/api/image/generate - prod uses Base mainnet

[sweetmantech]

Summary by CodeRabbit

• Chores
  • Added environment-based mode (production support) and a runtime flag to drive behavior.
  • Renamed Coinbase API key environment variables; paymaster key preserved under the new layout.
  • Made facilitator selection and routing environment-aware.
  • Adjusted dynamic pricing and network routing for production vs development.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@sweetmantech has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 39 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 086224f and 73eb3ae.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• lib/x402/getFacilitator.ts (1 hunks)
• lib/x402/paymentMiddleware.ts (1 hunks)
• package.json (1 hunks)

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds NODE_ENV to .env example, introduces IS_PROD constant, updates Coinbase client to require renamed API key env vars, and makes payment middleware behavior (facilitator, price, network) conditional on production mode.

Changes

Cohort / File(s)	Summary
Environment Configuration .env.example	Added NODE_ENV=production in a new Environment block; replaced CDP_APP_KEY_ID/CDP_SECRET with CDP_API_KEY_ID/CDP_API_KEY_SECRET; retained CDP_PAYMASTER_KEY (reordered).
Production Detection lib/consts.ts	Added export const IS_PROD: boolean = process.env.NODE_ENV === "production";.
Environment-aware Payment Middleware lib/x402/paymentMiddleware.ts	Uses IS_PROD to select facilitator config; sets price ("$0.01" prod / "$0.0001" non-prod) and network ("base" prod / "base-sepolia" non-prod); relaxed some literal/type annotations.
Coinbase Client env vars lib/coinbase/client.ts	Replaced and validated env var names: CDP_APP_KEY_ID/CDP_SECRET → CDP_API_KEY_ID/CDP_API_KEY_SECRET; updated error messages accordingly.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Env as Runtime (process.env)
  participant Consts as lib/consts.ts
  participant PM as lib/x402/paymentMiddleware
  participant CC as lib/coinbase/client

  Env->>Consts: NODE_ENV
  Consts-->>PM: IS_PROD (true/false)
  alt IS_PROD == true
    PM->>PM: facilitator = facilitator (direct SDK)
    PM->>PM: price = "$0.01", network = "base"
  else IS_PROD == false
    PM->>PM: facilitator = { url: FACILITATOR_URL }
    PM->>PM: price = "$0.0001", network = "base-sepolia"
  end

  Env->>CC: CDP_API_KEY_ID & CDP_API_KEY_SECRET
  CC->>CC: validate vars -> throw if missing
  CC-->>PM: configured SDK instance (unchanged control flow)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Focus areas:
  • lib/x402/paymentMiddleware.ts: check the relaxed literal/type changes and facilitatorConfig typing compatibility.
  • lib/coinbase/client.ts: ensure no leftover references to old env var names and error messages are accurate.
  • .env.example: confirm ordering and new Environment block are intentional.

Poem

🐰 I hopped through NODE_ENV with cheer,

IS_PROD whispers when deployments near,
Keys renamed, prices shift their tune,
Facilitator dances under moon,
A crunchy carrot, and code is clear. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions '/api/image/generate' and 'Base mainnet', but the actual changes primarily involve updating Coinbase SDK keys, adding environment configuration, and introducing IS_PROD constant for production detection. The title does not accurately reflect these core changes.	Revise the title to reflect the main changes, such as: 'Update Coinbase API keys and add production environment configuration' or 'Add IS_PROD constant and environment-driven configuration for production'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

lib/x402/paymentMiddleware.ts (1)

17-28: Clarify the type annotation changes.

The removal of as const from the type annotations (lines 17, 19, 23, 25, 26) appears unrelated to the PR objective of switching to Base mainnet in production. These changes broaden the types from literal types to general types.

Was this change necessary to satisfy TypeScript constraints with the conditional expressions, or is this an incidental refactor?

.env.example (1)

32-35: Address static analysis warnings for .env file hygiene.

The static analysis tool flagged two minor issues:

1. Key ordering: CDP_PAYMASTER_KEY should be positioned before CDP_SECRET for consistency
2. Missing blank line at the end of the file

Apply this diff to address both issues:

 #  Coinbase
 CDP_APP_KEY_ID=your_coinbase_developer_platform_app_key_id
+CDP_PAYMASTER_KEY=your_coinbase_paymaster_key
 CDP_SECRET=your_coinbase_developer_platform_secret
-CDP_PAYMASTER_KEY=your_coinbase_paymaster_key
 
 # Environment
 NODE_ENV=production
+

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e7900f1 and 665ef96.

📒 Files selected for processing (3)

• .env.example (1 hunks)
• lib/consts.ts (1 hunks)
• lib/x402/paymentMiddleware.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

lib/x402/paymentMiddleware.ts (1)

lib/consts.ts (1)

• IS_PROD (23-23)

🪛 dotenv-linter (4.0.0)

.env.example

[warning] 32-32: [UnorderedKey] The CDP_PAYMASTER_KEY key should go before the CDP_SECRET key

(UnorderedKey)

---

[warning] 35-35: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🔇 Additional comments (4)

lib/consts.ts (1)

23-23: LGTM! Clean production mode check.

The IS_PROD constant correctly evaluates the production environment. The implementation safely defaults to false when NODE_ENV is undefined, which is appropriate for non-production environments.

lib/x402/paymentMiddleware.ts (2)

3-3: LGTM!

Clean import of the IS_PROD constant from the consts module.

---

12-13: Production configuration verified and correct.

The script confirms IS_PROD is properly defined in lib/consts.ts and consistently used in paymentMiddleware.ts. Production correctly switches to Base mainnet with price "$0.01", while non-production uses Base Sepolia with price "$0.0001". No conflicting or duplicate configurations exist. The implementation is sound.

.env.example (1)

34-35: LGTM! NODE_ENV addition supports the environment-aware configuration.

The NODE_ENV variable correctly enables the IS_PROD constant to determine production behavior.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.env.example (1)

34-35: Past review concern remains valid; add missing blank line.

A previous review noted that defaulting NODE_ENV=production in .env.example causes developers copying this file for local development to inadvertently run with production settings (Base mainnet, real fees). Additionally, the file is missing a blank line at the end per static analysis.

Apply this diff to add the missing blank line:

 # Environment
 NODE_ENV=production
+

🧹 Nitpick comments (1)

lib/x402/paymentMiddleware.ts (1)

18-29: The removal of "as const" is not required for library compatibility; consider restoring it for improved type safety.

x402-express defines outputSchema as Record<string, any>, which accepts both literal and general string/number types. Removing as const allows the values to be treated as mutable string and number types instead of immutable literals. While this doesn't break library compatibility, it unnecessarily reduces type precision. Restore as const unless mutation of these schema values is intentional.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 665ef96 and 7aa05b5.

📒 Files selected for processing (3)

• .env.example (1 hunks)
• lib/coinbase/client.ts (1 hunks)
• lib/x402/paymentMiddleware.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

lib/x402/paymentMiddleware.ts (1)

lib/consts.ts (1)

• IS_PROD (23-23)

🪛 dotenv-linter (4.0.0)

.env.example

[warning] 35-35: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🔇 Additional comments (6)

.env.example (1)

30-32: LGTM! Environment variable renaming aligns with client updates.

The renaming from CDP_APP_KEY_ID/CDP_SECRET to CDP_API_KEY_ID/CDP_API_KEY_SECRET is consistent with the updates in lib/coinbase/client.ts.

lib/coinbase/client.ts (1)

3-7: LGTM! Environment variable updates are consistent.

The updates to CDP_API_KEY_ID and CDP_API_KEY_SECRET align with the changes in .env.example, and the error message accurately reflects the new variable names.

lib/x402/paymentMiddleware.ts (4)

1-4: LGTM! Imports support production-aware configuration.

The new imports (Resource, IS_PROD, facilitator) are all utilized for the production-conditional behavior introduced in this file.

---

40-46: LGTM! Middleware updated to use conditional facilitator configuration.

The refactoring to use facilitatorConfig cleanly separates the production/non-production logic and makes the paymentMiddleware call more readable.

---

13-14: Network identifiers are valid and correctly configured.

x402-express supports the network identifiers "base" and "base-sepolia". The conditional logic correctly switches between production ("$0.01", "base") and non-production ("$0.0001", "base-sepolia") environments. No changes needed.

---

34-38: No action required — facilitator usage is correct.

The x402-express paymentMiddleware accepts either the facilitator object, a facilitator config, or a URL as the third argument. Your code correctly implements this: in production it passes the facilitator object from @coinbase/x402, and in non-production it passes a facilitator config with a URL. Both patterns are valid.