐⭐⭐
Performance	⭐⭐⭐⭐
Error Handling	⭐⭐⭐⭐
Testing	⭐
Documentation	⭐⭐

🎯 Before Merge

Must Fix:

1. Add input validation for lat/lng/radius/limit
2. Use path.basename() for images
3. Add query length validation
4. Remove backup file

Should Fix:
5. Improve AI fallback
6. Fix state management race condition
7. Extract utility function for image URLs
8. Add API documentation

Summary

Well-architected feature with innovative AI query routing. Security issues must be addressed before merging. With fixes, this will be a solid addition.

Recommendation: Approve with changes

Great work! 🚀