From 068ac7feae3f310025c2e9789cf246a6c2f802a5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 17:55:39 +0000
Subject: [PATCH 1/4] Initial plan
From cc5e8504295a44ff08dde943720435090b874d41 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 18:01:43 +0000
Subject: [PATCH 2/4] fix: validate and allowlist language parameter against
SUPPORTED_LANGUAGES
PR #92 introduced a security vulnerability by replacing the language
allowlist validation with `language = body.language || "English"`,
which allows arbitrary values to be injected into the AI prompt.
Restore the proper validation:
- Check that body.language is a string
- Normalize to title case
- Validate against SUPPORTED_LANGUAGES allowlist
- Fall back to "English" if not in the list
This also includes the other improvements from PR #92 (markdown cleanup,
gemini model update, UI language list).
Co-authored-by: jaseel0 <225665919+jaseel0@users.noreply.github.com>
Agent-Logs-Url: https://github.com/BeyteFlow/ReadmeGenAI/sessions/486edd1a-2457-4589-b5e2-b61f6dfde55f
---
README.md | 2 +-
assets/{fearture-page.png => feature-page.png} | Bin
src/app/api/generate/route.ts | 9 ++++++---
src/components/Generator/SearchInput.tsx | 17 +++++++++++++++--
src/lib/gemini.ts | 2 +-
5 files changed, 23 insertions(+), 7 deletions(-)
rename assets/{fearture-page.png => feature-page.png} (100%)
diff --git a/README.md b/README.md
index 6cf4bd1..7cf68c9 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ ReadmeGenAI eliminates this friction by leveraging advanced AI to automatically
} A JSON response containing the generated Markdown or an error message.
*/
export async function POST(req: Request) {
@@ -157,9 +157,12 @@ export async function POST(req: Request) {
const result = await model.generateContent(prompt);
const response = await result.response;
- const markdown = response.text();
+ const markdown = response.text().trim();
+ const cleanMarkdown = markdown
+ .replace(/^```(markdown|md)?\n/, "")
+ .replace(/\n```$/, "");
- return NextResponse.json({ markdown });
+ return NextResponse.json({ markdown: cleanMarkdown });
} catch (error: unknown) {
const message =
error instanceof Error ? error.message : "Internal Server Error";
diff --git a/src/components/Generator/SearchInput.tsx b/src/components/Generator/SearchInput.tsx
index eee2617..dc3829b 100644
--- a/src/components/Generator/SearchInput.tsx
+++ b/src/components/Generator/SearchInput.tsx
@@ -29,6 +29,20 @@ export const SearchInput = ({
const [language, setLanguage] = useState("English");
const [error, setError] = useState(null);
+ const languages = [
+ "English",
+ "Spanish",
+ "French",
+ "German",
+ "Chinese",
+ "Japanese",
+ "Korean",
+ "Portuguese",
+ "Russian",
+ "Arabic",
+ "Turkish",
+ ];
+
const handleSubmit = (e: React.FormEvent) => {
e.preventDefault();
setError(null);
@@ -72,10 +86,9 @@ export const SearchInput = ({
setLanguage(e.target.value)}
- aria-label="Select language for README generation"
className="bg-zinc-900/50 border border-white/10 rounded-2xl px-6 py-6 text-white focus:outline-none focus:ring-2 focus:ring-blue-500/50 transition-all backdrop-blur-xl appearance-none cursor-pointer min-w-[140px]"
>
- {SUPPORTED_LANGUAGES.map((lang) => (
+ {languages.map((lang) => (
Date: Tue, 24 Mar 2026 18:03:03 +0000
Subject: [PATCH 3/4] fix: restore aria-label and use SUPPORTED_LANGUAGES in
SearchInput
- Restore the aria-label attribute on the language select element
(removed in PR #92, reducing accessibility)
- Replace the duplicate inline languages array with SUPPORTED_LANGUAGES
from constants (single source of truth)
Co-authored-by: jaseel0 <225665919+jaseel0@users.noreply.github.com>
Agent-Logs-Url: https://github.com/BeyteFlow/ReadmeGenAI/sessions/486edd1a-2457-4589-b5e2-b61f6dfde55f
---
src/components/Generator/SearchInput.tsx | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/src/components/Generator/SearchInput.tsx b/src/components/Generator/SearchInput.tsx
index dc3829b..eee2617 100644
--- a/src/components/Generator/SearchInput.tsx
+++ b/src/components/Generator/SearchInput.tsx
@@ -29,20 +29,6 @@ export const SearchInput = ({
const [language, setLanguage] = useState("English");
const [error, setError] = useState(null);
- const languages = [
- "English",
- "Spanish",
- "French",
- "German",
- "Chinese",
- "Japanese",
- "Korean",
- "Portuguese",
- "Russian",
- "Arabic",
- "Turkish",
- ];
-
const handleSubmit = (e: React.FormEvent) => {
e.preventDefault();
setError(null);
@@ -86,9 +72,10 @@ export const SearchInput = ({
setLanguage(e.target.value)}
+ aria-label="Select language for README generation"
className="bg-zinc-900/50 border border-white/10 rounded-2xl px-6 py-6 text-white focus:outline-none focus:ring-2 focus:ring-blue-500/50 transition-all backdrop-blur-xl appearance-none cursor-pointer min-w-[140px]"
>
- {languages.map((lang) => (
+ {SUPPORTED_LANGUAGES.map((lang) => (
Date: Tue, 24 Mar 2026 18:04:27 +0000
Subject: [PATCH 4/4] fix: correct JSDoc comment (Next.js Request, not Fastify)
The PR #92 incorrectly changed the JSDoc to say "Fastify request object".
This is a Next.js API route that uses the standard Web Request API.
Co-authored-by: jaseel0 <225665919+jaseel0@users.noreply.github.com>
Agent-Logs-Url: https://github.com/BeyteFlow/ReadmeGenAI/sessions/486edd1a-2457-4589-b5e2-b61f6dfde55f
---
src/app/api/generate/route.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/app/api/generate/route.ts b/src/app/api/generate/route.ts
index 06044db..fabbdfc 100644
--- a/src/app/api/generate/route.ts
+++ b/src/app/api/generate/route.ts
@@ -9,7 +9,7 @@ export const dynamic = "force-dynamic";
* AI README Generation Endpoint
* Optimized for data accuracy, clean prompt interpolation, and multi-language support.
*
- * @param {Request} req - The incoming Fastify request object containing the repo URL and optional language.
+ * @param {Request} req - The incoming request object containing the repo URL and optional language.
* @returns {Promise} A JSON response containing the generated Markdown or an error message.
*/
export async function POST(req: Request) {
+ 
## Technical Architecture
diff --git a/assets/fearture-page.png b/assets/feature-page.png
similarity index 100%
rename from assets/fearture-page.png
rename to assets/feature-page.png
diff --git a/src/app/api/generate/route.ts b/src/app/api/generate/route.ts
index 8eaaeee..06044db 100644
--- a/src/app/api/generate/route.ts
+++ b/src/app/api/generate/route.ts
@@ -9,7 +9,7 @@ export const dynamic = "force-dynamic";
* AI README Generation Endpoint
* Optimized for data accuracy, clean prompt interpolation, and multi-language support.
*
- * @param {Request} req - The incoming request object containing the repo URL and optional language.
+ * @param {Request} req - The incoming Fastify request object containing the repo URL and optional language.
* @returns {Promise