Developer Tools & Infrastructure

Last updated Jun 2026

Project Overview & FAQ

Overview

RepoLens is a GitHub repository analytics tool that provides detailed insights into any public or private repository. I built it to solve the problem of quickly understanding a codebase's composition - how much code exists, what languages are used, who contributes, and how active development has been. The tool targets developers who want to evaluate repositories before contributing, hiring managers assessing candidate portfolios, and project maintainers who want to showcase their work with embeddable statistics widgets.

Key Features

Repository Analysis

Analyze any GitHub repository by entering its URL or selecting from your own repositories. The tool fetches and displays total lines of code, additions/deletions from recent commits, language breakdown by bytes, commit history with per-commit stats, and contributor information.

Interactive Visualizations

The code frequency chart shows additions and deletions over the past year using an area chart with gradient fills. The language breakdown displays a horizontal bar with color-coded segments matching GitHub's language colors. All visualizations are responsive and animate on load.

Embeddable Widgets

Generate SVG images that can be embedded directly in README files. Three widget types are available: repository stats (stars, forks, watchers, issues), code stats (lines, additions, deletions, commits), and language breakdown. Widgets support dark and light themes and are cached at the CDN edge for fast loading.

Info Hub & Interactive Widget Guide

A public /about page documents what RepoLens is, how its stats are computed (including the honest accuracy caveats for large repositories), and the engineering choices behind it. Its centerpiece is an interactive widget gallery: the three badges render live for a sample repository, a dark/light toggle re-themes them instantly, and a per-widget "Show code" disclosure reveals copy-paste Markdown and HTML snippets that work for any public repo. A collapsible FAQ rounds out the page.

GitHub OAuth Integration

Sign in with GitHub to access private repositories and get a dedicated 5,000 requests/hour limit. (Anonymous visitors already get a shared 5,000/hr through the proxy, but it's pooled and throttled per IP.) Authentication uses NextAuth v5 with JWT sessions - no credentials are stored on any server.

User Dashboard

Authenticated users get a dedicated dashboard at /dashboard showing their repositories sorted by last update, with quick-analyze buttons. The dashboard supports search, pagination, refresh, and includes private repositories.

Dynamic Repo Pages

Each repository analysis has its own URL at /repo/[owner]/[name], making results deep-linkable, shareable, and bookmarkable. Both authenticated and unauthenticated users can access these pages.

Privacy-First Design

The application never stores user credentials or access tokens in a database. All authentication happens through GitHub OAuth, and tokens exist only in browser sessions. Users can revoke access at any time through their GitHub settings.

Technical Highlights

GraphQL + REST Hybrid API Strategy

The most significant optimization is the hybrid GitHub API approach. Fetching commit history used to require 51+ REST API calls (1 for the commit list + 1 per commit for details). I replaced this with a single GraphQL query that returns everything in one call — a ~98% reduction in API consumption. The system falls back to REST if GraphQL fails, and can calculate approximate code frequency from commit data when the statistics API returns 422 for large repos.

Handling GitHub's lazy statistics API

GitHub serves /stats/code_frequency lazily: the first request for an uncached repo returns HTTP 202 (computing) or an empty series, and repos over ~10k commits return 422 outright. Rather than stalling on "Statistics unavailable", deriveCodeFrequencyFallback renders a stand-in chart immediately from the per-commit additions/deletions already in hand. Client-side polling with exponential backoff (3s, 6s, 12s, 24s, 48s) still runs — but only when the series is genuinely pending and the commit-derived estimate doesn't already cover the repo's full history, so small repos render complete data and skip polling entirely.

Accurate line totals with honest labeling

"Total lines of code" is a derived metric, and the naive version — summing the ~100 commits in the display list — silently undercounts any repo with real history. When GitHub serves the full /stats/code_frequency weekly series, the total is the exact net (additions − deletions) across the repo's entire history. When it won't (422 on large repos, or still computing), the code pages commit history via GraphQL up to 2,500 commits and sums real per-commit deltas. The key is that the result never lies about its own precision: FullRepoAnalysis carries totalLinesIsEstimated and totalLinesCommitsCovered, and estimateCoversFullHistory(covered, total) promotes an estimate to an exact figure only when coverage provably reaches the repo's full commit count. The UI surfaces "estimate from N commits" rather than presenting an approximation as ground truth.

Zero-fetch live widget previews

The /about widget gallery shows the three embed badges working in real time, but it ships no new data-fetching code. Because the /api/embed/* endpoints already return rendered SVG, each preview is just an <img> whose src points at the endpoint; the dark/light toggle simply rewrites the theme query param and the browser re-fetches. The Markdown/HTML snippets and preview URLs come from a single set of pure builders in features/about/widgets.ts (embedSrc, markdownSnippet, htmlSnippet), so what the visitor copies is guaranteed to match what they previewed. This keeps the interactive guide essentially free — no API routes, no client fetch logic, no extra rate-limit pressure.

Feature-Sliced Component Architecture

Components are organized by domain: layout/ for page structure, ui/ for reusable primitives (Card with variant system, LoadingSkeleton), features/ for domain-specific components (about, stats, commits, contributors, repos), and specialized directories for embed and effects. A barrel export enables clean imports from @/components.

Typed Caching with TTL

The caching layer uses a generic Cache<T> class with configurable TTL and max size. Pre-configured instances (repoCache, statsCache) cache unauthenticated requests to ease pressure on the proxy's shared, per-IP-throttled budget. Expired entries are cleaned up automatically.

Server-Side Route Protection

The dashboard uses a Next.js server-side layout guard (dashboard/layout.tsx) that checks authentication via auth() and redirects unauthenticated users. This pattern keeps the auth check on the server, avoiding client-side flash.

Zod Validation at API Boundaries

All API inputs pass through Zod schemas that handle multiple GitHub URL formats (full URLs, owner/repo, with or without .git). Validation happens only at system boundaries — internal code trusts validated data.

Edge-Rendered Embed Images

The embed endpoints use Next.js's Edge runtime with next/og (Satori) to generate images on-demand. These are cached at the CDN edge for 1 hour (s-maxage=3600), which means the first request generates the image and subsequent requests are served instantly from cache. Shared utilities in lib/embed-utils.tsx keep the embed routes DRY.

Parallel API Fetching

To minimize latency, I fetch repository info, languages, commits, code frequency, and contributors in parallel using Promise.all(). This reduces total request time significantly compared to sequential fetching, though it does consume more of the API rate limit per analysis.

SEO & Static Image Optimization

I replaced the dynamically generated OG image, favicon, and Apple icon (which used edge ImageResponse to produce the same image on every request) with pre-rendered static PNGs. This eliminates unnecessary edge compute. I also added robots.txt, sitemap.xml, JSON-LD structured data (WebApplication + per-page WebPage), and per-page generateMetadata() for dynamic repo routes — which required splitting the repo page into a server component (for metadata) and a client component (for the interactive UI).

Engineering Decisions

GraphQL for commits, REST for everything else

Constraint: Unauthenticated users only get 60 GitHub requests/hour, and the old commit-detail loop burned 51 calls per analysis.
Options: All-REST (simple but expensive), all-GraphQL (one query but requires schema work for every endpoint), or hybrid.
Choice: Hybrid — GraphQL only for commit history, REST (via Octokit) for repo info, languages, contributors, and code frequency.
Why: Commit detail was the dominant cost. Moving that one path to GraphQL cut API consumption ~98% per analysis while keeping the rest of the codebase on the well-typed Octokit client. GraphQL falls back to REST if it fails, so reliability is preserved.

No database, JWT-only auth

Constraint: I wanted users to access private repos via OAuth without taking on user-data liability.
Options: Persist tokens in Postgres/Redis, store them in encrypted cookies, or keep them in signed JWTs only.
Choice: NextAuth v5 with JWT sessions — tokens live in the signed JWT, never written to a database.
Why: No database means no breach surface for stolen tokens, no GDPR concerns, no infra to run. Users revoke access through GitHub. The trade-off is no cross-device session state, which doesn't matter for this product.

Static OG/favicon over dynamic `ImageResponse`

Constraint: The original icon.tsx, apple-icon.tsx, and opengraph-image.tsx regenerated identical images on every cold start via Satori.
Options: Keep dynamic generation (no maintenance, costs edge compute), bake static PNGs (cheaper, requires manual regeneration on rebrand), or pre-render at build time.
Choice: Static PNGs in public/ for OG, favicon, and Apple icon. Kept dynamic generation only for the per-repo embed widgets where the image actually varies.
Why: The brand image never changes; running Satori on every request was waste. Embed widgets do vary per repo, so dynamic generation stays there — cached at the edge for 1 hour to amortize the cost.

Server/client split on the repo page

Constraint: Dynamic /repo/[owner]/[name] routes needed per-page generateMetadata() (server-only) plus interactive charts (client-only).
Options: Make the whole page a client component and lose dynamic OG/SEO, or split it.
Choice: page.tsx is a server component that exports generateMetadata() and JSON-LD, then renders RepoPageClient.tsx for the interactive UI.
Why: Search engines and social cards see real titles and descriptions per repository; users still get the client-side fetching and chart interactions. The split is mechanical and low-cost.

Frequently Asked Questions

Q: Why do some repositories show "Statistics unavailable"?

A: GitHub's statistics API has limitations. Repositories with over 10,000 commits may not have computed statistics available. Additionally, when you first request stats for a repository that hasn't been analyzed recently, GitHub needs time to compute them - the app will automatically poll until they're ready. For large repos, the app now falls back to calculating approximate code frequency from commit data.

Q: How accurate is the "Total Lines" count?

A: It depends on what GitHub will serve. When GitHub provides the full /stats/code_frequency series, the total is the exact net of additions minus deletions across the repository's entire history — not an estimate. When that series is unavailable (large repos return 422, or it's still computing on first request), the app pages commit history through GraphQL up to 2,500 commits and sums the real per-commit line changes. In that case the number is labeled as an estimate and shows how many commits it covers, and it's only promoted back to "exact" if that coverage spans the repo's full commit count. The one thing it won't do is present an approximation as if it were authoritative.

Q: Why should I sign in with GitHub?

A: Signing in provides three benefits: access to your private repositories, a dedicated 5,000 requests/hour limit (anonymous use shares a pooled, per-IP-throttled 5,000/hr through the proxy), and a personal dashboard showing all your repos with quick-analyze buttons.

Q: How can anonymous visitors analyze repos without hitting GitHub's 60/hour limit?

A: When configured, unauthenticated requests are routed through a companion Cloudflare Worker proxy that fronts GitHub with a read-only token, so anonymous visitors share the authenticated 5,000/hour budget. The token never reaches the browser — it lives only as a Worker secret — and the worker enforces an origin allowlist, a per-IP rate limit, and read-only access so it can't be abused as an open relay. Signing in still gives you your own dedicated limit and private-repo access.

Q: Is my GitHub data stored anywhere?

A: No. The application uses OAuth tokens that exist only in your browser session. I don't have a database, and your credentials never touch my servers beyond the initial OAuth handshake with GitHub.

Q: Can I embed widgets for private repositories?

A: No, embed widgets only work for public repositories. This is because the embed endpoints don't have access to user authentication - they fetch data anonymously from GitHub's public API.

Q: Why are embed images sometimes slow to load?

A: The first request for a new embed generates the image on-demand and may take 1-2 seconds. Subsequent requests within an hour are served from CDN cache and load instantly. If you're seeing consistently slow loads, GitHub's API might be rate-limited.

Q: How do I customize the embed widget appearance?

A: You can customize widgets with URL parameters: ?theme=dark or ?theme=light for color scheme, and ?hideRepoName=true to show only the stats without the repository name header.

Q: What's the difference between the three widget types?

A: Stats shows social metrics (stars, forks, watchers, issues). Code Stats shows development metrics (lines, additions, deletions, commits). Languages shows the top programming languages used in the repository with their percentages.

Q: Can I self-host RepoLens?

A: Yes! The project is designed to be self-hostable. You'll need to create your own GitHub OAuth App and set the required environment variables. It can be deployed to any platform that supports Next.js, including Vercel, Netlify, Railway, or your own server.

Q: Why do some language colors not match GitHub?

A: I maintain a static mapping of language colors based on GitHub's linguist library. If a language isn't in my mapping, it falls back to a default gray color. The mapping covers all common languages but may miss some obscure ones.

Q: How does the GraphQL optimization work?

A: Instead of making one REST call per commit to get detailed stats (additions, deletions, file changes), the app sends a single GraphQL query that fetches all commit details at once. For the default display list of up to 100 commits, this collapses what would be 100+ REST calls into one. The same query paginates with cursor-based after/endCursor (GitHub caps each history page at 100) to deepen further when computing line totals for repos GitHub won't serve statistics for. The REST API is used as a fallback if GraphQL is unavailable.

Q: What's the difference between the public page and the dashboard?

A: The public page at / lets anyone analyze a repo by URL. The dashboard at /dashboard is for authenticated users and shows all their GitHub repos (including private ones) with one-click analysis. Both eventually land on the same /repo/[owner]/[name] page for results.

Limitations

Large repos: GitHub's statistics API can struggle with repositories over 10,000 commits, though the GraphQL fallback handles most cases
Rate limiting: Unauthenticated traffic shares the proxy's pooled 5,000/hr budget and is throttled per IP; without the proxy configured it falls back to GitHub's 60/hr anonymous limit
Stats computation time: First-time analysis of a repository may require waiting for GitHub to compute statistics
Embed privacy: Widgets only work for public repositories
Chart window: The code-frequency chart displays the last 52 weeks for readability — line totals are computed over full history, but the visualization is intentionally scoped to the past year

Technology Stack

Frontend

Technology	Version	Purpose
Next.js	15.3.7	React framework with App Router, server components, and API routes
React	19.2.6	UI component library with latest concurrent features
TypeScript	5.9.3	Type safety and improved developer experience
Tailwind CSS	3.4.16	Utility-first styling with custom GitHub-inspired theme
Recharts	2.15.0	Interactive data visualizations for code frequency charts
Lucide React	0.468.0	Modern icon library with consistent design

Backend

Technology	Version	Purpose
Next.js API Routes	15.3.7	Serverless API endpoints for repo analysis
NextAuth.js (Auth.js)	5.0.0-beta.25	GitHub OAuth authentication
Octokit	21.0.2	Official GitHub REST API client
GitHub GraphQL API	v4	Efficient commit history fetching (1 call vs 51+)
Zod	4.3.5	Runtime validation for API inputs
next/og (Satori)	Built-in	SVG-to-image generation for embed widgets (OG/favicon are static PNGs)

Infrastructure & Deployment

Service	Purpose
Vercel	Hosting with edge functions, automatic deployments
Vercel Edge Network	CDN for static assets and cached embed images
GitHub OAuth	Authentication provider
GitHub API	Data source for repository statistics (REST + GraphQL)

Vercel Configuration

Region: iad1 (US East) for optimal GitHub API latency
Function Duration: 30 seconds max for API routes
Edge Runtime: Used for embed image generation routes

Key Dependencies Explained

@octokit/rest (v21.0.2)

I chose Octokit as the GitHub API client because:

It's the official SDK maintained by GitHub
Provides TypeScript definitions out of the box
Handles authentication, rate limiting headers, and pagination
Abstracts away the complexity of the REST API

GitHub GraphQL API

I added GraphQL alongside REST to optimize the most expensive operation — commit history:

A single GraphQL query replaces 51+ REST API calls for fetching commit details
Reduces rate limit consumption by ~98% for the commit-fetching path
Falls back to REST automatically if GraphQL fails
Pages history with cursor-based after/endCursor (GitHub caps history(first:) at 100 per page) to deepen up to ~2,500 commits when GitHub won't serve /stats/code_frequency — used to compute accurate line totals for repos where the statistics API returns 422

Cloudflare Worker GitHub proxy (optional)

When NEXT_PUBLIC_GITHUB_PROXY_URL is set, unauthenticated and embed requests are routed through a companion Cloudflare Worker instead of calling GitHub directly:

Lifts anonymous users from GitHub's 60/hr cap to the authenticated 5,000/hr limit without exposing a token
The token lives only as a Worker secret; the worker enforces an origin allowlist, a per-IP Durable Object rate limit, and read-only access
Server-side callers authenticate with the server-only GITHUB_PROXY_SECRET via proxyAuthHeaders() (lib/proxy-auth.ts); browser callers are authorized by Origin, so the secret never enters the client bundle

next-auth (v5.0.0-beta.25)

I'm using the v5 beta of NextAuth (now Auth.js) because:

Native App Router support with server-side auth checks
Simplified configuration compared to v4
JWT-based sessions without database dependency
Easy access token extraction for API calls
Type-safe session augmentation via next-auth.d.ts

zod (v4.3.5)

I added Zod for API input validation because:

Runtime type checking at API boundaries complements TypeScript's compile-time checks
Supports complex validation (GitHub URL parsing with multiple formats)
Produces clear, user-friendly error messages
Schema-first approach documents expected inputs

recharts (v2.15.0)

I selected Recharts for data visualization because:

React-native components that integrate well with the stack
Responsive by default with ResponsiveContainer
Good documentation and TypeScript support
Customizable tooltips and legends

lucide-react (v0.468.0)

Lucide provides the iconography because:

Consistent, clean design language
Tree-shakeable - only imports icons used
Drop-in replacement for Feather icons
Active maintenance and regular updates

Development Dependencies

Technology	Version	Purpose
ESLint	9.16.0	Code linting with Next.js config
eslint-config-next	15.3.7	Next.js-specific ESLint rules
PostCSS	8.5.10	CSS processing for Tailwind
Autoprefixer	10.4.20	Automatic vendor prefixes
Vitest	4.0.18	Unit test runner (jsdom + Testing Library)
@types/node	22.10.2	Node.js type definitions
@types/react	19.2.15	React type definitions
@types/react-dom	19.2.3	React DOM type definitions

Runtime Requirements

Node.js: >= 18.17.0 (required for Next.js 15)
npm: Package management (lock file included)

Environment Variables

Variable	Required	Description
`AUTH_GITHUB_ID`	Yes	GitHub OAuth App Client ID
`AUTH_GITHUB_SECRET`	Yes	GitHub OAuth App Client Secret
`AUTH_SECRET`	Yes	Random string for JWT signing
`NEXT_PUBLIC_SITE_URL`	No	Site URL for OpenGraph metadata
`NEXT_PUBLIC_GITHUB_PROXY_URL`	No	Cloudflare Worker proxy URL; routes unauthenticated requests for a 5,000/hr shared limit
`GITHUB_PROXY_SECRET`	No	Server-only shared secret for proxy auth (must match the worker); never `NEXT_PUBLIC`

Build & Runtime

Development

npm run dev          # Start with Turbopack

Production

npm run build        # Next.js production build
npm run start        # Start production server

Linting

npm run lint         # ESLint check

Design System

I implemented a custom GitHub-inspired dark theme using Tailwind CSS:

colors: {
  github: {
    dark: '#0d1117',      // Main background
    darker: '#010409',    // Darker accents
    border: '#30363d',    // Border color
    accent: '#238636',    // Primary green
    'accent-hover': '#2ea043',
    muted: '#8b949e',     // Secondary text
    link: '#58a6ff',      // Links
    text: '#c9d1d9',      // Primary text
    card: '#161b22',      // Card backgrounds
  }
}

Typography

Sans-serif: Inter for UI text
Monospace: JetBrains Mono for code/data

Custom CSS Features

Glass morphism card effects with backdrop blur
Animated gradient backgrounds
Staggered fade-in animations for stats
Custom scrollbar styling
Hover lift effects on stat cards
Slow pulse, gradient, and float animations via extended keyframes

Component Library

The ui/ directory provides a reusable component system:

Card — Compound component (Card, CardHeader, CardTitle, CardContent, CardFooter) with default, glass, and stat variants
LoadingSkeleton — Full-page spinner, card skeleton, and stats grid skeleton
RepoInput — Form with URL parsing and validation
PrivacyNotice — Dismissable privacy disclosure banner

Architecture Overview

System Architecture Diagram

graph TB
    subgraph Client["Client Layer"]
        Browser[Web Browser]
        URL[URL Parameters]
    end

    subgraph Frontend["Frontend - Next.js 15 App Router"]
        SessionCtx[SessionProvider<br/>Auth Context]

        subgraph Pages["Pages"]
            PublicPage["(public)/page.tsx<br/>Repo Search"]
            Dashboard["dashboard/page.tsx<br/>User Dashboard"]
            RepoPage["repo/[owner]/[name]/page.tsx<br/>Server Component + Metadata<br/>→ RepoPageClient.tsx"]
        end

        subgraph Components["Components"]
            subgraph Layout["layout/"]
                Header[Header]
                Footer[Footer]
            end
            subgraph UIComp["ui/"]
                Card[Card]
                RepoInput[RepoInput]
                LoadingSkeleton[LoadingSkeleton]
                PrivacyNotice[PrivacyNotice]
            end
            subgraph Features["features/"]
                StatsOverview[stats/StatsOverview]
                LanguageBreakdown[stats/LanguageBreakdown]
                CodeFrequency[stats/CodeFrequencyChart]
                CommitHistory[commits/CommitHistory]
                Contributors[contributors/ContributorsList]
                UserRepos[repos/UserReposList]
            end
            subgraph EmbedComp["embed/"]
                EmbedShare[EmbedShare Modal]
            end
            subgraph Effects["effects/"]
                Particles[ParticleBackground]
            end
        end
    end

    subgraph API["API Layer - Next.js Route Handlers"]
        AuthRoute["/api/auth/[...nextauth]"<br/>NextAuth Handlers]
        RepoRoute["/api/repo"<br/>Repository Analysis]
        StatsRoute["/api/repo/stats"<br/>Stats Polling]
        UserReposRoute["/api/user/repos"<br/>User Repositories]

        subgraph Embed["Embed Image Generation"]
            EmbedStats["/api/embed/stats"]
            EmbedCodeStats["/api/embed/code-stats"]
            EmbedLangs["/api/embed/languages"]
        end
    end

    subgraph Services["Service Layer"]
        GitHubLib[lib/github.ts<br/>GitHub API Wrapper<br/>REST + GraphQL]
        AuthConfig[auth.ts<br/>NextAuth Configuration]
        CacheLib[lib/cache.ts<br/>TTL Cache]
        Validations[lib/validations.ts<br/>Zod Schemas]
        FormatLib[lib/format.ts<br/>Formatting Utils]
        EmbedUtils[lib/embed-utils.tsx<br/>Embed Widget Helpers]
        StructuredData[lib/structured-data.ts<br/>JSON-LD Schemas]
    end

    subgraph External["External Services"]
        GitHubREST[GitHub REST API<br/>via Octokit]
        GitHubGraphQL[GitHub GraphQL API]
        GitHubOAuth[GitHub OAuth<br/>Authentication]
        Vercel[Vercel Edge Network<br/>CDN + Hosting]
    end

    Browser --> Pages
    URL --> Pages
    SessionCtx --> Pages
    Pages --> Components

    PublicPage --> RepoRoute
    Dashboard --> UserReposRoute
    RepoPage --> RepoRoute
    CodeFrequency --> StatsRoute
    Pages --> AuthRoute

    RepoRoute --> GitHubLib
    RepoRoute --> Validations
    StatsRoute --> GitHubLib
    UserReposRoute --> GitHubLib

    AuthRoute --> AuthConfig
    AuthConfig --> GitHubOAuth

    GitHubLib --> GitHubREST
    GitHubLib --> GitHubGraphQL
    GitHubLib --> CacheLib

    Embed --> GitHubREST
    Embed --> EmbedUtils
    Embed --> Vercel

    RepoRoute --> CacheLib

Routing Architecture

graph LR
    subgraph Public["Public Routes"]
        Home["/ — Repo search + analysis"]
        About["/about — Info hub: how-it-works, widget guide, FAQ"]
    end

    subgraph Protected["Protected Routes"]
        DashboardRoute["/dashboard — User repos"]
    end

    subgraph Dynamic["Dynamic Routes"]
        RepoRoute["/repo/[owner]/[name] — Repo stats"]
    end

    subgraph APIRoutes["API Routes"]
        Auth["/api/auth/*"]
        Repo["/api/repo"]
        Stats["/api/repo/stats"]
        UserRepos["/api/user/repos"]
        EmbedAPI["/api/embed/*"]
    end

    Home -->|Sign in| DashboardRoute
    DashboardRoute -->|Select repo| RepoRoute
    Home -->|Enter URL| RepoRoute
    DashboardRoute -->|Auth guard| Home

    RepoRoute --> Repo
    RepoRoute --> Stats
    DashboardRoute --> UserRepos
    Home --> Repo

Data Flow Diagram

sequenceDiagram
    participant User
    participant Browser
    participant NextJS as Next.js App
    participant API as API Routes
    participant Cache as TTL Cache
    participant GitHub as GitHub API

    User->>Browser: Enter repository URL
    Browser->>NextJS: Navigate / Submit form
    NextJS->>API: POST /api/repo

    alt Unauthenticated Request
        API->>Cache: Check cache
        alt Cache Hit
            Cache-->>API: Return cached data
        else Cache Miss
            API->>GitHub: Fetch via Cloudflare proxy (shared 5000 req/hr, per-IP throttled)
            Note over API,GitHub: REST for repo info + GraphQL for commits
            GitHub-->>API: Repository stats
            API->>Cache: Store result (10 min TTL)
        end
    else Authenticated Request
        API->>GitHub: Fetch directly with user token (5000 req/hr limit)
        Note over API,GitHub: REST for repo info + GraphQL for commits
        GitHub-->>API: Repository stats + private repos
    end

    API-->>NextJS: Analysis results
    NextJS-->>Browser: Render visualizations

    Note over Browser,NextJS: Code frequency may need polling

    opt Stats Computing (202 response)
        Browser->>API: Poll /api/repo/stats
        API->>GitHub: Retry stats request
        GitHub-->>API: Stats ready or 202
        API-->>Browser: Data or retry signal
    end

Component Architecture

components/
├── index.ts                    # Barrel exports for clean imports
├── layout/                     # Page structure components
│   ├── Header.tsx              # Navigation, auth state, branding
│   └── Footer.tsx              # Attribution and tech stack info
├── ui/                         # Reusable atomic UI components
│   ├── Card.tsx                # Card system (default/glass/stat variants)
│   ├── LoadingSkeleton.tsx     # Loading states, spinners, skeletons
│   ├── RepoInput.tsx           # Repository URL input form
│   └── PrivacyNotice.tsx       # Privacy disclosure banner
├── features/                   # Domain-specific feature components
│   ├── about/
│   │   ├── AboutContent.tsx        # Assembles the /about info hub
│   │   ├── AboutIntro.tsx          # "What is RepoLens" section
│   │   ├── HowItWorks.tsx          # Methodology + engineering notes
│   │   ├── WidgetGuide.tsx         # Interactive embed-widget guide
│   │   ├── FaqAccordion.tsx        # Collapsible FAQ
│   │   └── widgets.ts              # Widget metadata + snippet builders
│   ├── stats/
│   │   ├── StatsOverview.tsx       # Stars, forks, watchers grid
│   │   ├── LanguageBreakdown.tsx   # Color-coded language bar
│   │   └── CodeFrequencyChart.tsx  # Additions/deletions area chart
│   ├── commits/
│   │   └── CommitHistory.tsx       # Commit log with details
│   ├── contributors/
│   │   └── ContributorsList.tsx    # Top contributors grid
│   └── repos/
│       └── UserReposList.tsx       # User's repo dashboard
├── embed/
│   └── EmbedShare.tsx          # Widget embed code generator modal
└── effects/
    └── ParticleBackground.tsx  # Animated background particles

Key Architectural Decisions

1. Next.js 15 App Router with Route Groups

I chose Next.js 15's App Router because it provides the best developer experience for a React application that needs both client-side interactivity and server-side data fetching. The refactored routing uses:

Route groups (public) for unauthenticated pages without affecting URLs
Server-side layout guards in /dashboard/layout.tsx for protected routes
Dynamic segments /repo/[owner]/[name] for deep-linkable repo analyses
Turbopack for faster development builds

2. Feature-Sliced Component Architecture

Components are organized by domain rather than flat in a single directory:

layout/ — structural components that appear on every page
ui/ — generic, reusable atomic components (Card, LoadingSkeleton)
features/ — domain-specific components grouped by feature area
embed/ and effects/ — specialized concerns
A barrel export (index.ts) enables clean imports from @/components

3. GraphQL + REST Hybrid API Strategy

The GitHub integration now uses both REST and GraphQL APIs:

GraphQL fetches commit history in a single call (replacing 51+ REST calls), and pages with cursor-based after/endCursor to deepen up to 2,500 commits when accurate line totals are needed
REST handles repo info, languages, contributors, and code frequency
Fallback chain: GraphQL → REST → calculated approximation for code frequency
This hybrid approach dramatically reduces API rate limit consumption

4. Cloudflare Worker Proxy for Unauthenticated Access

Anonymous visitors would otherwise hit GitHub's 60 requests/hour cap almost immediately. When NEXT_PUBLIC_GITHUB_PROXY_URL is configured, the GitHub client (lib/github.ts) and the embed data layer route unauthenticated calls through a companion Cloudflare Worker that fronts GitHub with a read-only token:

Anonymous users share the authenticated 5,000/hr limit (the worker throttles per IP via a Durable Object) instead of 60/hr
The token never reaches the client — it lives only as a Worker secret
useProxy = !accessToken && !!GITHUB_PROXY_URL, so authenticated users still call GitHub directly with their own token
Server-side calls (API routes, embed/OG generation) authenticate to the proxy with the server-only GITHUB_PROXY_SECRET, attached by proxyAuthHeaders() (lib/proxy-auth.ts); browser calls are authorized by Origin instead, so the secret never ships in the client bundle

5. Edge Runtime for Embed Image Generation

The embed routes (/api/embed/*) use the Edge runtime with next/og (Satori) for SVG-to-image generation. I made this choice because:

Edge functions have lower cold start times than serverless functions
Image generation needs to be fast for README embeds
CDN caching at the edge reduces API calls significantly
The 1-hour cache (s-maxage=3600) balances freshness with performance

6. Typed In-Memory Caching with TTL

The caching layer was extracted into a dedicated generic Cache<T> class in lib/cache.ts:

Type-safe with generics — repoCache and statsCache are pre-configured instances
Configurable TTL (10 min for repos, 10 min for stats) and max size (100/50 entries)
Automatic cleanup of expired entries
Only used for unauthenticated requests, easing pressure on the proxy's shared, per-IP-throttled budget

7. Zod Validation at API Boundaries

All API route inputs are validated with Zod schemas in lib/validations.ts:

RepoRequestSchema handles multiple GitHub URL formats (owner/repo, full URLs, etc.)
StatsRequestSchema validates stats polling requests
Clear, user-friendly error messages via formatZodError()
Validation at the boundary only — internal code trusts validated data

8. Client-Side Authentication State with NextAuth v5

I use NextAuth v5 (Auth.js) with the GitHub provider for authentication. The access token is stored in the JWT and passed to the client session. Key reasons:

No database required — tokens exist only in signed JWTs
Privacy-first approach — no credentials stored server-side
The repo scope allows access to private repositories
Session data is available on both client and server via SessionProvider

9. Parallel Data Fetching

In lib/github.ts, I fetch repository data, languages, commits, code frequency, and contributors in parallel using Promise.all(). This significantly reduces total request time compared to sequential fetching, though it increases API usage per request.

10. Progressive Enhancement for Statistics

GitHub's statistics API returns 202 while stats compute (and 422 for very large repos). Rather than blocking the UI or showing an empty chart, I:

Render a stand-in code-frequency series immediately, derived from the per-commit additions/deletions already fetched (deriveCodeFrequencyFallback)
Poll with exponential backoff (3s, 6s, 12s, 24s, 48s) on the client — but only when the series is genuinely pending and the commit-derived estimate doesn't already cover the repo's full history
Deepen line totals by paginating GraphQL commit history up to 2,500 commits when GitHub won't serve /stats/code_frequency
Use a fallback endpoint for contributors if stats aren't ready

11. URL-Based State Management

Repository selection is reflected in the URL via dynamic routes (/repo/[owner]/[name]) and query params (?repo=owner/repo). This enables:

Shareable links to specific repository analyses
Browser history navigation
Bookmarkable results
SEO benefits for public repository pages

12. SEO Infrastructure

I added a comprehensive SEO layer to improve discoverability:

Static OG/favicon images — replaced dynamic edge-generated ImageResponse icons with pre-rendered PNGs in public/, eliminating unnecessary edge compute for images that never change
robots.ts — allows /, disallows /api/ and /dashboard, references sitemap
sitemap.ts — includes the static pages (homepage and /about); dynamic repo pages are effectively infinite and discovered organically
JSON-LD structured data — WebApplication schema on every page via root layout, WebPage schema on individual repo pages via lib/structured-data.ts
Per-page metadata — the repo page uses a server/client split so the server component can export generateMetadata() with dynamic title, description, and OG tags for each owner/name combination
Dashboard noindex — the protected dashboard has robots: { index: false, follow: false } to prevent accidental crawling

Back to All Projects

RepoLens