Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

removing inngest, removing the middleman so we can add more features #145

Merged
Jackson57279 merged 7 commits into from
Nov 24, 2025
Merged

removing inngest, removing the middleman so we can add more features #145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0615a36
removing inngest, removing the middleman so we can add more features
Jackson57279 Nov 23, 2025
88ef89f
fixing the coderabbit errors
Jackson57279 Nov 23, 2025
60de7ce
fixing coderabbit errors
Jackson57279 Nov 24, 2025
110b571
fixing coderabbit errors
Jackson57279 Nov 24, 2025
ef82d65
changes
Jackson57279 Nov 24, 2025
25bde38
fixing things
Jackson57279 Nov 24, 2025
a12b2c4
fixing build errors
Jackson57279 Nov 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,6 @@ SENTRY_DSN=""
# UploadThing (File Upload Service)
UPLOADTHING_TOKEN="" # Get from https://uploadthing.com/dashboard

# System Authentication
SYSTEM_API_KEY="" # System-level API key for backend service authentication (generate with: openssl rand -base64 32)

3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

# dependencies
/node_modules
/.bun
/.pnp
.pnp.*
.yarn/*
Expand Down Expand Up @@ -50,4 +51,4 @@ next-env.d.ts
.npm

# Database exports and migrations
/neon-thing/
/neon-thing/
5 changes: 2 additions & 3 deletions AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,13 +125,12 @@ Required for development:
- `E2B_API_KEY`: E2B sandbox API key
- `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY`: Clerk auth
- `CLERK_SECRET_KEY`: Clerk secret
- `INNGEST_EVENT_KEY`: Inngest event key
- `INNGEST_SIGNING_KEY`: Inngest signing key
- `SYSTEM_API_KEY`: System-level API key for backend service authentication

### E2B Templates
Before running AI code generation:
1. Build E2B templates with Docker
2. Update template name in `src/inngest/functions.ts` (line ~22)
2. Update template name in `src/agents/ai-sdk/code-agent.ts` if needed
3. Templates available: nextjs, angular, react, vue, svelte

### Convex Development
Expand Down
7 changes: 3 additions & 4 deletions CLAUDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ Subscriptions enable real-time UI updates when data changes.

## Configuration

### Environment Variables (17 required)
### Environment Variables (Required for local development and production)

```bash
# AI Gateway
Expand All @@ -201,9 +201,8 @@ WORKOS_ISSUER_URL
# File Upload (UploadThing)
UPLOADTHING_TOKEN # Get from https://uploadthing.com/dashboard

# Background Jobs (Inngest)
INNGEST_EVENT_KEY
INNGEST_SIGNING_KEY
# System Authentication
SYSTEM_API_KEY # System-level API key for backend service authentication

# OAuth (Optional)
FIGMA_CLIENT_ID, FIGMA_CLIENT_SECRET
Expand Down
39 changes: 14 additions & 25 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,31 +80,22 @@ npx prisma migrate dev # Enter name "init" for migration
npm run dev
```

### Setting Up Inngest for AI Code Generation
### Setting Up System API Key

You have two options for running Inngest:

#### Option 1: Inngest Cloud (Recommended for Vercel Deployment)
1. Create an account at [Inngest Cloud](https://app.inngest.com)
2. Create a new app and get your Event Key and Signing Key
3. Add these to your `.env` file:
1. Generate a secure API key for system-level backend operations:
```bash
SYSTEM_API_KEY="your-secure-api-key"
```
2. Add this to your `.env.local` file:
```bash
INNGEST_EVENT_KEY="your-event-key"
INNGEST_SIGNING_KEY="your-signing-key"
SYSTEM_API_KEY="your-secure-api-key"
```
4. For local development with cloud, use ngrok/localtunnel:
3. Also set it in your Convex environment:
```bash
npx localtunnel --port 3000
# Then sync your tunnel URL with Inngest Cloud
bun run convex env set SYSTEM_API_KEY "your-secure-api-key"
```

#### Option 2: Local Inngest Dev Server (Development Only)
```bash
# In a second terminal:
npx inngest-cli@latest dev -u http://localhost:3000/api/inngest
```
- Inngest Dev UI will be available at `http://localhost:8288`
- Note: This won't work for Vercel deployments
This key is used for authenticated backend service calls to Convex queries/mutations and webhook security.

## Setting Up Vercel AI Gateway

Expand Down Expand Up @@ -150,20 +141,18 @@ NEXT_PUBLIC_CLERK_SIGN_UP_URL="/sign-up"
NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL="/"
NEXT_PUBLIC_CLERK_SIGN_UP_FALLBACK_REDIRECT_URL="/"

# Inngest (for background job processing)
INNGEST_EVENT_KEY=""
INNGEST_SIGNING_KEY=""
# System Authentication
SYSTEM_API_KEY=""
```

## Deployment to Vercel

For detailed deployment instructions, see [DEPLOYMENT.md](./DEPLOYMENT.md).

Quick overview:
1. Set up Inngest Cloud account and get your keys
1. Set the `SYSTEM_API_KEY` environment variable in Vercel and Convex
2. Deploy to Vercel with all required environment variables
3. Sync your app with Inngest Cloud (`https://your-app.vercel.app/api/inngest`)
4. Run database migrations on your production database
3. Run database migrations on your production database

## Additional Commands

Expand Down
12 changes: 6 additions & 6 deletions SECURITY_FIXES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ This document details critical security fixes implemented to address data leaks,
// Only webhooks/background jobs can call this
await convex.mutation(api.usage.resetUsageSystem, {
userId: "...",
systemKey: process.env.INNGEST_SIGNING_KEY
systemKey: process.env.SYSTEM_API_KEY
});
```

Expand All @@ -57,7 +57,7 @@ await convex.mutation(api.usage.resetUsageSystem, {

**Fix**:
- Added `systemKey` parameter to `getForSystem` query
- Validates `INNGEST_SIGNING_KEY` before allowing access
- Validates `SYSTEM_API_KEY` before allowing access
- Updated all Inngest function calls to include system key (4 locations in `src/inngest/functions.ts`)

**Files Changed**:
Expand All @@ -75,7 +75,7 @@ await convex.query(api.projects.getForSystem, {
// With valid system key - SUCCEEDS
await convex.query(api.projects.getForSystem, {
projectId: "...",
systemKey: process.env.INNGEST_SIGNING_KEY
systemKey: process.env.SYSTEM_API_KEY
});
```

Expand Down Expand Up @@ -172,7 +172,7 @@ const showcase = await ctx.runQuery(api.projects.listShowcase, {});
- HMAC-SHA256 signature prevents tampering
- Nonce prevents token reuse
- 10-minute expiry window limits attack window
- Uses existing `INNGEST_SIGNING_KEY` (no new environment variables needed!)
- Uses existing `SYSTEM_API_KEY` (no new environment variables needed!)

**Testing**:
```typescript
Expand Down Expand Up @@ -240,7 +240,7 @@ POST /api/webhooks/polar
**Good news: NO new environment variables needed!** 🎉

All security fixes use existing environment variables:
- `INNGEST_SIGNING_KEY` - Already configured (used for OAuth state signing, system key validation, webhook protection)
- `SYSTEM_API_KEY` - Already configured (used for OAuth state signing, system key validation, webhook protection)
- `NEXT_PUBLIC_CONVEX_URL` - Already configured

Admins are managed via Convex dashboard (see "How to Add First Admin" above).
Expand Down Expand Up @@ -379,6 +379,6 @@ This security audit was designed to avoid configuration complexity:
- ✅ That's it!

All security improvements leverage:
- Existing `INNGEST_SIGNING_KEY` environment variable
- Existing `SYSTEM_API_KEY` environment variable
- Convex dashboard for admin operations (delete usage records, view data)
- WorkOS for authentication
Loading
Loading