Feature/isr

[prismistim]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
blog-snowsphere-dot-net	Ready	Preview, Comment	Jan 3, 2026 8:53am

[gemini-code-assist]

Summary of Changes

Hello @prismistim, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's content delivery strategy by implementing Incremental Static Regeneration (ISR) through the Vercel adapter for Astro. This allows for more efficient and timely content updates. Concurrently, the project's development tooling has been modernized by migrating from ESLint and Prettier to Biome, which now handles all linting and formatting tasks.

Highlights

• ISR Implementation: Configured Astro for Incremental Static Regeneration (ISR) using the Vercel adapter, enabling dynamic content updates without requiring a full site rebuild.
• Revalidation API Endpoint: Introduced a new API endpoint (/api/revalidate.ts) to programmatically trigger content revalidation, supporting targeted updates for the homepage and individual blog posts.
• Tooling Migration to Biome: Replaced ESLint and Prettier with Biome for code linting and formatting, streamlining the development workflow and ensuring consistent code style across the project.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces Incremental Static Regeneration (ISR) for Vercel and migrates the project from ESLint/Prettier to Biome. The configuration changes for ISR and the new Biome setup appear correct. However, the new revalidation API endpoint in src/api/revalidate.ts has a few security and robustness issues that should be addressed. I've provided specific comments and suggestions for improvement.

[gemini-code-assist]

Using !== for secret comparison is vulnerable to timing attacks. An attacker could potentially guess the secret by measuring response time differences. It's recommended to use a constant-time comparison function to mitigate this risk. For Node.js environments, crypto.timingSafeEqual is the standard solution. For web standard environments (like Vercel Edge), you might need to use the Web Crypto API's crypto.subtle.verify with HMAC or find a library that implements a constant-time comparison.

[gemini-code-assist]

The request.json() call will throw an error if the request body is missing or is not valid JSON. This will cause an unhandled promise rejection and result in a 500 error. You should wrap this call in a try...catch block to handle this case gracefully and return a 400 Bad Request response.

  let body
  try {
    body = await request.json()
  } catch {
    return new Response('Invalid JSON body', { status: 400 })
  }
  const postId = body.id ?? ''

[gemini-code-assist]

Promise.all will reject as soon as one of the fetch calls fails, leading to an unhandled error. To make this more robust, you can use Promise.allSettled. This will ensure all revalidation requests are attempted, and you can then check the results of each. The logic to check for success also needs to be updated to handle the allSettled result structure.

  const results = await Promise.allSettled(
    revalidateTargets.map((path) =>
      fetch(`${url.origin}${path}`, {
        method: 'HEAD',
        headers: {
          'x-prerender-revalidate': import.meta.env.VERCEL_REVALIDATE_TOKEN,
        },
      })
    )
  )

  const isSuccess = results.every(
    (res) =>
      res.status === 'fulfilled' &&
      res.value.ok &&
      res.value.headers.get('x-vercel-cache') === 'REVALIDATED'
  )