update routing for v2 api

[writersblockchain]

• Fix doubled /prove/prove URL by treating WEB_PROVER_API_URL as a base URL only
• Replace VLAYER_API_GATEWAY_KEY with WEB_PROVER_API_SECRET for API key auth across prove, verify, and compress routes
• Add 155s timeout to /prove fetch to prevent indefinite hangs during ZK proof generation
• Add detailed request/response logging to /api/prove for easier debugging

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
zk-github-verifier	Ready	Preview, Comment	May 15, 2026 2:27pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR migrates the application's prover API authentication from VLAYER_API_GATEWAY_KEY to WEB_PROVER_API_SECRET across three API routes (compress, prove, verify), updates all test environment configurations and GitHub Actions workflow, and increases test timeout limits. The prove route receives additional enhancements including request validation logging, upstream call timeout enforcement (155 seconds), response body preview logging, and refactored response handling that reads as text and parses JSON explicitly with dedicated error handling.

Possibly related PRs

• vlayer-xyz/zk-github-contribution-verifier#32: Both PRs directly swap the bearer-token environment variable used in API routes and workflow configuration, but in opposite directions; #32 performs the reverse migration.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'update routing for v2 api' is vague and uses generic terminology that doesn't clearly convey the specific technical changes made in the changeset.	Consider a more descriptive title such as 'Replace VLAYER_API_GATEWAY_KEY with WEB_PROVER_API_SECRET and refactor API routing' to better reflect the main changes.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is directly related to the changeset and accurately outlines the four main objectives addressed by the pull request.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/api/prove/route.ts`:
- Around line 109-111: The current error throw inside the response.ok check
leaks the full upstream responseText to clients; instead, log or record the full
responseText and any relevant details locally (e.g., via your logger or
console.error) and throw a sanitized error that only includes safe info such as
the HTTP status and a generic message. Update the block that checks response.ok
(the response/responseText handling) to stop embedding responseText in the
thrown Error, log the full payload internally, and rethrow a generic error like
"Upstream service error" with the status for client-facing output.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4daa82d4-ad50-4569-a8e8-d5cca828bbe6

📥 Commits

Reviewing files that changed from the base of the PR and between cbfaccd and c6b8a32.

📒 Files selected for processing (4)

• app/api/compress/route.ts
• app/api/prove/route.ts
• app/api/verify/route.ts
• next-env.d.ts

[AdamDawidKrol]

E2E tests are failing. @writersblockchain if you believe they shouldn't fail or if you need help with that, let me know :)

[writersblockchain]

E2E tests are failing. @writersblockchain if you believe they shouldn't fail or if you need help with that, let me know :)

They are passing locally. It is because of v2 api url that they are failing. Should we update to https://web-prover.production.vlayer.xyz/api/v2.0 ?

[AdamDawidKrol]

@writersblockchain Yes, let's try it on production.