chore: shutter env variables

[kemuru]

PR-Codex overview

This PR focuses on adding the REACT_APP_SHUTTER_API environment variable to various .env files and updating the fetch calls in the code to utilize this new variable for API requests instead of hardcoded URLs.

Detailed summary

• Added REACT_APP_SHUTTER_API to multiple .env files.
• Updated fetch calls in web/src/utils/shutter.ts to use ${import.meta.env.REACT_APP_SHUTTER_API} for API requests.
• Introduced SHUTTER_API constant in contracts/scripts/shutter.ts to utilize the environment variable for API requests.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Chores
  • Updated environment configuration files to include a configurable Shutter API URL for improved flexibility across different environments.
• Refactor
  • Replaced hardcoded Shutter API URLs in the application with environment variables, allowing dynamic selection of the API endpoint.

[coderabbitai]

Walkthrough

The changes introduce new environment variables to configure the Shutter API endpoint across both backend and frontend environments. Hardcoded Shutter API URLs in scripts and utilities are replaced with references to these environment variables, allowing for dynamic configuration of the API base URL. No other logic or control flow is altered.

Changes

File(s)	Change Summary
contracts/.env.example	Added SHUTTER_API variable with default Shutter API URL.
contracts/scripts/shutter.ts	Replaced hardcoded Shutter API URL with SHUTTER_API environment variable; updated API calls accordingly.
web/.env.devnet-neo.public web/.env.devnet-university.public web/.env.devnet.public	Added REACT_APP_SHUTTER_API variable with Shutter API URL.
web/.env.local.public web/.env.mainnet-neo.public web/.env.testnet.public	Added REACT_APP_SHUTTER_API variable with Shutter API URL.
web/src/utils/shutter.ts	Updated fetch calls to use REACT_APP_SHUTTER_API from environment variables instead of hardcoded URL.

Sequence Diagram(s)

sequenceDiagram
    participant App/Script
    participant Env
    participant ShutterAPI

    App/Script->>Env: Read SHUTTER_API or REACT_APP_SHUTTER_API
    App/Script->>ShutterAPI: Make API request using configured base URL
    ShutterAPI-->>App/Script: Return response

Loading

Poem

A hop, a skip, a variable set,
No more hardcoded URLs to fret!
Now Shutter’s path is clear and bright,
Configured by env, not hidden from sight.
With every fetch, the rabbits cheer,
For flexible APIs are finally here!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

contracts/scripts/shutter.ts (1)

93-93: Same environment variable validation issue applies here.

This line also uses the potentially undefined SHUTTER_API variable, which could result in malformed URLs.

🧹 Nitpick comments (4)

contracts/.env.example (1)

22-22: Ensure consistent quoting in .env entries.

All other variables in this example file are unquoted (e.g., INFURA_API_KEY=...). Wrapping the URL in double quotes may introduce unexpected literal quotes when parsed by some tools. Consider removing the surrounding quotes for consistency:

- SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
+ SHUTTER_API=https://shutter-api.chiado.staging.shutter.network/api

web/.env.devnet-university.public (1)

11-11: Verify environment variable exposure in production builds.

Similar to the local config, confirm that REACT_APP_SHUTTER_API is injected into import.meta.env at runtime. If not, switch to the VITE_ prefix and remove the quotes for consistency:

- export REACT_APP_SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
+ export VITE_SHUTTER_API=https://shutter-api.chiado.staging.shutter.network/api

web/.env.devnet.public (1)

10-10: Ensure correct env var naming and consistency.

Double-check that your environment loader exposes REACT_APP_SHUTTER_API. If you’re on Vite, rename to VITE_SHUTTER_API and consider dropping the quotes:

- export REACT_APP_SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
+ export VITE_SHUTTER_API=https://shutter-api.chiado.staging.shutter.network/api

web/src/utils/shutter.ts (1)

33-33: Guard against missing base URL and DRY up fetch calls.

If REACT_APP_SHUTTER_API is undefined, your fetch calls will target "undefined/... at runtime. Extract and validate the base URL once, then reuse it:

+ // After imports
+ const SHUTTER_BASE_URL = import.meta.env.REACT_APP_SHUTTER_API;
+ if (!SHUTTER_BASE_URL) {
+   throw new Error("Missing environment variable REACT_APP_SHUTTER_API");
+ }

--- fetchShutterData ---------------------
- const response = await fetch(`${import.meta.env.REACT_APP_SHUTTER_API}/register_identity`, {
+ const response = await fetch(`${SHUTTER_BASE_URL}/register_identity`, {
   method: "POST",
   ...
 });

--- fetchDecryptionKey -------------------
- const response = await fetch(`${import.meta.env.REACT_APP_SHUTTER_API}/get_decryption_key?identity=${identity}`, {
+ const response = await fetch(`${SHUTTER_BASE_URL}/get_decryption_key?identity=${identity}`, {
   method: "GET",
   ...
 });

Also applies to: 80-80

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7bbe6df and 1fd3526.

📒 Files selected for processing (9)

• contracts/.env.example (1 hunks)
• contracts/scripts/shutter.ts (3 hunks)
• web/.env.devnet-neo.public (1 hunks)
• web/.env.devnet-university.public (1 hunks)
• web/.env.devnet.public (1 hunks)
• web/.env.local.public (1 hunks)
• web/.env.mainnet-neo.public (1 hunks)
• web/.env.testnet.public (1 hunks)
• web/src/utils/shutter.ts (2 hunks)

🔇 Additional comments (3)

web/.env.local.public (1)

9-9: Align variable prefix with Vite’s requirements.

Your frontend code uses import.meta.env.REACT_APP_SHUTTER_API, but Vite only exposes env vars prefixed with VITE_ by default. Please verify your build config supports REACT_APP_*, or rename to VITE_SHUTTER_API for seamless injection:

- export REACT_APP_SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
+ export VITE_SHUTTER_API=https://shutter-api.chiado.staging.shutter.network/api

web/.env.testnet.public (1)

11-11: LGTM! Appropriate staging URL for testnet environment.

The staging Shutter API URL is correctly configured for the testnet environment.

web/.env.devnet-neo.public (1)

12-12: LGTM! Appropriate staging URL for devnet environment.

The staging Shutter API URL is correctly configured for the devnet-neo environment.

[coderabbitai]

⚠️ Potential issue

Add validation for the required environment variable.

The SHUTTER_API environment variable is declared as optional with no default value, which means it could be undefined. This will cause runtime errors when constructing API URLs in the fetch functions.

Add proper validation to ensure the environment variable is set:

-const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
+const SHUTTER_API = env.required("SHUTTER_API");

Or if you want to keep it optional, add validation:

-const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
+const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
+if (!SHUTTER_API) {
+  throw new Error("SHUTTER_API environment variable is required but not set");
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
	-const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
	+const SHUTTER_API = env.required("SHUTTER_API");

Suggested change

	const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
	const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
	+if (!SHUTTER_API) {
	+ throw new Error("SHUTTER_API environment variable is required but not set");
	+}

🤖 Prompt for AI Agents

In contracts/scripts/shutter.ts at line 7, the SHUTTER_API environment variable
is declared as optional without a default, which can lead to undefined values
and runtime errors. Modify the code to validate that SHUTTER_API is defined
before using it by either making it required with env.required or adding a
runtime check that throws an error if SHUTTER_API is undefined, ensuring safe
usage in API URL construction.

[jaybuidl]

I actually handle it like this in the feat/shutter-dispute-kit branch. I will change it when merging.

[coderabbitai]

@jaybuidl Thanks for the confirmation! That sounds like a good approach to handle the environment variable validation in the feature branch and apply it during the merge. I appreciate you keeping track of these improvements across branches.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify the environment variable is properly set.

Since SHUTTER_API could be undefined, this URL construction could result in "undefined/register_identity", causing API calls to fail.

Ensure the environment variable is properly configured across all deployment environments:

---

🏁 Script executed:

#!/bin/bash
# Description: Check if SHUTTER_API is defined in environment configuration files

# Look for SHUTTER_API definitions in env files
fd -e env -e example | xargs grep -l "SHUTTER_API" || echo "No SHUTTER_API found in env files"

# Check if there are any default values or fallbacks defined
rg "SHUTTER_API.*=" -A 2 -B 2

Length of output: 1202

---

🏁 Script executed:

#!/bin/bash
set -e
# Search for definition of optionalNoDefault to understand its behavior
rg "optionalNoDefault" -n -C 3

Length of output: 3790

---

Use a required environment variable for SHUTTER_API

The env.optionalNoDefault("SHUTTER_API") call can return undefined, leading to requests against "undefined/register_identity". Instead, make SHUTTER_API mandatory so the script fails fast if it’s unset.

• In contracts/scripts/shutter.ts (at the top, around line 7)

- const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
+ const SHUTTER_API = env.require("SHUTTER_API");

• This change will throw a clear error at startup if SHUTTER_API is not defined, preventing invalid fetch URLs.
• Ensure your deployment/CI environments define SHUTTER_API.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const response = await fetch(`${SHUTTER_API}/register_identity`, {
	// contracts/scripts/shutter.ts (around the top of the file)
	-import { env } from "...";
	-const SHUTTER_API = env.optionalNoDefault("SHUTTER_API");
	+const SHUTTER_API = env.require("SHUTTER_API");

🤖 Prompt for AI Agents

In contracts/scripts/shutter.ts around line 7, change the environment variable
retrieval for SHUTTER_API from an optional call to a required one so that the
script throws an error immediately if SHUTTER_API is not set. This prevents
constructing fetch URLs with "undefined" and ensures the script fails fast.
Update the code to use a method that enforces SHUTTER_API presence and verify
that all deployment and CI environments define this variable.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify if staging URL is appropriate for mainnet environment.

The mainnet (production) environment is configured to use the staging Shutter API URL. This may cause reliability issues if the staging environment has different uptime guarantees or gets reset.

Please confirm if this is intentional or if a production Shutter API URL should be used instead:

---

🌐 Web query:

What is the production URL for the Shutter API? Is there a difference between staging and production endpoints?

💡 Result:

Based on the search results, the Shutter API has different endpoints for staging and production environments.

Shutter API Endpoints

The production and staging URLs for Shutter API are environment-specific. According to the information available, the Shutter API can be accessed through the following endpoint for the Chiado environment:

https://shutter-api.chiado

This appears to be one of the available endpoints where you can query the API[2]. However, the complete production URL structure isn't fully specified in the provided information.

Staging vs. Production Environments

There is indeed a difference between staging and production environments for APIs, including the Shutter API. These differences typically include:

1. Separate Endpoints: Organizations often provide distinct URLs for staging and production environments[6][10].

2. Different Rate Limits: Staging environments may have lower rate limits compared to production environments[6][10].

3. Method Restrictions: Some API methods or endpoints might be restricted in staging environments but available in production, or vice versa. This allows testing new features safely before making them available to all users[6].

4. Traffic Separation: In proper implementations, staging and production traffic is separated to allow for better analytics and monitoring[6][10].

One common approach is to use different application plans for each environment with distinct rate limits and method availability. This helps developers test their applications in a controlled environment before moving to production[6][10].

While the specific differences between Shutter API's staging and production endpoints aren't explicitly detailed in the search results, it follows standard API management practices of providing separate environments for development/testing and production use.

Citations:

• 1: https://api-reference.shutterstock.com
• 2: https://github.com/shutter-network/shutter-api
• 3: https://www.shutterstock.com/developers/documentation/authentication
• 4: https://www.youtube.com/watch?v=qurxvE7lhX0
• 5: https://developers.shotgridsoftware.com/rest-api/
• 6: https://docs.redhat.com/en/documentation/red_hat_3scale_api_management/2.3/html/api_devops/differentiate-environments
• 7: https://www.npmjs.com/package/shutterstock-api
• 8: https://community.weweb.io/t/staging-vs-production-environment/14003
• 9: https://developer.cybersource.com/docs/cybs/en-us/endpoints/reference/all/na/endpoints/endpoints.html
• 10: https://docs.redhat.com/en/documentation/red_hat_3scale_api_management/2.1/html/api_devops/differentiate-environments

---

Use Production Shutter API Endpoint in Mainnet Environment

The web/.env.mainnet-neo.public file is currently pointing at the staging API (https://shutter-api.chiado.staging.shutter.network/api), but the production Chiado endpoint should be different.

• File: web/.env.mainnet-neo.public
Line 12:

- export REACT_APP_SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
+ export REACT_APP_SHUTTER_API="https://shutter-api.chiado/api"

Please confirm the exact production URL (e.g. include or omit /api) and update this variable to avoid relying on the staging service in production.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export REACT_APP_SHUTTER_API="https://shutter-api.chiado.staging.shutter.network/api"
	export REACT_APP_SHUTTER_API="https://shutter-api.chiado/api"

🤖 Prompt for AI Agents

In web/.env.mainnet-neo.public at line 12, the REACT_APP_SHUTTER_API is set to
the staging URL, which is inappropriate for the mainnet production environment.
Replace the staging URL with the correct production Shutter API endpoint for
Chiado, ensuring you confirm whether the path should include "/api" or not.
Update the environment variable to point to the verified production URL to avoid
using the staging service in production.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud