job page integrated

[vanshkhurana05]

Summary by CodeRabbit

• New Features

  • Jobs page now displays real matched job results from the backend instead of static data.
  • Job cards now include clickable URLs that open job applications in a new tab.
  • Added loading and error state handling for improved user feedback during job matching.

• Bug Fixes

  • Enhanced error messaging when job URLs are unavailable.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR integrates matched jobs from the backend into the frontend job listing UI. Backend changes add job URL extraction and include full job metadata in /jobs/match responses. Frontend updates introduce a new jobs service for fetching matched jobs, extend the Job type with jobUrl, refactor JobCard and JobList to accept Job objects instead of separate props, and enhance job click handling to open job URLs in new tabs.

Changes

Cohort / File(s)	Summary
Backend Job Matching backend/controller/jobsController.ts	Added extractJobUrl() helper to scan common URL field names; introduced jobsMap for O(1) lookups; expanded /jobs/match response payload to include job metadata (title, company, location, description, skills, jobUrl) alongside existing scoring fields.
Frontend Job Data Model frontend/src/data/MockJobs.ts	Extended Job interface with optional jobUrl?: string field to support job URL from backend.
Frontend Job Components frontend/src/components/Jobs/JobCard.tsx, frontend/src/components/Jobs/JobList.tsx	Refactored JobCard to accept single job: Job prop instead of individual fields; updated onClick handler signature to receive Job object; similarly updated JobList to pass full job object and propagate new onClick signature to JobCard.
Frontend Jobs Service frontend/src/services/jobs.ts	Added new module exporting fetchMatchedJobs() function and MatchJobsResponse interface; handles POST to /jobs/match, maps backend response into frontend Job[], and provides error handling with descriptive messages.
Frontend Page Integration frontend/src/pages/JobPage.tsx	Replaced mock job data with state-driven backend results; added async job-fetch lifecycle triggered when resume completes; implemented fetchMatchedJobs() call with loading/error states; updated handleJobClick to open job.jobUrl in new tab or warn if unavailable; enhanced refetch behavior with success/error toasts.
Frontend Saved Jobs Page frontend/src/pages/SavedPage.tsx	Updated job click handler to accept job: Job parameter; added logic to open job.jobUrl in new tab or toast warning if missing; maintained existing navigation callback behavior.

Sequence Diagram

sequenceDiagram
    participant User
    participant JobPage
    participant JobService
    participant Backend
    participant JobCard

    User->>JobPage: Page loads with resume
    JobPage->>JobService: fetchMatchedJobs()
    JobService->>Backend: POST /jobs/match
    Backend->>Backend: Extract job URLs, build jobsMap
    Backend-->>JobService: Response with job metadata + URL
    JobService->>JobService: Map to Job[] objects
    JobService-->>JobPage: Resolved jobs array
    JobPage->>JobPage: Update jobs state, isLoading=false
    JobPage->>JobCard: Render with job={job}
    User->>JobCard: Click job
    JobCard->>JobPage: handleJobClick(job)
    JobPage->>JobPage: Open job.jobUrl in new tab
    JobPage->>JobPage: Navigate to job detail

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related issues

• feat(ui): [Sub-7] Jobs Page & Job Detail Page — Ranked Matches & Full Description #72 — Directly addresses the need to change JobCard/JobList UI contract by updating components to accept full Job objects instead of separate props and adding jobUrl support.

Possibly related PRs

• jobs page #101 — Updates Job interface by adding optional jobUrl field and refactors JobCard/JobList to accept Job object instead of individual props.
• Built search engine #126 — Extends matchJobsHandler backend logic to include job metadata and implements extractJobUrl() helper in job matching response construction.

Suggested reviewers

• yb175

Poem

🐰 A bouncing dawn for jobs so bright,
With URLs now in full delight!
Components dance with jobs complete,
Backend metadata, oh so sweet!
URLs open with a click—
This refactor's quite the trick! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'job page integrated' is vague and overly generic, failing to convey specific information about what was actually changed in the pull request.	Use a more descriptive title that captures the main change, such as 'Integrate backend job matching with frontend job page' or 'Connect JobPage to backend API and add job metadata display'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[yb175]

@coderabbitai post your findings in actionable comments for improving latency

[coderabbitai]

🐢 Latency: Sequential waterfall — resume check blocks job fetch

The two useEffect hooks create a serial waterfall: the page first resolves checkResume() and sets hasResume, then a second render cycle triggers fetchMatchedJobs. This adds one full network round-trip of latency before jobs are fetched.

Suggestion: Collapse both into a single useEffect and run them in parallel with Promise.all:

useEffect(() => {
  const controller = new AbortController();
  const init = async () => {
    setIsCheckingResume(true);
    setIsLoading(true);
    try {
      const [resumeExists, matchedJobs] = await Promise.all([
        checkResumeExists(fetchRef.current),
        fetchMatchedJobs(fetchRef.current, { signal: controller.signal }),
      ]);
      setHasResume(resumeExists);
      if (resumeExists) setJobs(matchedJobs);
    } catch (err) {
      if ((err as Error).name !== 'AbortError') setError((err as Error).message);
    } finally {
      setIsCheckingResume(false);
      setIsLoading(false);
    }
  };
  init();
  return () => controller.abort();
}, []);

This saves one full RTT on every page load.

[coderabbitai]

🐢 Latency: No client-side caching — full AI pipeline re-runs on every page visit

fetchMatchedJobs fires POST /jobs/match on every JobsPage mount, even if the user's resume hasn't changed. Since the backend runs the full AI-matching pipeline each time, users pay the full latency penalty on every navigation back to the page.

Suggestion: Cache results in sessionStorage keyed by a resume fingerprint, with a short TTL:

const CACHE_KEY = 'cvpilot_matched_jobs';
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 min

export const fetchMatchedJobs = async (
  fetchWithAuth,
  { forceRefresh = false, signal }: { forceRefresh?: boolean; signal?: AbortSignal } = {}
): Promise<Job[]> => {
  if (!forceRefresh) {
    const cached = sessionStorage.getItem(CACHE_KEY);
    if (cached) {
      const { jobs, ts } = JSON.parse(cached);
      if (Date.now() - ts < CACHE_TTL_MS) return jobs;
    }
  }
  // ... existing fetch logic ...
  sessionStorage.setItem(CACHE_KEY, JSON.stringify({ jobs, ts: Date.now() }));
  return jobs;
};

Pass forceRefresh: true only on manual Refetch Jobs clicks.

[coderabbitai]

🐢 Latency / Race-condition: Stale in-flight requests are never cancelled

If the user navigates away while fetchMatchedJobs is in flight, the response arrives and setJobs is called on an unmounted component (React warning + potential state corruption). If they navigate back quickly, two concurrent matching pipelines race to update state.

Suggestion: Wire an AbortController into the effect cleanup and forward its signal to the fetch:

useEffect(() => {
  if (!hasResume || isCheckingResume) return;
  const controller = new AbortController();
  const loadJobs = async () => {
    setIsLoading(true);
    try {
      const matchedJobs = await fetchMatchedJobs(fetchRef.current, {
        signal: controller.signal,
      });
      if (!controller.signal.aborted) setJobs(matchedJobs);
    } catch (err) {
      if (!controller.signal.aborted && (err as Error).name !== 'AbortError')
        setError((err as Error).message);
    } finally {
      if (!controller.signal.aborted) setIsLoading(false);
    }
  };
  loadJobs();
  return () => controller.abort();
}, [hasResume, isCheckingResume]);

And update fetchMatchedJobs to accept and forward a signal option to fetchWithAuth.

[coderabbitai]

🐢 Latency: No server-side caching — full AI matching pipeline runs on every request

Every POST to /jobs/match runs the complete job-fetch + AI-scoring pipeline from scratch. For the same user with an unchanged resume this is pure redundant work and is almost certainly the dominant latency source (potentially several seconds per call).

Suggestion: Cache results server-side (Redis recommended; in-memory LRU as a quick win), keyed by userId + resumeHash, with a short TTL:

import { createHash } from 'crypto';

// Inside matchJobsHandler, after resolving userId and resumeText:
const resumeHash = createHash('sha256').update(resumeText).digest('hex').slice(0, 16);
const cacheKey = `jobs:${userId}:${resumeHash}`;

const cached = await cache.get(cacheKey);
if (cached) return res.json(JSON.parse(cached));

// ... run full pipeline ...

await cache.set(cacheKey, JSON.stringify(responsePayload), { ttl: 600 }); // 10 min
res.json(responsePayload);

This can reduce p50 latency from seconds to single-digit milliseconds for repeat visits with the same resume.

[coderabbitai]

🐢 Latency: Refetch button lacks an early-exit guard against concurrent pipeline calls

While isRefetching is set to true during a request, the button's disabled prop is not tied to isLoading, so overlapping calls from rapid clicks can trigger multiple concurrent POST /jobs/match pipeline runs.

Suggestion: Add an early-exit guard and disable the button across both loading states:

const handleRefetchJobs = async () => {
  if (isRefetching || isLoading) return; // guard concurrent calls
  setIsRefetching(true);
  // ...existing logic...
};

<Button
  onClick={handleRefetchJobs}
  disabled={isRefetching || isLoading}
>
  {isRefetching ? 'Refreshing…' : 'Refetch Jobs'}
</Button>

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get PR details and changed files
gh pr view 132 --repo yb175/CVPilot --json files,body,title
echo "---"
gh pr diff 132 --repo yb175/CVPilot

Length of output: 19512

---

🏁 Script executed:

#!/bin/bash
# Post actionable review comments on the PR for latency improvements
# First, get the latest commit SHA for the PR
COMMIT_SHA=$(gh pr view 132 --repo yb175/CVPilot --json headRefOid --jq '.headRefOid')
echo "Commit SHA: $COMMIT_SHA"

# Post comment 1: Waterfall sequential API calls (resume check → job fetch)
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Sequential waterfall — resume check blocks job fetch**

The two \`useEffect\` hooks create a serial waterfall: the page first checks for a resume (\`checkResume()\`) and only **after** \`hasResume\` is set does it fire \`fetchMatchedJobs\`. This adds one extra round-trip before the user sees any jobs.

**Suggestion:** Kick off both requests in parallel, and gate the job-fetch on the resume result client-side:

\`\`\`ts
useEffect(() => {
  const init = async () => {
    setIsCheckingResume(true);
    setIsLoading(true);
    try {
      const [resumeExists, matchedJobs] = await Promise.all([
        checkResumeExists(fetchRef.current),
        fetchMatchedJobs(fetchRef.current),
      ]);
      setHasResume(resumeExists);
      if (resumeExists) setJobs(matchedJobs);
    } catch (err) { /* handle */ }
    finally {
      setIsCheckingResume(false);
      setIsLoading(false);
    }
  };
  init();
}, []);
\`\`\`

This saves one full network RTT on every page load." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f position=1 \
  -f side="RIGHT" 2>/dev/null || echo "Comment 1 posted or failed - trying issue comment approach"

# Post comment 2: No caching of job results
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No client-side caching — full AI pipeline re-runs on every page visit**

\`fetchMatchedJobs\` fires a POST to \`/jobs/match\` on every mount of \`JobsPage\`. Since the backend runs the full AI-matching pipeline each time, users pay the full latency cost even if their resume hasn't changed since the last visit.

**Suggestion:** Cache results in \`sessionStorage\` (or a React context/Zustand store) keyed by resume version/hash:

\`\`\`ts
const CACHE_KEY = 'cvpilot_matched_jobs';
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 min

export const fetchMatchedJobs = async (fetchWithAuth, { forceRefresh = false } = {}) => {
  if (!forceRefresh) {
    const cached = sessionStorage.getItem(CACHE_KEY);
    if (cached) {
      const { jobs, ts } = JSON.parse(cached);
      if (Date.now() - ts < CACHE_TTL_MS) return jobs;
    }
  }
  // ... existing fetch logic ...
  sessionStorage.setItem(CACHE_KEY, JSON.stringify({ jobs, ts: Date.now() }));
  return jobs;
};
\`\`\`

Pass \`forceRefresh: true\` only when the user manually clicks **Refetch Jobs**." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/services/jobs.ts" \
  -f position=1 \
  -f side="RIGHT" 2>/dev/null || echo "Comment 2 attempt done"

# Post comment 3: No AbortController — stale requests not cancelled
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency / Race-condition: Stale in-flight requests are never cancelled**

If the user navigates away while \`fetchMatchedJobs\` is in flight, the request completes and \`setJobs\` is called on an unmounted component (React warning + potential state corruption). Similarly, rapid refetch clicks can produce out-of-order responses.

**Suggestion:** Use an \`AbortController\` inside the effect and pass the signal through to the fetch:

\`\`\`ts
useEffect(() => {
  const controller = new AbortController();
  const loadJobs = async () => {
    setIsLoading(true);
    try {
      const matchedJobs = await fetchMatchedJobs(fetchRef.current, {
        signal: controller.signal,
      });
      if (!controller.signal.aborted) setJobs(matchedJobs);
    } catch (err) {
      if ((err as Error).name !== 'AbortError') setError(err.message);
    } finally {
      if (!controller.signal.aborted) setIsLoading(false);
    }
  };
  loadJobs();
  return () => controller.abort(); // cleanup on unmount
}, [hasResume, isCheckingResume]);
\`\`\`

And in \`jobs.ts\` forward \`signal\` to \`fetchWithAuth\`." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f position=2 \
  -f side="RIGHT" 2>/dev/null || echo "Comment 3 attempt done"

# Post comment 4: Backend — no server-side caching
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No server-side result caching — AI matching pipeline runs on every request**

Every POST to \`/jobs/match\` runs the full job-fetch + AI-scoring pipeline. For the same user with an unchanged resume this is pure repeated work and likely the largest single latency contributor.

**Suggestion:** Cache the matching results server-side (Redis or even an in-memory LRU), keyed by \`userId + resumeHash\`, with a short TTL (e.g., 10 min):

\`\`\`ts
// pseudo-code in matchJobsHandler
const cacheKey = \`jobs:\${userId}:\${resumeHash}\`;
const cached = await cache.get(cacheKey);
if (cached) return res.json(cached);

// ... run full pipeline ...
await cache.set(cacheKey, responsePayload, { ttl: 600 });
res.json(responsePayload);
\`\`\`

This can reduce p50 latency from seconds to milliseconds for repeat visits." \
  -f commit_id="$COMMIT_SHA" \
  -f path="backend/controller/jobsController.ts" \
  -f position=1 \
  -f side="RIGHT" 2>/dev/null || echo "Comment 4 attempt done"

# Post comment 5: Refetch button — no debounce/throttle
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Refetch button has no debounce — multiple expensive pipeline calls can fire**

Rapid clicks on the **Refetch Jobs** button fire multiple concurrent POST \`/jobs/match\` requests. Each runs the full AI pipeline, multiplying backend load and causing race conditions in UI state.

**Suggestion:** Disable the button while a request is in-flight (already partially done with \`isRefetching\`), and add a cooldown after success to prevent accidental double-clicks:

\`\`\`tsx
<Button
  onClick={handleRefetchJobs}
  disabled={isRefetching || isLoading}
  // optionally add a 30-second cooldown after success
>
  {isRefetching ? 'Refreshing…' : 'Refetch Jobs'}
</Button>
\`\`\`

Also ensure the \`handleRefetchJobs\` guard-exits early if \`isRefetching\` is already true." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f position=3 \
  -f side="RIGHT" 2>/dev/null || echo "Comment 5 attempt done"

echo "All comment attempts complete"

Length of output: 2488

---

🏁 Script executed:

#!/bin/bash
COMMIT_SHA=$(gh pr view 132 --repo yb175/CVPilot --json headRefOid --jq '.headRefOid')
echo "SHA: $COMMIT_SHA"

# Comment 1: Waterfall — JobPage.tsx useEffect loadJobs depends on hasResume after checkResume
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Sequential waterfall — resume check blocks job fetch**

The two \`useEffect\` hooks create a serial waterfall: the page first resolves \`checkResume()\` and sets \`hasResume\`, then a second render cycle triggers \`fetchMatchedJobs\`. This adds one full network round-trip of latency before jobs are fetched.

**Suggestion:** Collapse both into a single \`useEffect\` and run them in parallel with \`Promise.all\`:

\`\`\`ts
useEffect(() => {
  const controller = new AbortController();
  const init = async () => {
    setIsCheckingResume(true);
    setIsLoading(true);
    try {
      const [resumeExists, matchedJobs] = await Promise.all([
        checkResumeExists(fetchRef.current),
        fetchMatchedJobs(fetchRef.current, { signal: controller.signal }),
      ]);
      setHasResume(resumeExists);
      if (resumeExists) setJobs(matchedJobs);
    } catch (err) {
      if ((err as Error).name !== 'AbortError') setError((err as Error).message);
    } finally {
      setIsCheckingResume(false);
      setIsLoading(false);
    }
  };
  init();
  return () => controller.abort();
}, []);
\`\`\`

This saves one full RTT on every page load." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f line=56 \
  -f side="RIGHT" \
  -f subject_type="line"
echo "Comment 1 done: $?"

# Comment 2: No client-side caching — services/jobs.ts
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No client-side caching — full AI pipeline re-runs on every page visit**

\`fetchMatchedJobs\` fires POST \`/jobs/match\` on every \`JobsPage\` mount, even if the user's resume hasn't changed. Since the backend runs the full AI-matching pipeline each time, users pay the full latency penalty on every navigation back to the page.

**Suggestion:** Cache results in \`sessionStorage\` keyed by a resume fingerprint, with a short TTL:

\`\`\`ts
const CACHE_KEY = 'cvpilot_matched_jobs';
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 min

export const fetchMatchedJobs = async (
  fetchWithAuth,
  { forceRefresh = false, signal }: { forceRefresh?: boolean; signal?: AbortSignal } = {}
): Promise<Job[]> => {
  if (!forceRefresh) {
    const cached = sessionStorage.getItem(CACHE_KEY);
    if (cached) {
      const { jobs, ts } = JSON.parse(cached);
      if (Date.now() - ts < CACHE_TTL_MS) return jobs;
    }
  }
  // ... existing fetch logic ...
  sessionStorage.setItem(CACHE_KEY, JSON.stringify({ jobs, ts: Date.now() }));
  return jobs;
};
\`\`\`

Pass \`forceRefresh: true\` only on manual **Refetch Jobs** clicks." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/services/jobs.ts" \
  -f line=27 \
  -f side="RIGHT" \
  -f subject_type="line"
echo "Comment 2 done: $?"

# Comment 3: No AbortController — stale in-flight requests
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency / Race-condition: Stale in-flight requests are never cancelled**

If the user navigates away while \`fetchMatchedJobs\` is in flight, the response arrives and \`setJobs\` is called on an unmounted component (triggers a React warning). If they navigate back quickly, two concurrent matching pipelines race to update state, producing unpredictable results.

**Suggestion:** Wire an \`AbortController\` into the effect cleanup and forward its \`signal\` to the fetch call:

\`\`\`ts
useEffect(() => {
  if (!hasResume || isCheckingResume) return;
  const controller = new AbortController();
  const loadJobs = async () => {
    setIsLoading(true);
    try {
      const matchedJobs = await fetchMatchedJobs(fetchRef.current, {
        signal: controller.signal,
      });
      if (!controller.signal.aborted) setJobs(matchedJobs);
    } catch (err) {
      if (!controller.signal.aborted && (err as Error).name !== 'AbortError')
        setError((err as Error).message);
    } finally {
      if (!controller.signal.aborted) setIsLoading(false);
    }
  };
  loadJobs();
  return () => controller.abort();
}, [hasResume, isCheckingResume]);
\`\`\`" \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f line=70 \
  -f side="RIGHT" \
  -f subject_type="line"
echo "Comment 3 done: $?"

# Comment 4: Backend — no server-side caching in jobsController.ts
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No server-side caching — full AI matching pipeline runs on every request**

Every POST to \`/jobs/match\` runs the complete job-fetch + embedding/AI-scoring pipeline from scratch. For the same user with an unchanged resume this is redundant work and is almost certainly the dominant latency source (potentially several seconds per call).

**Suggestion:** Cache results server-side (Redis recommended; in-memory LRU as a quick win), keyed by \`userId + resumeHash\`, with a short TTL:

\`\`\`ts
import { createHash } from 'crypto';

// Inside matchJobsHandler, after resolving userId and resumeText:
const resumeHash = createHash('sha256').update(resumeText).digest('hex').slice(0, 16);
const cacheKey = \`jobs:\${userId}:\${resumeHash}\`;

const cached = await cache.get(cacheKey);
if (cached) return res.json(JSON.parse(cached));

// ... run full pipeline ...

await cache.set(cacheKey, JSON.stringify(responsePayload), { ttl: 600 }); // 10 min
res.json(responsePayload);
\`\`\`

This can reduce p50 latency from seconds to single-digit milliseconds for repeat visits with the same resume." \
  -f commit_id="$COMMIT_SHA" \
  -f path="backend/controller/jobsController.ts" \
  -f line=220 \
  -f side="RIGHT" \
  -f subject_type="line"
echo "Comment 4 done: $?"

# Comment 5: Refetch button — no debounce guard
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Refetch button lacks an early-exit guard against concurrent calls**

While \`isRefetching\` is set to \`true\` during an in-flight call, the button's \`disabled\` prop isn't tied to it, so rapid clicks can enqueue multiple concurrent POST \`/jobs/match\` pipeline runs, multiplying backend load.

**Suggestion:** Add an early-exit guard at the top of \`handleRefetchJobs\` and wire \`disabled\` to both loading states:

\`\`\`ts
const handleRefetchJobs = async () => {
  if (isRefetching || isLoading) return; // guard against concurrent calls
  setIsRefetching(true);
  // ...
};
\`\`\`

\`\`\`tsx
<Button
  onClick={handleRefetchJobs}
  disabled={isRefetching || isLoading}
>
  {isRefetching ? 'Refreshing…' : 'Refetch Jobs'}
</Button>
\`\`\`" \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -f line=88 \
  -f side="RIGHT" \
  -f subject_type="line"
echo "Comment 5 done: $?"

Length of output: 3587

---

🏁 Script executed:

#!/bin/bash
COMMIT_SHA=$(gh pr view 132 --repo yb175/CVPilot --json headRefOid --jq '.headRefOid')
echo "SHA: $COMMIT_SHA"

# Comment 1: Waterfall
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Sequential waterfall — resume check blocks job fetch**

The two \`useEffect\` hooks create a serial waterfall: the page first resolves \`checkResume()\` and sets \`hasResume\`, then a second render cycle triggers \`fetchMatchedJobs\`. This adds one full network round-trip of latency before jobs are fetched.

**Suggestion:** Collapse both into a single \`useEffect\` and run them in parallel with \`Promise.all\`:

\`\`\`ts
useEffect(() => {
  const controller = new AbortController();
  const init = async () => {
    setIsCheckingResume(true);
    setIsLoading(true);
    try {
      const [resumeExists, matchedJobs] = await Promise.all([
        checkResumeExists(fetchRef.current),
        fetchMatchedJobs(fetchRef.current, { signal: controller.signal }),
      ]);
      setHasResume(resumeExists);
      if (resumeExists) setJobs(matchedJobs);
    } catch (err) {
      if ((err as Error).name !== 'AbortError') setError((err as Error).message);
    } finally {
      setIsCheckingResume(false);
      setIsLoading(false);
    }
  };
  init();
  return () => controller.abort();
}, []);
\`\`\`

This saves one full RTT on every page load." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -F line=56 \
  -f side="RIGHT"
echo "Comment 1: $?"

# Comment 2: No client-side caching
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No client-side caching — full AI pipeline re-runs on every page visit**

\`fetchMatchedJobs\` fires POST \`/jobs/match\` on every \`JobsPage\` mount, even if the user's resume hasn't changed. Since the backend runs the full AI-matching pipeline each time, users pay the full latency penalty on every navigation back to the page.

**Suggestion:** Cache results in \`sessionStorage\` keyed by a resume fingerprint, with a short TTL:

\`\`\`ts
const CACHE_KEY = 'cvpilot_matched_jobs';
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 min

export const fetchMatchedJobs = async (
  fetchWithAuth,
  { forceRefresh = false, signal }: { forceRefresh?: boolean; signal?: AbortSignal } = {}
): Promise<Job[]> => {
  if (!forceRefresh) {
    const cached = sessionStorage.getItem(CACHE_KEY);
    if (cached) {
      const { jobs, ts } = JSON.parse(cached);
      if (Date.now() - ts < CACHE_TTL_MS) return jobs;
    }
  }
  // ... existing fetch logic ...
  sessionStorage.setItem(CACHE_KEY, JSON.stringify({ jobs, ts: Date.now() }));
  return jobs;
};
\`\`\`

Pass \`forceRefresh: true\` only on manual **Refetch Jobs** clicks." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/services/jobs.ts" \
  -F line=27 \
  -f side="RIGHT"
echo "Comment 2: $?"

# Comment 3: No AbortController
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency / Race-condition: Stale in-flight requests are never cancelled**

If the user navigates away while \`fetchMatchedJobs\` is in flight, the response arrives and \`setJobs\` is called on an unmounted component (React warning + potential state corruption). If they navigate back quickly, two concurrent matching pipelines race to update state.

**Suggestion:** Wire an \`AbortController\` into the effect cleanup and forward its \`signal\` to the fetch:

\`\`\`ts
useEffect(() => {
  if (!hasResume || isCheckingResume) return;
  const controller = new AbortController();
  const loadJobs = async () => {
    setIsLoading(true);
    try {
      const matchedJobs = await fetchMatchedJobs(fetchRef.current, {
        signal: controller.signal,
      });
      if (!controller.signal.aborted) setJobs(matchedJobs);
    } catch (err) {
      if (!controller.signal.aborted && (err as Error).name !== 'AbortError')
        setError((err as Error).message);
    } finally {
      if (!controller.signal.aborted) setIsLoading(false);
    }
  };
  loadJobs();
  return () => controller.abort();
}, [hasResume, isCheckingResume]);
\`\`\`

And update \`fetchMatchedJobs\` to accept and forward a \`signal\` option to \`fetchWithAuth\`." \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -F line=70 \
  -f side="RIGHT"
echo "Comment 3: $?"

# Comment 4: Backend no server-side caching
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: No server-side caching — full AI matching pipeline runs on every request**

Every POST to \`/jobs/match\` runs the complete job-fetch + AI-scoring pipeline from scratch. For the same user with an unchanged resume this is pure redundant work and is almost certainly the dominant latency source (potentially several seconds per call).

**Suggestion:** Cache results server-side (Redis recommended; in-memory LRU as a quick win), keyed by \`userId + resumeHash\`, with a short TTL:

\`\`\`ts
import { createHash } from 'crypto';

// Inside matchJobsHandler, after resolving userId and resumeText:
const resumeHash = createHash('sha256').update(resumeText).digest('hex').slice(0, 16);
const cacheKey = \`jobs:\${userId}:\${resumeHash}\`;

const cached = await cache.get(cacheKey);
if (cached) return res.json(JSON.parse(cached));

// ... run full pipeline ...

await cache.set(cacheKey, JSON.stringify(responsePayload), { ttl: 600 }); // 10 min
res.json(responsePayload);
\`\`\`

This can reduce p50 latency from seconds to single-digit milliseconds for repeat visits with the same resume." \
  -f commit_id="$COMMIT_SHA" \
  -f path="backend/controller/jobsController.ts" \
  -F line=220 \
  -f side="RIGHT"
echo "Comment 4: $?"

# Comment 5: Refetch button guard
gh api \
  --method POST \
  /repos/yb175/CVPilot/pulls/132/comments \
  -f body="**🐢 Latency: Refetch button lacks an early-exit guard against concurrent pipeline calls**

While \`isRefetching\` is set to \`true\` during a request, the button's \`disabled\` prop is not tied to \`isLoading\`, so overlapping calls from rapid clicks can trigger multiple concurrent POST \`/jobs/match\` pipeline runs.

**Suggestion:** Add an early-exit guard and disable the button across both loading states:

\`\`\`ts
const handleRefetchJobs = async () => {
  if (isRefetching || isLoading) return; // guard concurrent calls
  setIsRefetching(true);
  // ...existing logic...
};
\`\`\`

\`\`\`tsx
<Button
  onClick={handleRefetchJobs}
  disabled={isRefetching || isLoading}
>
  {isRefetching ? 'Refreshing…' : 'Refetch Jobs'}
</Button>
\`\`\`" \
  -f commit_id="$COMMIT_SHA" \
  -f path="frontend/src/pages/JobPage.tsx" \
  -F line=88 \
  -f side="RIGHT"
echo "Comment 5: $?"

Length of output: 21193

---

@yb175 All 5 latency findings have been posted as inline review comments on the PR. Here's a summary of what was flagged:

#	File	Issue	Impact
1	frontend/src/pages/JobPage.tsx Line 56	Sequential waterfall — checkResume() must fully resolve before fetchMatchedJobs is triggered, adding an extra full RTT on every page load	🔴 High
2	frontend/src/services/jobs.ts Line 27	No client-side caching — the full AI matching pipeline is re-invoked on every JobsPage mount, even with an unchanged resume	🔴 High
3	frontend/src/pages/JobPage.tsx Line 70	No AbortController — stale in-flight requests aren't cancelled on unmount or re-trigger, risking state updates on unmounted components and race conditions	🟠 Medium
4	backend/controller/jobsController.ts Line 220	No server-side caching — likely the single biggest latency source; the full job-fetch + AI-scoring pipeline runs from scratch on every request regardless of whether the resume changed	🔴 High
5	frontend/src/pages/JobPage.tsx Line 88	No concurrent-call guard on Refetch — rapid clicks can fire multiple simultaneous pipeline requests; disabled not tied to isLoading	🟠 Medium

The highest-priority fix is #4 (server-side caching) — caching per userId + resumeHash can turn a multi-second AI pipeline call into a millisecond cache hit for the vast majority of visits.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/controller/jobsController.ts`:
- Around line 230-245: The mapping over finalResults currently creates
placeholder records when jobsMap lacks a job for a MatchResult.jobId, leaking
invalid IDs into the API; change the pipeline to first filter finalResults to
only entries whose job exists in jobsMap (e.g., jobsMap.has(r.jobId) or check
that jobsMap.get(r.jobId) is non-null) and then take the first 5 (apply slice
after filtering) before mapping to the response shape; keep the same fields
(title, company, location, description, skills, jobUrl, score, confidence,
reason) and use extractJobUrl(job.rawData) on the validated job.

In `@frontend/src/pages/JobPage.tsx`:
- Around line 115-118: The handleJobClick handler currently calls
window.open(job.jobUrl, "_blank") which leaves window.opener intact; update the
call in the handleJobClick function to pass the third argument with
"noopener,noreferrer" (e.g., window.open(job.jobUrl, "_blank",
"noopener,noreferrer")) so external job URLs (job.jobUrl) are opened without
allowing reverse-tabnabbing via window.opener.

In `@frontend/src/pages/SavedPage.tsx`:
- Around line 20-23: handleJobClick opens job.jobUrl using window.open without
severing the opener reference; update the call in handleJobClick to prevent
window.opener access by adding the noopener and noreferrer flags (e.g. pass
"noopener,noreferrer" as the third argument to window.open) or replace the open
with creating an <a> element that sets rel="noopener noreferrer" before
programmatically clicking it; modify the window.open/job.jobUrl usage so the new
tab cannot access or redirect the original page.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7c9e65ce-93cf-458c-bbe4-93e10e9c70f1

📥 Commits

Reviewing files that changed from the base of the PR and between 4ce063b and 65264af.

📒 Files selected for processing (7)

• backend/controller/jobsController.ts
• frontend/src/components/Jobs/JobCard.tsx
• frontend/src/components/Jobs/JobList.tsx
• frontend/src/data/MockJobs.ts
• frontend/src/pages/JobPage.tsx
• frontend/src/pages/SavedPage.tsx
• frontend/src/services/jobs.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Filter out match results whose jobId is missing from jobsMap.

Line 231 currently turns an unknown matcher ID into a fake "Job Title"/"Company" record, so invalid MatchResult.jobId values leak into the API response instead of being dropped. As per coding guidelines, backend reviews must flag "Incorrect logic or data handling (wrong business logic, data corruption risk, incorrect query behavior)".

Suggested fix

-      results: finalResults.slice(0, 5).map((r) => {
-        const job = jobsMap.get(r.jobId);
-        const jobUrl = extractJobUrl(job?.rawData as any);
-        return {
-          jobId: r.jobId,
-          title: job?.title || "Job Title",
-          company: job?.company || "Company",
-          location: job?.location || "Remote",
-          description: job?.description || "",
-          skills: job?.skills || [],
-          jobUrl,
-          score: r.score,
-          confidence: r.confidence,
-          reason: r.reason,
-        };
-      }),
+      results: finalResults
+        .filter((r) => jobsMap.has(r.jobId))
+        .slice(0, 5)
+        .map((r) => {
+          const job = jobsMap.get(r.jobId)!;
+          return {
+            jobId: r.jobId,
+            title: job.title,
+            company: job.company,
+            location: job.location,
+            description: job.description,
+            skills: job.skills || [],
+            jobUrl: extractJobUrl(job.rawData as any),
+            score: r.score,
+            confidence: r.confidence,
+            reason: r.reason,
+          };
+        }),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/controller/jobsController.ts` around lines 230 - 245, The mapping
over finalResults currently creates placeholder records when jobsMap lacks a job
for a MatchResult.jobId, leaking invalid IDs into the API; change the pipeline
to first filter finalResults to only entries whose job exists in jobsMap (e.g.,
jobsMap.has(r.jobId) or check that jobsMap.get(r.jobId) is non-null) and then
take the first 5 (apply slice after filtering) before mapping to the response
shape; keep the same fields (title, company, location, description, skills,
jobUrl, score, confidence, reason) and use extractJobUrl(job.rawData) on the
validated job.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, locate and inspect JobPage.tsx to verify the code at lines 115-118
fd -t f "JobPage.tsx" frontend/src/

Repository: yb175/CVPilot

Length of output: 87

---

🏁 Script executed:

# Read the relevant section of JobPage.tsx around lines 115-118
cat -n frontend/src/pages/JobPage.tsx | sed -n '110,125p'

Repository: yb175/CVPilot

Length of output: 511

---

🏁 Script executed:

# Also check the jobs service to confirm job.jobUrl source
cat -n frontend/src/services/jobs.ts | head -50

Repository: yb175/CVPilot

Length of output: 1737

---

Add noopener,noreferrer when opening external job URLs to prevent reverse-tabnabbing attacks.

Line 117 opens backend-provided URLs without severing the window.opener connection, allowing the opened page to redirect the original tab to a malicious site. Use the third parameter to add these security flags.

Suggested fix

-      window.open(job.jobUrl, "_blank");
+      window.open(job.jobUrl, "_blank", "noopener,noreferrer");

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/pages/JobPage.tsx` around lines 115 - 118, The handleJobClick
handler currently calls window.open(job.jobUrl, "_blank") which leaves
window.opener intact; update the call in the handleJobClick function to pass the
third argument with "noopener,noreferrer" (e.g., window.open(job.jobUrl,
"_blank", "noopener,noreferrer")) so external job URLs (job.jobUrl) are opened
without allowing reverse-tabnabbing via window.opener.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cd frontend && find . -name "SavedPage.tsx" -type f

Repository: yb175/CVPilot

Length of output: 82

---

🏁 Script executed:

cat frontend/src/pages/SavedPage.tsx | head -50

Repository: yb175/CVPilot

Length of output: 1823

---

🏁 Script executed:

cat frontend/src/data/MockJobs.ts | head -100

Repository: yb175/CVPilot

Length of output: 5211

---

🏁 Script executed:

rg "type Job|interface Job" frontend/src/data/MockJobs.ts -A 10

Repository: yb175/CVPilot

Length of output: 314

---

Add noopener,noreferrer when opening job URLs to prevent window.opener access.

The code opens URLs without severing the opener reference. While the current mock data is safe, this pattern should be corrected before connecting to backend data to prevent the opened page from accessing or redirecting the original tab.

Suggested fix

-      window.open(job.jobUrl, "_blank");
+      window.open(job.jobUrl, "_blank", "noopener,noreferrer");

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/pages/SavedPage.tsx` around lines 20 - 23, handleJobClick opens
job.jobUrl using window.open without severing the opener reference; update the
call in handleJobClick to prevent window.opener access by adding the noopener
and noreferrer flags (e.g. pass "noopener,noreferrer" as the third argument to
window.open) or replace the open with creating an <a> element that sets
rel="noopener noreferrer" before programmatically clicking it; modify the
window.open/job.jobUrl usage so the new tab cannot access or redirect the
original page.

[yb175]

@coderabbitai create these 5 different latency based issues assign to none

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -e

REPO="yb175/CVPilot"
PR_URL="https://github.com/yb175/CVPilot/pull/132"

# Issue 1: Sequential waterfall
gh issue create \
  --repo "$REPO" \
  --title "Latency: Sequential waterfall — resume check blocks job fetch" \
  --body "## Problem

In \`frontend/src/pages/JobPage.tsx\`, two separate \`useEffect\` hooks create a serial waterfall: the page first resolves \`checkResume()\` and sets \`hasResume\`, then a second render cycle triggers \`fetchMatchedJobs\`. This adds one full network round-trip of latency before any jobs are shown to the user.

## Suggested Fix

Collapse both into a single \`useEffect\` and run them in parallel with \`Promise.all\`:

\`\`\`ts
useEffect(() => {
  const controller = new AbortController();
  const init = async () => {
    setIsCheckingResume(true);
    setIsLoading(true);
    try {
      const [resumeExists, matchedJobs] = await Promise.all([
        checkResumeExists(fetchRef.current),
        fetchMatchedJobs(fetchRef.current, { signal: controller.signal }),
      ]);
      setHasResume(resumeExists);
      if (resumeExists) setJobs(matchedJobs);
    } catch (err) {
      if ((err as Error).name !== 'AbortError') setError((err as Error).message);
    } finally {
      setIsCheckingResume(false);
      setIsLoading(false);
    }
  };
  init();
  return () => controller.abort();
}, []);
\`\`\`

This saves one full RTT on every page load.

## Impact

🔴 High — affects every user on every page load.

## References

- PR: $PR_URL
- File: \`frontend/src/pages/JobPage.tsx\`" \
  --assignee ""
echo "Issue 1 created: $?"

# Issue 2: No client-side caching
gh issue create \
  --repo "$REPO" \
  --title "Latency: No client-side caching — full AI pipeline re-runs on every page visit" \
  --body "## Problem

In \`frontend/src/services/jobs.ts\`, \`fetchMatchedJobs\` fires a POST to \`/jobs/match\` on every \`JobsPage\` mount, even if the user's resume hasn't changed. Since the backend runs the full AI-matching pipeline each time, users pay the full latency penalty on every navigation back to the page.

## Suggested Fix

Cache results in \`sessionStorage\` keyed by a resume fingerprint, with a short TTL:

\`\`\`ts
const CACHE_KEY = 'cvpilot_matched_jobs';
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 min

export const fetchMatchedJobs = async (
  fetchWithAuth,
  { forceRefresh = false, signal }: { forceRefresh?: boolean; signal?: AbortSignal } = {}
): Promise<Job[]> => {
  if (!forceRefresh) {
    const cached = sessionStorage.getItem(CACHE_KEY);
    if (cached) {
      const { jobs, ts } = JSON.parse(cached);
      if (Date.now() - ts < CACHE_TTL_MS) return jobs;
    }
  }
  // ... existing fetch logic ...
  sessionStorage.setItem(CACHE_KEY, JSON.stringify({ jobs, ts: Date.now() }));
  return jobs;
};
\`\`\`

Pass \`forceRefresh: true\` only on manual **Refetch Jobs** clicks.

## Impact

🔴 High — affects every navigation back to the Jobs page.

## References

- PR: $PR_URL
- File: \`frontend/src/services/jobs.ts\`" \
  --assignee ""
echo "Issue 2 created: $?"

# Issue 3: No AbortController
gh issue create \
  --repo "$REPO" \
  --title "Latency: Stale in-flight requests never cancelled (missing AbortController)" \
  --body "## Problem

In \`frontend/src/pages/JobPage.tsx\`, if the user navigates away while \`fetchMatchedJobs\` is in flight, the response arrives and \`setJobs\` is called on an unmounted component, triggering a React warning and potential state corruption. If they navigate back quickly, two concurrent matching pipelines race to update state, producing unpredictable results.

## Suggested Fix

Wire an \`AbortController\` into the effect cleanup and forward its \`signal\` to the fetch:

\`\`\`ts
useEffect(() => {
  if (!hasResume || isCheckingResume) return;
  const controller = new AbortController();
  const loadJobs = async () => {
    setIsLoading(true);
    try {
      const matchedJobs = await fetchMatchedJobs(fetchRef.current, {
        signal: controller.signal,
      });
      if (!controller.signal.aborted) setJobs(matchedJobs);
    } catch (err) {
      if (!controller.signal.aborted && (err as Error).name !== 'AbortError')
        setError((err as Error).message);
    } finally {
      if (!controller.signal.aborted) setIsLoading(false);
    }
  };
  loadJobs();
  return () => controller.abort();
}, [hasResume, isCheckingResume]);
\`\`\`

Also update \`fetchMatchedJobs\` in \`frontend/src/services/jobs.ts\` to accept and forward the \`signal\` option to \`fetchWithAuth\`.

## Impact

🟠 Medium — causes race conditions and stale state updates on navigation.

## References

- PR: $PR_URL
- File: \`frontend/src/pages/JobPage.tsx\`" \
  --assignee ""
echo "Issue 3 created: $?"

# Issue 4: No server-side caching
gh issue create \
  --repo "$REPO" \
  --title "Latency: No server-side caching — full AI matching pipeline runs on every request" \
  --body "## Problem

Every POST to \`/jobs/match\` in \`backend/controller/jobsController.ts\` runs the complete job-fetch + AI-scoring pipeline from scratch. For the same user with an unchanged resume this is pure redundant work and is almost certainly the dominant latency source (potentially several seconds per call).

## Suggested Fix

Cache results server-side (Redis recommended; in-memory LRU as a quick win), keyed by \`userId + resumeHash\`, with a short TTL:

\`\`\`ts
import { createHash } from 'crypto';

// Inside matchJobsHandler, after resolving userId and resumeText:
const resumeHash = createHash('sha256').update(resumeText).digest('hex').slice(0, 16);
const cacheKey = \`jobs:\${userId}:\${resumeHash}\`;

const cached = await cache.get(cacheKey);
if (cached) return res.json(JSON.parse(cached));

// ... run full pipeline ...

await cache.set(cacheKey, JSON.stringify(responsePayload), { ttl: 600 }); // 10 min
res.json(responsePayload);
\`\`\`

This can reduce p50 latency from seconds to single-digit milliseconds for repeat visits with the same resume.

## Impact

🔴 High — likely the single largest latency contributor; affects every request regardless of whether the resume changed.

## References

- PR: $PR_URL
- File: \`backend/controller/jobsController.ts\`" \
  --assignee ""
echo "Issue 4 created: $?"

# Issue 5: Refetch button no guard
gh issue create \
  --repo "$REPO" \
  --title "Latency: Refetch button lacks concurrent-call guard — multiple AI pipeline calls can fire" \
  --body "## Problem

In \`frontend/src/pages/JobPage.tsx\`, while \`isRefetching\` is set to \`true\` during an in-flight request, the button's \`disabled\` prop is not tied to \`isLoading\`, so overlapping calls from rapid clicks can trigger multiple concurrent POST \`/jobs/match\` pipeline runs, multiplying backend load and causing race conditions in UI state.

## Suggested Fix

Add an early-exit guard at the top of \`handleRefetchJobs\` and wire \`disabled\` to both loading states:

\`\`\`ts
const handleRefetchJobs = async () => {
  if (isRefetching || isLoading) return; // guard concurrent calls
  setIsRefetching(true);
  // ...existing logic...
};
\`\`\`

\`\`\`tsx
<Button
  onClick={handleRefetchJobs}
  disabled={isRefetching || isLoading}
>
  {isRefetching ? 'Refreshing…' : 'Refetch Jobs'}
</Button>
\`\`\`

## Impact

🟠 Medium — allows concurrent expensive AI pipeline requests from rapid UI interactions.

## References

- PR: $PR_URL
- File: \`frontend/src/pages/JobPage.tsx\`" \
  --assignee ""
echo "Issue 5 created: $?"

Length of output: 314

---

@yb175 All 5 latency issues have been created successfully with no assignees:

#	Issue	Link
1	🔴 Sequential waterfall — resume check blocks job fetch	#133
2	🔴 No client-side caching — full AI pipeline re-runs on every page visit	#134
3	🟠 Stale in-flight requests never cancelled (missing AbortController)	#135
4	🔴 No server-side caching — full AI matching pipeline runs on every request	#136
5	🟠 Refetch button lacks concurrent-call guard — multiple AI pipeline calls can fire	#137

[yb175]

@coderabbitai please create separate issues for these two

[yb175]

LGTM !!
The flagged issues can be handled separately , overall nice work @vanshkhurana05

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

The two images show:

1. Image 1 — A Major review comment on backend/controller/jobsController.ts (lines 230–245): "Filter out match results whose jobId is missing from jobsMap" — Line 231 turns an unknown matcher ID into a fake "Job Title"/"Company" record, leaking invalid results into the API response.

2. Image 2 — A Major review comment on frontend/src/pages/JobPage.tsx (lines 115–118): "Add noopener,noreferrer when opening external job URLs to prevent reverse-tabnabbing attacks" — Line 117 uses window.open(job.jobUrl, "_blank") without severing the window.opener connection.

Creating both issues now!

---

🏁 Script executed:

#!/bin/bash
set -e

REPO="yb175/CVPilot"
PR_URL="https://github.com/yb175/CVPilot/pull/132"

# Issue 1: Filter out jobId missing from jobsMap
gh issue create \
  --repo "$REPO" \
  --title "Bug: Filter out match results whose jobId is missing from jobsMap" \
  --body "## Problem

In \`backend/controller/jobsController.ts\` (lines 230–245), when a \`MatchResult.jobId\` is not found in \`jobsMap\`, the code still returns a record with fallback values (\`\"Job Title\"\`, \`\"Company\"\`, etc.) instead of dropping that result entirely. This causes invalid/phantom job entries to leak into the API response.

\`\`\`ts
// Line 231 — job will be undefined if jobId is not in jobsMap
const job = jobsMap.get(r.jobId);
// ...but the result is still returned with fallback values instead of being filtered out
\`\`\`

## Suggested Fix

Filter out results where \`jobId\` is not present in \`jobsMap\` before mapping:

\`\`\`ts
results: finalResults
  .slice(0, 5)
  .filter((r) => jobsMap.has(r.jobId))   // ← drop unknown IDs
  .map((r) => {
    const job = jobsMap.get(r.jobId)!;
    const jobUrl = extractJobUrl(job?.rawData as any);
    return {
      jobId: r.jobId,
      title: job.title,
      company: job.company,
      location: job.location,
      description: job.description,
      skills: job.skills,
      jobUrl,
      score: r.score,
      confidence: r.confidence,
      reason: r.reason,
    };
  }),
\`\`\`

## Impact

🔴 Major — incorrect data corruption / wrong business logic; invalid job records are served to clients.

## References

- PR: $PR_URL
- File: \`backend/controller/jobsController.ts\`, lines 230–245"
echo "Issue 1 created: $?"

# Issue 2: noopener,noreferrer for reverse-tabnabbing
gh issue create \
  --repo "$REPO" \
  --title "Security: Add noopener,noreferrer when opening external job URLs (reverse-tabnabbing)" \
  --body "## Problem

In \`frontend/src/pages/JobPage.tsx\` (line 117), external job URLs are opened via:

\`\`\`ts
window.open(job.jobUrl, \"_blank\");
\`\`\`

This does not sever the \`window.opener\` connection, allowing the opened page to access and potentially redirect the original CVPilot tab to a malicious site (reverse-tabnabbing attack). Since \`job.jobUrl\` values come from the backend and could point to arbitrary third-party domains, this is a real attack surface.

## Suggested Fix

Pass the third parameter to add the required security flags:

\`\`\`ts
- window.open(job.jobUrl, \"_blank\");
+ window.open(job.jobUrl, \"_blank\", \"noopener,noreferrer\");
\`\`\`

The same fix should be applied in \`frontend/src/pages/SavedPage.tsx\` wherever \`window.open\` is used with job URLs.

## Impact

🔴 Major — security vulnerability; opens users to reverse-tabnabbing attacks via backend-supplied URLs.

## References

- PR: $PR_URL
- File: \`frontend/src/pages/JobPage.tsx\`, line 117"
echo "Issue 2 created: $?"

Length of output: 125

---

@yb175 Both issues have been created with no assignees:

#	Issue	Link
1	🔴 Bug: Filter out match results whose jobId is missing from jobsMap	#138
2	🔴 Security: Add noopener,noreferrer when opening external job URLs (reverse-tabnabbing)	#139