1. Lazy initialization of baseUrl via getBaseUrl() method
- Allows API URL to be updated at runtime without stale URL issues
2. Runtime validation of API response structure
- Validates embedding_models array exists before caching
- Prevents invalid responses from being cached
Addresses CodeRabbit nitpick comments on PR #852🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added 'openrouter' to embedding_capable_providers set in credential_service.py
to prevent it from being rejected and falling back to OpenAI.
Fixes: 'Invalid embedding provider openrouter doesn't support embeddings' error
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed grid-cols-3 to grid-cols-4 for embedding provider selection
so all 4 embedding-capable providers (OpenAI, Google, OpenRouter, Ollama)
fit on one line, matching the chat provider layout.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements OpenRouter as an embedding provider option, enabling access to multiple
embedding models (OpenAI, Google Gemini, Qwen3, Mistral) through a single API key.
Backend changes:
- Add validate_openrouter_api_key() for API key validation (sk-or-v1- format)
- Add OpenRouterErrorAdapter for error sanitization
- Add openrouter to valid providers in llm_provider_service
- Create openrouter_discovery_service with hardcoded model list
- Create /api/openrouter/models endpoint for model discovery
- Register OpenRouter router in FastAPI main app
Frontend changes:
- Create openrouterService.ts for model discovery API client
- Add OpenRouter to RAGSettings.tsx provider options
- Configure default models with provider prefix (openai/text-embedding-3-small)
- Add OpenRouter to embedding-capable providers list
Documentation:
- Update .env.example with OPENROUTER_API_KEY documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Use context.startup_time for consistent uptime tracking
- Prefer context.startup_time when available (matches MCP health_check tool)
- Fallback to module-level _server_start_time during startup
- Add exc_info=True to exception logging for full stack traces
- Follows coding guidelines for error message preservation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add missing HTTP /health endpoint to MCP server to support the
HTTP-based health monitoring system introduced in commit 987c874.
Background:
After removing Docker socket monitoring for security (CVE-2025-9074),
the backend API switched to HTTP health checks. However, the MCP
server only exposed MCP tools via the MCP protocol, causing 404
errors when the API tried to check /health.
Changes:
- Add Starlette Request/JSONResponse imports for HTTP handling
- Implement http_health_endpoint() async function
- Track server uptime using module-level _server_start_time
- Register /health endpoint using FastMCP's custom_route decorator
- Return proper JSON response with success, status, uptime_seconds
Response format:
{
"success": true,
"status": "ready",
"uptime_seconds": <number>,
"timestamp": "<ISO timestamp>"
}
Testing:
- Direct endpoint: curl http://localhost:8051/health
- Via API: curl http://localhost:8181/api/mcp/status
- UI MCP Status Dashboard now displays properly
Fixes: MCP server 404 errors and UI error state
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Change uptime_seconds check from falsy to "is not None"
- Preserve 0 uptime for freshly-launched MCP servers
- Add test case for zero uptime edge case
Bug: Previously treated 0 as falsy, returning None instead of 0
Fix: Only return None when uptime_seconds is actually None
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace Docker socket-based MCP status monitoring with HTTP health checks
- Remove Docker socket volume mount from docker-compose.yml (CVE-2025-9074 - CVSS 9.3)
- Add MCPMonitoringConfig for secure-by-default HTTP mode
- Make docker dependency optional in pyproject.toml
- Add ENABLE_DOCKER_SOCKET_MONITORING env var for backward compatibility
- Implement get_container_status_http() using httpx for health checks
- Add comprehensive test suite (13 tests, 100% passing)
- Update .env.example with security documentation
Security Benefits:
- Eliminates root-equivalent host access vulnerability
- Prevents container escape attacks
- Portable across Docker, Kubernetes, and bare metal
- Defaults to secure mode, legacy Docker mode optional
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added a dropdown field to allow bug reporters to specify which branch they are using (stable or main), with stable as the default. This will help with debugging and tracking branch-specific issues.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add archon_configured_repositories table migration with production-ready sandbox type constraints
- Implement SupabaseWorkOrderRepository for CRUD operations with comprehensive error handling
- Add defensive validation in _row_to_model with detailed logging for invalid enum values
- Implement granular exception handling (409 duplicates, 422 validation, 502 GitHub API errors)
- Document async/await pattern for interface consistency across repository implementations
- Add Supabase health check to verify table existence
- Expand test coverage from 10 to 17 tests with error handling and edge case validation
- Add supabase dependency to agent-work-orders group
- Enable ENABLE_AGENT_WORK_ORDERS flag in docker-compose for production deployment
Add ENABLE_AGENT_WORK_ORDERS configuration flag to allow disabling the agent work orders microservice. Service discovery now gracefully handles unavailable services, and health checks return appropriate status when feature is disabled.
Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
- Add WorkOrderLogsPanel with SSE streaming support
- Add RealTimeStats component for live metrics
- Add useWorkOrderLogs hook for SSE log streaming
- Add useLogStats hook for real-time statistics
- Update WorkOrderDetailView to display logs panel
- Add comprehensive tests for new components
- Configure Vite test environment
- Move sse-starlette from base dependencies to agent-work-orders group
- Keep structlog in agent-work-orders group (already there)
- Update lockfile accordingly
- Change from fixed backend/frontend ports to 10-port ranges per work order
- Support 20 concurrent work orders (200 ports: 9000-9199)
- Add port availability checking with flexible allocation
- Make git_worktree default sandbox type
- Standardize API routes with /api/ prefix
- Add comprehensive port allocation tests
- Update environment file generation with PORT_0-PORT_9 variables
- Maintain backward compatibility with BACKEND_PORT/FRONTEND_PORT aliases
Aligns test expectations with the llms.txt specification which uses
'pages' rather than 'files' terminology. The implementation correctly
uses "llms_txt_with_linked_pages" - this updates the test to match.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The tldextract package was missing from the 'all' dependency group,
causing CI test failures. It was already in the 'server' group but
needed in 'all' for running unit tests in CI/CD.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fix test mocks to use requests.Session for _check_url_exists
- Add url parameter to create_mock_response to prevent MagicMock issues
- Update all test scenarios to mock both requests.get and session.get
- Remove redundant UNSAFE_PROTOCOLS check in URL validation
- Fix test assertions to match new priority order (llms.txt > llms-full.txt)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
## Backend Improvements
### Discovery Service
- Fix SSRF protection: Use requests.Session() for max_redirects parameter
- Add comprehensive IP validation (_is_safe_ip, _resolve_and_validate_hostname)
- Add hostname DNS resolution validation before requests
- Fix llms.txt link following to crawl ALL same-domain pages (not just llms.txt files)
- Remove unused file variants: llms.md, llms.markdown, sitemap_index.xml, sitemap-index.xml
- Optimize DISCOVERY_PRIORITY based on real-world usage research
- Update priority: llms.txt > llms-full.txt > sitemap.xml > robots.txt
### URL Handler
- Fix .well-known path to be case-sensitive per RFC 8615
- Remove llms.md, llms.markdown, llms.mdx from variant detection
- Simplify link collection patterns to only .txt files (most common)
- Update llms_variants list to only include spec-compliant files
### Crawling Service
- Add tldextract for proper root domain extraction (handles .co.uk, .com.au, etc.)
- Replace naive domain extraction with robust get_root_domain() function
- Add tldextract>=5.0.0 to dependencies
## Frontend Improvements
### Type Safety
- Extend ActiveOperation type with discovery fields (discovered_file, discovered_file_type, linked_files)
- Remove all type casting (operation as any) from CrawlingProgress component
- Add proper TypeScript types for discovery information
### Security
- Create URL validation utility (urlValidation.ts)
- Only render clickable links for validated HTTP/HTTPS URLs
- Reject unsafe protocols (javascript:, data:, vbscript:, file:)
- Display invalid URLs as plain text instead of links
## Testing
- Update test mocks to include history and url attributes for redirect checking
- Fix .well-known case sensitivity tests (must be lowercase per RFC 8615)
- Update discovery priority tests to match new order
- Remove tests for deprecated file variants
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
GitHub's YAML templates (.yml) don't support URL parameter pre-filling, but
Markdown templates (.md) do. This adds a structured bug report template that
allows the automated bug reporter to pre-fill all user-submitted data.
Changes:
- Create .github/ISSUE_TEMPLATE/auto_bug_report.md template
- Update bug_report_api.py to use template=auto_bug_report.md parameter
- Update tests to verify template parameter is included in URL
- Add explanatory comments about YAML vs Markdown template differences
Benefits:
- Users see a structured bug report template (not generic issue form)
- All bug report data is pre-filled from the UI form
- Template provides consistent formatting and organization
- Better UX than generic issue creation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
GitHub's issue creation URL does not support the 'template' parameter for
pre-filling fields. When a template is specified, GitHub ignores other URL
parameters like title and body, preventing user-submitted data from being
pre-filled in the issue form.
Changes:
- Remove 'template=bug_report.yml' parameter (non-existent template)
- Remove 'labels' parameter (not supported via URL)
- Keep only 'title' and 'body' parameters for proper pre-filling
- Add explanatory comment about GitHub's URL parameter limitations
- Update tests to verify URL structure (no template parameter)
Now when users click "Report Bug", the GitHub issue form will be properly
pre-filled with their title and detailed bug report information.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
