Staging

[Shashank0701-byte]

Summary by CodeRabbit

• New Features

  • Added a lightweight health endpoint returning service status.

• Chores

  • Added an Nginx reverse proxy to serve the app on port 80.
  • Switched from publishing the app port to exposing it internally and created an isolated internal network for service-to-service traffic.
  • Added a service healthcheck and build-time environment args for Firebase configuration.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
system-craft	Ready	Preview, Comment	Mar 13, 2026 7:49pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f21e6157-bbe1-48e5-aeab-f9397f6eb27b

📥 Commits

Reviewing files that changed from the base of the PR and between 57ceb8a and 9e7988a.

📒 Files selected for processing (2)

• Dockerfile
• docker-compose.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• docker-compose.yml

---

📝 Walkthrough

Walkthrough

Adds an internal Docker network and nginx reverse proxy; modifies the web service to expose port 3000 internally, add build args and a healthcheck; introduces a Next.js /api/health route and a small Dockerfile runtime package install change.

Changes

Cohort / File(s)	Summary
Compose: services & network docker-compose.yml	Adds nginx service and systemcraft_net network; updates web to use expose: "3000", add build args for multiple NEXT_PUBLIC_FIREBASE_* vars, healthcheck, networks, and internal networking (removes host port publish).
Nginx config nginx/default.conf	New Nginx reverse-proxy config: listens on port 80, upstream web:3000, proxies all requests, sets standard proxy headers, supports WebSocket upgrades and Docker DNS re-resolution.
App health route app/api/health/route.ts	New Next.js API route: GET handler returns JSON { status: 'ok' } with HTTP 200 for health checks.
Runtime package change Dockerfile	Installs wget in the runner stage via apk add --no-cache wget (minor runtime package addition).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Client as Client
    participant Nginx as Nginx (container)
    participant Web as Web (container)
    participant Docker as Docker (host)

    Client->>Nginx: HTTP request (port 80)
    Nginx->>Web: Proxy request -> http://web:3000
    Web-->>Nginx: Response
    Nginx-->>Client: Response

    Docker->>Web: Healthcheck GET /api/health
    Web-->>Docker: 200 { "status":"ok" }

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 I hopped into compose and found a new door,
Nginx in front, web inside—no host port to pour.
A tiny /health ping sings tidy and bright,
Wget packed in the runner, ready for flight.
Containers hum softly — rabbit-approved delight.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Staging' is vague and generic, failing to describe the actual changes made in this pull request such as adding Docker Compose configuration, Nginx reverse proxy setup, healthcheck endpoint, and infrastructure improvements.	Replace the title with a descriptive summary of the main changes, such as 'Add Docker Compose with Nginx reverse proxy and healthcheck' or 'Set up containerized infrastructure with reverse proxy configuration'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch staging

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable the changed files summary in the walkthrough.

Disable the reviews.changed_files_summary setting to disable the changed files summary in the walkthrough.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

nginx/default.conf (1)

8-9: Only send Connection: upgrade when the client is actually upgrading.

This currently marks every proxied request as an upgrade attempt. NGINX's WebSocket guidance uses a conditional header value derived from $http_upgrade, which is safer for mixed HTTP and WebSocket traffic. (nginx.org)

♻️ Suggested change

+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}

-        proxy_set_header Connection 'upgrade';
+        proxy_set_header Connection $connection_upgrade;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nginx/default.conf` around lines 8 - 9, The config currently always sends
Connection: 'upgrade' for every proxied request; change to send Connection only
when the client requests an upgrade by using a conditional variable (e.g. define
a map from $http_upgrade to $connection_upgrade and then set proxy_set_header
Connection $connection_upgrade) and keep proxy_set_header Upgrade $http_upgrade
as-is; update the nginx config to add the map block referencing $http_upgrade
and replace the hardcoded proxy_set_header Connection 'upgrade' with
proxy_set_header Connection $connection_upgrade so normal HTTP requests are not
marked as WebSocket upgrades.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml`:
- Around line 36-38: The current short-form depends_on for the nginx service
only enforces start order and doesn't wait for the web service to be ready;
change nginx's depends_on to the long-form that uses condition: service_healthy
and add a healthcheck stanza to the web service (use an HTTP readiness probe or
command that matches the app, e.g., GET /health or appropriate
container-specific check) so Docker Compose will wait for the web service to be
healthy before starting nginx; reference the depends_on entry for nginx and the
web service definition when making these changes.

In `@nginx/default.conf`:
- Around line 1-6: The proxy_pass currently uses a literal host so nginx only
resolves `web` at config load; update the `server{ ... location / { proxy_pass
... } }` block to enable runtime DNS re-resolution by adding a resolver
directive and switching `proxy_pass` to use a variable or a resolvable upstream
(e.g., declare `resolver` and use `proxy_pass http://$upstream;` or define an
`upstream web { server web:3000 resolve; }`), so nginx will re-resolve the `web`
service at runtime after container recreation.

---

Nitpick comments:
In `@nginx/default.conf`:
- Around line 8-9: The config currently always sends Connection: 'upgrade' for
every proxied request; change to send Connection only when the client requests
an upgrade by using a conditional variable (e.g. define a map from $http_upgrade
to $connection_upgrade and then set proxy_set_header Connection
$connection_upgrade) and keep proxy_set_header Upgrade $http_upgrade as-is;
update the nginx config to add the map block referencing $http_upgrade and
replace the hardcoded proxy_set_header Connection 'upgrade' with
proxy_set_header Connection $connection_upgrade so normal HTTP requests are not
marked as WebSocket upgrades.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cd91fad7-33dc-4618-8493-57fe5bd0df70

📥 Commits

Reviewing files that changed from the base of the PR and between 14baeee and c9e1445.

📒 Files selected for processing (2)

• docker-compose.yml
• nginx/default.conf

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml`:
- Around line 24-29: The healthcheck's test command uses the GNU wget flag
"--no-verbose" which BusyBox wget in the node:20-alpine image doesn't support;
either remove that flag and use a BusyBox-compatible wget invocation (e.g.,
change the healthcheck test to ["CMD-SHELL","wget --spider --tries=1
http://127.0.0.1:3000/api/health || exit 1"]) or switch to curl by installing
curl in the runner stage (add RUN apk add --no-cache curl to the Dockerfile
runner stage) and update the healthcheck test to use curl (e.g.,
["CMD-SHELL","curl -fS http://127.0.0.1:3000/api/health || exit 1"]). Ensure you
update the docker-compose.yml healthcheck test accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8fa8f195-149b-43b0-b7ea-122eb8fde033

📥 Commits

Reviewing files that changed from the base of the PR and between c9e1445 and 941ee4b.

📒 Files selected for processing (3)

• app/api/health/route.ts
• docker-compose.yml
• nginx/default.conf

🚧 Files skipped from review as they are similar to previous changes (1)

• nginx/default.conf

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

docker-compose.yml (1)

13-13: Remove fixed container_name unless external integration requires it.

Fixed container_name prevents scaling beyond one container and bypasses Docker Compose's project-name namespacing, creating collision risks if multiple projects run on the same host. Compose already provides stable DNS through service names.

Also applies to: 34-34

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` at line 13, Remove the fixed container_name entries so
Compose can manage instance names and allow scaling; specifically delete the
lines setting "container_name: systemcraft_web" (and the other container_name
line mentioned, e.g., "container_name: systemcraft_db") from the
docker-compose.yml service definitions, leaving only the service names so Docker
Compose provides stable DNS and project-scoped names unless an external
integration explicitly requires a fixed container_name.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml`:
- Around line 6-18: The build is silently accepting empty NEXT_PUBLIC_FIREBASE_*
args; update the args block so each build-arg uses the required-value expansion
form (e.g., replace NEXT_PUBLIC_FIREBASE_API_KEY=${NEXT_PUBLIC_FIREBASE_API_KEY}
with
NEXT_PUBLIC_FIREBASE_API_KEY=${NEXT_PUBLIC_FIREBASE_API_KEY:?NEXT_PUBLIC_FIREBASE_API_KEY
is required}) for every NEXT_PUBLIC_FIREBASE_* entry in the args list so
docker-compose will fail fast when any required Firebase env var is missing
during compose rendering.

---

Nitpick comments:
In `@docker-compose.yml`:
- Line 13: Remove the fixed container_name entries so Compose can manage
instance names and allow scaling; specifically delete the lines setting
"container_name: systemcraft_web" (and the other container_name line mentioned,
e.g., "container_name: systemcraft_db") from the docker-compose.yml service
definitions, leaving only the service names so Docker Compose provides stable
DNS and project-scoped names unless an external integration explicitly requires
a fixed container_name.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f1c97596-723d-4f70-a6c9-eff1ad8a28e1

📥 Commits

Reviewing files that changed from the base of the PR and between 941ee4b and 1f6f9b8.

📒 Files selected for processing (1)

• docker-compose.yml

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

docker-compose.yml (2)

13-13: Drop container_name unless you truly need a fixed global name.

These names prevent horizontal scaling — Compose will not scale services beyond one container when container_name is set. The nginx service can already reach the app via the web service name on systemcraft_net, so fixed container names are unnecessary here.

Suggested diff

-    container_name: systemcraft_web
@@
-    container_name: systemcraft_nginx

Also applies to: 34-34

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` at line 13, Remove the hard-coded container_name entries
(the container_name: systemcraft_web and container_name: systemcraft_nginx
occurrences) from docker-compose.yml so Compose can scale services horizontally;
leave service names (web, nginx) and their network configuration
(systemcraft_net) intact so inter-service communication still uses the service
hostname rather than a fixed container name.

---

38-40: Mount the Nginx config read-only.

Nginx only needs to read this file. Making the bind mount read-only reduces risk if the proxy container is ever compromised.

Suggested diff

-      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 38 - 40, Update the bind mount in the
volumes block so the Nginx config file is mounted read-only: locate the mapping
"./nginx/default.conf:/etc/nginx/conf.d/default.conf" in the volumes section and
append the read-only flag to the mount (use the :ro option) so the container can
read but not modify the host config file.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml`:
- Around line 24-25: The healthcheck uses wget but the runner stage image lacks
it; modify the Dockerfile's runner stage (before the USER directive) to install
wget by adding an apk install for wget (e.g., RUN apk add --no-cache wget) so
the healthcheck command (healthcheck test using wget) can run successfully and
not leave the container unhealthy.

---

Nitpick comments:
In `@docker-compose.yml`:
- Line 13: Remove the hard-coded container_name entries (the container_name:
systemcraft_web and container_name: systemcraft_nginx occurrences) from
docker-compose.yml so Compose can scale services horizontally; leave service
names (web, nginx) and their network configuration (systemcraft_net) intact so
inter-service communication still uses the service hostname rather than a fixed
container name.
- Around line 38-40: Update the bind mount in the volumes block so the Nginx
config file is mounted read-only: locate the mapping
"./nginx/default.conf:/etc/nginx/conf.d/default.conf" in the volumes section and
append the read-only flag to the mount (use the :ro option) so the container can
read but not modify the host config file.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3930755b-409f-4f4b-bd12-28e4cf4da9b2

📥 Commits

Reviewing files that changed from the base of the PR and between 1f6f9b8 and 57ceb8a.

📒 Files selected for processing (1)

• docker-compose.yml