Smart Pantry
Smart Pantry is an AI-assisted pantry management application designed to help users organize household inventory, track item quantities, and improve replenishment decisions with a modern, responsive web interface.
The project combines a React + Vite frontend with Supabase (database/auth/serverless) and Gemini-powered features.
Project origin and collaboration model
The initial version of this application was generated in Google AI Studio.
All subsequent iterations, refinements, and ongoing development interactions are being carried out through Codex.
Architecture direction (Quick and pragmatic approach: Supabase + a serverless layer)
This repository now follows a Quick and pragmatic approach for backend evolution:
- Keep Supabase as the backend platform (Auth + Postgres).
- Move AI calls to a secure server-side layer using Supabase Edge Functions.
- Keep the frontend focused on UI and interaction logic.
Implemented in this iteration:
supabase/functions/ai-suggestions/index.ts: Edge Function to call Gemini securely with server-sideGEMINI_API_KEY.supabase/functions/voice-assistant/index.ts: Edge Function for voice assistant AI calls with token quota enforcement.services/gemini.ts: frontend calls only theai-suggestionsEdge Function using Supabase session auth.services/voiceAssistant.ts: frontend calls only thevoice-assistantEdge Function for voice AI responses.- UI refactor with reusable components in
components/for easier maintenance.
Frontend code organization
To improve maintainability, parts of the monolithic UI were extracted into dedicated components:
components/BottomNav.tsxcomponents/VoiceAssistantOverlay.tsxcomponents/ProductFormModal.tsx
This is the first step toward a fuller feature-based modular structure.
Run locally
Prerequisites: Node.js
- Install dependencies:
npm install - Create a
.envfile (you can copy.env.example) and set:VITE_SUPABASE_URLVITE_SUPABASE_ANON_KEY
- Start the development server:
npm run dev
Supabase Edge Function (AI)
Function path:
supabase/functions/ai-suggestions/index.ts
Expected server secret in Supabase environment:
GEMINI_API_KEYALLOWED_ORIGINS(comma-separated list of trusted frontend origins, e.g.https://app.example.com,https://staging.example.com)AI_USER_DAILY_TOKEN_LIMIT(optional default per-user token limit in rolling 24h for AI functions)AI_USER_DAILY_TOKEN_LIMIT_AI_SUGGESTIONS(optional override forai-suggestions)AI_USER_DAILY_TOKEN_LIMIT_VOICE_ASSISTANT(optional override forvoice-assistant)AI_PROJECT_KILL_SWITCH(true/false; whentrue, blocks all AI requests globally)AI_PROJECT_DAILY_TOKEN_LIMIT(optional global token budget in rolling 24h)AI_IP_RATE_LIMIT_WINDOW_SECONDS(optional, default60)AI_IP_RATE_LIMIT_MAX_REQUESTS(optional, default30)
Suggested deployment command (Supabase CLI):
supabase functions deploy ai-suggestionssupabase functions deploy voice-assistant
AI usage & limits
- The frontend calls AI only through Supabase Edge Function
ai-suggestions; there is no direct Gemini call or AI API key in client code. - Set
GEMINI_API_KEYas a Supabase Function Secret (for example:supabase secrets set GEMINI_API_KEY=...). - Current MVP limit: 12,000 tokens per user in a rolling 24h window for
ai-suggestionsandvoice-assistant. - Global governance is also available via env vars: project kill-switch, project daily token budget, and per-IP rate limiting.
- To adjust per-user limits, configure Supabase Function Secrets (
AI_USER_DAILY_TOKEN_LIMITand optional per-feature overrides) and redeploy.
Voice AI token governance
For voice-driven AI usage control, see the implementation guide at:
docs/token-control-voice.md
Supabase RLS hardening (next step)
For production, do not keep permissive ALLOW ALL policies.
A secure starter policy set is available at:
supabase/rls_policies.sql
It enforces access by authenticated user (auth.uid()) and pantry ownership/collaboration boundaries.