arch: D-series — 5 more route groups, codec_dashboard 3618→2921#162
Merged
Conversation
…2921 Continuation of route extraction (PR #161 deferrals). Pytest: 2148 → 2172 (+24 regression tests, 0 regressions). ROUTES EXTRACTED D1 / SR-42: /api/qchat/* → routes/qchat.py 5 endpoints (sessions/{sid}/save/{sid}/search) + QCHAT_DB + qchat_db() helper. SQLite WAL + busy_timeout + auto-migration of user_id column. D2 / SR-43: /api/vibe/* → routes/vibe.py 4 endpoints (sessions/session/save/delete) + VIBE_DB + vibe_db() helper. Same lifecycle pattern as qchat. D3 / SR-44: /api/schedules/* → routes/schedules.py 6 endpoints including the /run endpoint with its background-thread _execute_task() (LLM report → Google Doc → notification flow). PUT endpoint uses codec_jsonstore.atomic_write_json (re-audit medium fix preserved). D4 / SR-45: /api/prompts/* → routes/prompts.py 3 endpoints + the 3 helper functions (_load_prompt_overrides, _save_prompt_overrides, _get_all_prompts). codec_dashboard's chat_completion handler now lazy-imports _load_prompt_overrides from routes.prompts to avoid a module-load-time cycle. D5 / SR-46: media endpoints → routes/media.py 6 endpoints (webcam x3, screenshot, clipboard x2). Vision-proxy POST in webcam_capture added to test_a12_invariant._ALLOWLIST (legitimate vision site pending A-11 cleanup). NOT INCLUDED IN D5 - /api/upload and /api/upload_image (250 LOC with B1 fence markers + size cap + path safety) — kept in codec_dashboard.py to keep the security-hardening review surface tight. Future PR. LOC SHIFT codec_dashboard.py: 3,618 → 2,921 LOC (-697, -19.3%) (started at 3,912 before PR #160) NEW TESTS tests/test_route_extractions_d.py — 24 tests across 5 phases. Each phase parametrizes endpoint-registered checks + source-side invariants (db helpers in module, atomic-write in schedules, lazy prompt import in dashboard). Global LOC floor tightened to < 3,000. UPDATED SOURCE-SCAN TESTS - tests/test_a12_invariant.py: routes/media.py added to allowlist (vision POST in webcam_capture, A-11 pending) - tests/test_dashboard_llm.py: /chat/completions count assertion bumped 5 → 4 (vision POST moved out with media) Full pytest: 2172 passed, 83 skipped (env-dependent), 0 failed (1m24s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…b/vibe_db PR #162 CI smoke ruff gate failed: - F401: sqlite3, uuid, pathlib.Path, _notif_lock, _load_notifications, _write_notifications, _append_schedule_run_log — all callers moved to routes/qchat, routes/vibe, routes/schedules - F821: 4 call sites in codec_dashboard.py still referenced qchat_db() and vibe_db() — added lazy `from routes.qchat import qchat_db` (etc.) inside each function body that uses them No behavior change. Full pytest still 2172 passed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
AVADSA25
added a commit
that referenced
this pull request
May 30, 2026
* arch: E-series — 3 more route groups, codec_dashboard 2921→2530 Continuation of dashboard route extraction (PR #162 follow-up). Pytest: 2172 → 2185 (+13 regression tests, 0 regressions). EXTRACTIONS E1 / SR-47: Sparkle update endpoints → routes/update.py 2 endpoints (/api/update/check, /api/update/download). Both proxy through codec_update which handles Ed25519 signature verification. E2 / SR-48: public health + manifest + metrics + status → routes/health.py 5 endpoints (/api/health, /health, /api/status, /manifest.json, /metrics). HealthResponse Pydantic model moved with them. /api/services/status stays in codec_dashboard.py because it reads _bg_status / _bg_tasks globals owned by the startup hooks. E4 / SR-49: upload + upload_image + save_file → routes/upload.py 3 security-hardened endpoints bundled because they share defensive scaffolding: - _UPLOAD_MAX_BYTES + 3-layer size cap (B1 / SR-15) - _fence_user_document marker helper (B1 / SR-16) - _SAVE_FILE_BLOCKED_* + _save_file_is_safe (A1 / SR-8 mirror of PR-1C file_write blocklist) DEFERRED (next round) - E3 routes/config.py — /api/config GET/PUT with 22-rule validation matrix + sensitive field masking. Medium-risk; standalone PR. - E5 routes/vibe_exec.py — /api/preview, /preview_frame, /api/run_code (Vibe IDE exec surface; touches subprocess + is_dangerous check) - E6 routes/misc.py — /api/tts, /api/response, /api/web_search, /api/command, /api/cdp/status LOC SHIFT codec_dashboard.py: 2,921 → 2,530 LOC (-391, -13.4%) (3,912 → 2,530 cumulative = -1,382, -35.3%) UPDATED TESTS - tests/test_top10_action_list.py: `_save_file_is_safe` import points to routes.upload (was codec_dashboard). - tests/test_a12_invariant.py: routes/upload.py allowlisted for vision POST (A-11 pending, same as routes/media.py). - tests/test_dashboard_llm.py: /chat/completions count assertion bumped from 4 → 3 (upload_image vision POST moved out). - tests/test_dead_code_3g.py: HealthResponse now lives at routes.health.HealthResponse (E2 extraction). - tests/test_route_extractions_e.py NEW: 13 tests parametrized across 3 phases — endpoint-registered + source-side invariants (HealthResponse exported, B1 helpers in routes/upload). NEW INVARIANT FLOOR test_dashboard_loc_below_2700 — codec_dashboard.py < 2700 LOC. Tightens as future extractions land. Full pytest: 2185 passed, 83 skipped (env-dependent), 0 failed (1m20s). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix(lint): drop unused pydantic imports (BaseModel/Field) — moved with HealthResponse --------- Co-authored-by: Mickael Farina <farina.mickael@gmail.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Continuation of route extraction (PR #161 deferrals). Pytest: 2148 → 2172 (+24 regression tests, 0 regressions).
What landed
/api/qchat/*routes/qchat.py+ qchat_db helper/api/vibe/*routes/vibe.py+ vibe_db helper/api/schedules/*routes/schedules.py/api/prompts/*routes/prompts.pyroutes/media.pyNot included:
/api/upload+/api/upload_image(250 LOC with B1 fence markers + size cap + path safety) — kept incodec_dashboard.pyto keep the security-hardening review surface tight. Future PR.LOC trajectory
codec_dashboard.py: 3,618 → 2,921 LOC (-697, -19.3% this PR)Test plan
pytest tests/test_route_extractions_d.py— 24/24 new tests passpytest tests/test_a12_invariant.py— passes (media.py allowlisted for vision POST)pytest tests/test_dashboard_llm.py— passes (count assertion 5 → 4 after media move)pytest tests/test_chat_helpers.py— 5/5 pass (chat_completion lazy-imports_load_prompt_overridesfrom routes.prompts)pytest tests/ -k "qchat or vibe or schedule or prompt or webcam or clipboard or screenshot"— 50+ passpytest tests/(full) — 2172 passed, 83 skipped, 0 failed in 1m24sAfter merge
🤖 Generated with Claude Code