Enhanced validation to catch malformed responses early:
- Validate total_count is non-negative number
- Verify total_count matches embedding_models.length
- Validate first model has required fields (id, provider, dimensions)
- Check dimensions are positive numbers
- Validate provider names are from expected set
- Provide specific error messages for each validation failure
Prevents caching invalid data and provides better debugging information.
Addresses CodeRabbit nitpick comment on PR #852🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implemented comprehensive validation to prevent crashes from corrupted cache:
- Created isCacheEntry() type guard to validate cache structure
- Parse JSON into unknown type (TypeScript strict mode compliant)
- Validate timestamp is number and data has OpenRouterModelListResponse shape
- Validate each model has all required fields with correct types
- Remove corrupted cache entries to avoid repeated failures
- No 'any' types used, full strict mode compliance
Prevents crashes from malformed cache data while maintaining type safety.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
1. Lazy initialization of baseUrl via getBaseUrl() method
- Allows API URL to be updated at runtime without stale URL issues
2. Runtime validation of API response structure
- Validates embedding_models array exists before caching
- Prevents invalid responses from being cached
Addresses CodeRabbit nitpick comments on PR #852🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added 'openrouter' to embedding_capable_providers set in credential_service.py
to prevent it from being rejected and falling back to OpenAI.
Fixes: 'Invalid embedding provider openrouter doesn't support embeddings' error
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed grid-cols-3 to grid-cols-4 for embedding provider selection
so all 4 embedding-capable providers (OpenAI, Google, OpenRouter, Ollama)
fit on one line, matching the chat provider layout.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements OpenRouter as an embedding provider option, enabling access to multiple
embedding models (OpenAI, Google Gemini, Qwen3, Mistral) through a single API key.
Backend changes:
- Add validate_openrouter_api_key() for API key validation (sk-or-v1- format)
- Add OpenRouterErrorAdapter for error sanitization
- Add openrouter to valid providers in llm_provider_service
- Create openrouter_discovery_service with hardcoded model list
- Create /api/openrouter/models endpoint for model discovery
- Register OpenRouter router in FastAPI main app
Frontend changes:
- Create openrouterService.ts for model discovery API client
- Add OpenRouter to RAGSettings.tsx provider options
- Configure default models with provider prefix (openai/text-embedding-3-small)
- Add OpenRouter to embedding-capable providers list
Documentation:
- Update .env.example with OPENROUTER_API_KEY documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Use context.startup_time for consistent uptime tracking
- Prefer context.startup_time when available (matches MCP health_check tool)
- Fallback to module-level _server_start_time during startup
- Add exc_info=True to exception logging for full stack traces
- Follows coding guidelines for error message preservation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add missing HTTP /health endpoint to MCP server to support the
HTTP-based health monitoring system introduced in commit 987c874.
Background:
After removing Docker socket monitoring for security (CVE-2025-9074),
the backend API switched to HTTP health checks. However, the MCP
server only exposed MCP tools via the MCP protocol, causing 404
errors when the API tried to check /health.
Changes:
- Add Starlette Request/JSONResponse imports for HTTP handling
- Implement http_health_endpoint() async function
- Track server uptime using module-level _server_start_time
- Register /health endpoint using FastMCP's custom_route decorator
- Return proper JSON response with success, status, uptime_seconds
Response format:
{
"success": true,
"status": "ready",
"uptime_seconds": <number>,
"timestamp": "<ISO timestamp>"
}
Testing:
- Direct endpoint: curl http://localhost:8051/health
- Via API: curl http://localhost:8181/api/mcp/status
- UI MCP Status Dashboard now displays properly
Fixes: MCP server 404 errors and UI error state
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Change uptime_seconds check from falsy to "is not None"
- Preserve 0 uptime for freshly-launched MCP servers
- Add test case for zero uptime edge case
Bug: Previously treated 0 as falsy, returning None instead of 0
Fix: Only return None when uptime_seconds is actually None
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace Docker socket-based MCP status monitoring with HTTP health checks
- Remove Docker socket volume mount from docker-compose.yml (CVE-2025-9074 - CVSS 9.3)
- Add MCPMonitoringConfig for secure-by-default HTTP mode
- Make docker dependency optional in pyproject.toml
- Add ENABLE_DOCKER_SOCKET_MONITORING env var for backward compatibility
- Implement get_container_status_http() using httpx for health checks
- Add comprehensive test suite (13 tests, 100% passing)
- Update .env.example with security documentation
Security Benefits:
- Eliminates root-equivalent host access vulnerability
- Prevents container escape attacks
- Portable across Docker, Kubernetes, and bare metal
- Defaults to secure mode, legacy Docker mode optional
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added a dropdown field to allow bug reporters to specify which branch they are using (stable or main), with stable as the default. This will help with debugging and tracking branch-specific issues.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add archon_configured_repositories table migration with production-ready sandbox type constraints
- Implement SupabaseWorkOrderRepository for CRUD operations with comprehensive error handling
- Add defensive validation in _row_to_model with detailed logging for invalid enum values
- Implement granular exception handling (409 duplicates, 422 validation, 502 GitHub API errors)
- Document async/await pattern for interface consistency across repository implementations
- Add Supabase health check to verify table existence
- Expand test coverage from 10 to 17 tests with error handling and edge case validation
- Add supabase dependency to agent-work-orders group
- Enable ENABLE_AGENT_WORK_ORDERS flag in docker-compose for production deployment
Add ENABLE_AGENT_WORK_ORDERS configuration flag to allow disabling the agent work orders microservice. Service discovery now gracefully handles unavailable services, and health checks return appropriate status when feature is disabled.
Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add WorkOrderLogsPanel with SSE streaming support
- Add RealTimeStats component for live metrics
- Add useWorkOrderLogs hook for SSE log streaming
- Add useLogStats hook for real-time statistics
- Update WorkOrderDetailView to display logs panel
- Add comprehensive tests for new components
- Configure Vite test environment
- Move sse-starlette from base dependencies to agent-work-orders group
- Keep structlog in agent-work-orders group (already there)
- Update lockfile accordingly
- Change from fixed backend/frontend ports to 10-port ranges per work order
- Support 20 concurrent work orders (200 ports: 9000-9199)
- Add port availability checking with flexible allocation
- Make git_worktree default sandbox type
- Standardize API routes with /api/ prefix
- Add comprehensive port allocation tests
- Update environment file generation with PORT_0-PORT_9 variables
- Maintain backward compatibility with BACKEND_PORT/FRONTEND_PORT aliases
Aligns test expectations with the llms.txt specification which uses
'pages' rather than 'files' terminology. The implementation correctly
uses "llms_txt_with_linked_pages" - this updates the test to match.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
