npm - draft-board - Versions diffs - 0.1.0-beta.0 - Mend

draft-board 0.1.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/app/backend/.env.example +9 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_patch.txt +195 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_stat.txt +6 -0
package/app/backend/CURL_EXAMPLES.md +335 -0
package/app/backend/ENV_SETUP.md +65 -0
package/app/backend/alembic/env.py +71 -0
package/app/backend/alembic/script.py.mako +28 -0
package/app/backend/alembic/versions/001_initial_schema.py +104 -0
package/app/backend/alembic/versions/002_add_jobs_table.py +52 -0
package/app/backend/alembic/versions/003_add_workspace_table.py +48 -0
package/app/backend/alembic/versions/004_add_evidence_table.py +56 -0
package/app/backend/alembic/versions/005_add_verification_commands.py +32 -0
package/app/backend/alembic/versions/006_add_planner_lock_table.py +39 -0
package/app/backend/alembic/versions/007_add_revision_review_tables.py +126 -0
package/app/backend/alembic/versions/008_add_revision_idempotency_and_traceability.py +52 -0
package/app/backend/alembic/versions/009_add_job_health_fields.py +46 -0
package/app/backend/alembic/versions/010_add_review_comment_line_content.py +36 -0
package/app/backend/alembic/versions/011_add_analysis_cache.py +47 -0
package/app/backend/alembic/versions/012_add_boards_table.py +102 -0
package/app/backend/alembic/versions/013_add_ticket_blocking.py +45 -0
package/app/backend/alembic/versions/014_add_agent_sessions.py +220 -0
package/app/backend/alembic/versions/015_add_ticket_sort_order.py +33 -0
package/app/backend/alembic/versions/03220f0b93ae_add_pr_fields_to_ticket.py +49 -0
package/app/backend/alembic/versions/0c2d89fff3b1_seed_board_configs_from_yaml.py +206 -0
package/app/backend/alembic/versions/3348e5cf54c1_add_merge_checklist_table.py +67 -0
package/app/backend/alembic/versions/357c780ee445_add_goal_status.py +34 -0
package/app/backend/alembic/versions/553340b7e26c_add_autonomy_fields_to_goal.py +65 -0
package/app/backend/alembic/versions/774dc335c679_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/7b307e847cbd_merge_heads.py +23 -0
package/app/backend/alembic/versions/82ecd978cc70_add_missing_indexes.py +48 -0
package/app/backend/alembic/versions/8ef5054dc280_add_normalized_log_entries.py +173 -0
package/app/backend/alembic/versions/8f3e2bd8ea3b_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/9d17f0698d3b_add_config_column_to_boards_table.py +30 -0
package/app/backend/alembic/versions/add_agent_conversation_history.py +72 -0
package/app/backend/alembic/versions/add_job_variant.py +34 -0
package/app/backend/alembic/versions/add_performance_indexes.py +95 -0
package/app/backend/alembic/versions/add_repos_and_board_repos.py +174 -0
package/app/backend/alembic/versions/add_session_id_to_jobs.py +27 -0
package/app/backend/alembic/versions/add_sqlite_backend_tables.py +104 -0
package/app/backend/alembic/versions/b10fb0b62240_add_diff_content_to_revisions.py +34 -0
package/app/backend/alembic.ini +89 -0
package/app/backend/app/__init__.py +3 -0
package/app/backend/app/data_dir.py +85 -0
package/app/backend/app/database.py +70 -0
package/app/backend/app/database_sync.py +64 -0
package/app/backend/app/dependencies/__init__.py +5 -0
package/app/backend/app/dependencies/auth.py +80 -0
package/app/backend/app/dependencies.py +43 -0
package/app/backend/app/exceptions.py +178 -0
package/app/backend/app/executors/__init__.py +1 -0
package/app/backend/app/executors/adapters/__init__.py +1 -0
package/app/backend/app/executors/adapters/aider.py +152 -0
package/app/backend/app/executors/adapters/amazon_q.py +103 -0
package/app/backend/app/executors/adapters/amp.py +123 -0
package/app/backend/app/executors/adapters/claude.py +177 -0
package/app/backend/app/executors/adapters/cline.py +127 -0
package/app/backend/app/executors/adapters/codex.py +167 -0
package/app/backend/app/executors/adapters/copilot.py +202 -0
package/app/backend/app/executors/adapters/cursor.py +87 -0
package/app/backend/app/executors/adapters/droid.py +123 -0
package/app/backend/app/executors/adapters/gemini.py +132 -0
package/app/backend/app/executors/adapters/goose.py +131 -0
package/app/backend/app/executors/adapters/opencode.py +123 -0
package/app/backend/app/executors/adapters/qwen.py +123 -0
package/app/backend/app/executors/plugins/__init__.py +1 -0
package/app/backend/app/executors/registry.py +202 -0
package/app/backend/app/executors/spec.py +226 -0
package/app/backend/app/main.py +486 -0
package/app/backend/app/middleware/__init__.py +13 -0
package/app/backend/app/middleware/idempotency.py +426 -0
package/app/backend/app/middleware/rate_limit.py +312 -0
package/app/backend/app/middleware/security_headers.py +43 -0
package/app/backend/app/middleware/timeout.py +37 -0
package/app/backend/app/models/__init__.py +56 -0
package/app/backend/app/models/agent_conversation_history.py +56 -0
package/app/backend/app/models/agent_session.py +127 -0
package/app/backend/app/models/analysis_cache.py +49 -0
package/app/backend/app/models/base.py +9 -0
package/app/backend/app/models/board.py +79 -0
package/app/backend/app/models/board_repo.py +68 -0
package/app/backend/app/models/cost_budget.py +42 -0
package/app/backend/app/models/enums.py +40 -0
package/app/backend/app/models/evidence.py +132 -0
package/app/backend/app/models/goal.py +102 -0
package/app/backend/app/models/idempotency_entry.py +30 -0
package/app/backend/app/models/job.py +163 -0
package/app/backend/app/models/job_queue.py +39 -0
package/app/backend/app/models/kv_store.py +28 -0
package/app/backend/app/models/merge_checklist.py +87 -0
package/app/backend/app/models/normalized_log.py +100 -0
package/app/backend/app/models/planner_lock.py +43 -0
package/app/backend/app/models/rate_limit_entry.py +25 -0
package/app/backend/app/models/repo.py +66 -0
package/app/backend/app/models/review_comment.py +91 -0
package/app/backend/app/models/review_summary.py +69 -0
package/app/backend/app/models/revision.py +130 -0
package/app/backend/app/models/ticket.py +223 -0
package/app/backend/app/models/ticket_event.py +83 -0
package/app/backend/app/models/user.py +47 -0
package/app/backend/app/models/workspace.py +71 -0
package/app/backend/app/redis_client.py +119 -0
package/app/backend/app/routers/__init__.py +29 -0
package/app/backend/app/routers/agents.py +296 -0
package/app/backend/app/routers/auth.py +94 -0
package/app/backend/app/routers/board.py +885 -0
package/app/backend/app/routers/dashboard.py +351 -0
package/app/backend/app/routers/debug.py +528 -0
package/app/backend/app/routers/evidence.py +96 -0
package/app/backend/app/routers/executors.py +324 -0
package/app/backend/app/routers/goals.py +574 -0
package/app/backend/app/routers/jobs.py +448 -0
package/app/backend/app/routers/maintenance.py +172 -0
package/app/backend/app/routers/merge.py +360 -0
package/app/backend/app/routers/planner.py +537 -0
package/app/backend/app/routers/pull_requests.py +382 -0
package/app/backend/app/routers/repos.py +263 -0
package/app/backend/app/routers/revisions.py +939 -0
package/app/backend/app/routers/settings.py +267 -0
package/app/backend/app/routers/tickets.py +2003 -0
package/app/backend/app/routers/webhooks.py +143 -0
package/app/backend/app/routers/websocket.py +249 -0
package/app/backend/app/schemas/__init__.py +109 -0
package/app/backend/app/schemas/board.py +87 -0
package/app/backend/app/schemas/common.py +33 -0
package/app/backend/app/schemas/evidence.py +87 -0
package/app/backend/app/schemas/goal.py +90 -0
package/app/backend/app/schemas/job.py +97 -0
package/app/backend/app/schemas/merge.py +139 -0
package/app/backend/app/schemas/planner.py +500 -0
package/app/backend/app/schemas/repo.py +187 -0
package/app/backend/app/schemas/review.py +137 -0
package/app/backend/app/schemas/revision.py +114 -0
package/app/backend/app/schemas/ticket.py +238 -0
package/app/backend/app/schemas/ticket_event.py +72 -0
package/app/backend/app/schemas/workspace.py +19 -0
package/app/backend/app/services/__init__.py +31 -0
package/app/backend/app/services/agent_memory_service.py +223 -0
package/app/backend/app/services/agent_registry.py +346 -0
package/app/backend/app/services/agent_session_manager.py +318 -0
package/app/backend/app/services/agent_session_service.py +219 -0
package/app/backend/app/services/agent_tools.py +379 -0
package/app/backend/app/services/auth_service.py +98 -0
package/app/backend/app/services/autonomy_service.py +380 -0
package/app/backend/app/services/board_repo_service.py +201 -0
package/app/backend/app/services/board_service.py +326 -0
package/app/backend/app/services/cleanup_service.py +1085 -0
package/app/backend/app/services/config_service.py +908 -0
package/app/backend/app/services/context_gatherer.py +557 -0
package/app/backend/app/services/cost_tracking_service.py +293 -0
package/app/backend/app/services/cursor_log_normalizer.py +536 -0
package/app/backend/app/services/delivery_pipeline.py +440 -0
package/app/backend/app/services/executor_service.py +634 -0
package/app/backend/app/services/git_host/__init__.py +11 -0
package/app/backend/app/services/git_host/factory.py +87 -0
package/app/backend/app/services/git_host/github.py +270 -0
package/app/backend/app/services/git_host/gitlab.py +194 -0
package/app/backend/app/services/git_host/protocol.py +75 -0
package/app/backend/app/services/git_merge_simple.py +346 -0
package/app/backend/app/services/git_ops.py +384 -0
package/app/backend/app/services/github_service.py +233 -0
package/app/backend/app/services/goal_service.py +113 -0
package/app/backend/app/services/job_service.py +423 -0
package/app/backend/app/services/job_watchdog_service.py +424 -0
package/app/backend/app/services/langchain_adapter.py +122 -0
package/app/backend/app/services/llm_provider_clients.py +351 -0
package/app/backend/app/services/llm_service.py +285 -0
package/app/backend/app/services/log_normalizer.py +342 -0
package/app/backend/app/services/log_stream_service.py +276 -0
package/app/backend/app/services/merge_checklist_service.py +264 -0
package/app/backend/app/services/merge_service.py +784 -0
package/app/backend/app/services/orchestrator_log.py +84 -0
package/app/backend/app/services/planner_service.py +1662 -0
package/app/backend/app/services/planner_tick_sync.py +1040 -0
package/app/backend/app/services/queued_message_service.py +156 -0
package/app/backend/app/services/reliability_wrapper.py +389 -0
package/app/backend/app/services/repo_discovery_service.py +318 -0
package/app/backend/app/services/review_service.py +334 -0
package/app/backend/app/services/revision_service.py +389 -0
package/app/backend/app/services/safe_autopilot.py +510 -0
package/app/backend/app/services/sqlite_worker.py +372 -0
package/app/backend/app/services/task_dispatch.py +135 -0
package/app/backend/app/services/ticket_generation_service.py +1781 -0
package/app/backend/app/services/ticket_service.py +486 -0
package/app/backend/app/services/udar_planner_service.py +1007 -0
package/app/backend/app/services/webhook_service.py +126 -0
package/app/backend/app/services/workspace_service.py +465 -0
package/app/backend/app/services/worktree_file_service.py +92 -0
package/app/backend/app/services/worktree_validator.py +213 -0
package/app/backend/app/sqlite_kv.py +278 -0
package/app/backend/app/state_machine.py +128 -0
package/app/backend/app/templates/__init__.py +5 -0
package/app/backend/app/templates/registry.py +243 -0
package/app/backend/app/utils/__init__.py +5 -0
package/app/backend/app/utils/artifact_reader.py +87 -0
package/app/backend/app/utils/circuit_breaker.py +229 -0
package/app/backend/app/utils/db_retry.py +136 -0
package/app/backend/app/utils/ignored_fields.py +123 -0
package/app/backend/app/utils/validators.py +54 -0
package/app/backend/app/websocket/__init__.py +5 -0
package/app/backend/app/websocket/manager.py +179 -0
package/app/backend/app/websocket/state_tracker.py +113 -0
package/app/backend/app/worker.py +3190 -0
package/app/backend/calculator_tickets.json +40 -0
package/app/backend/canary_tests.sh +591 -0
package/app/backend/celerybeat-schedule +0 -0
package/app/backend/celerybeat-schedule-shm +0 -0
package/app/backend/celerybeat-schedule-wal +0 -0
package/app/backend/logs/.gitkeep +3 -0
package/app/backend/multiplication_division_implementation_tickets.json +55 -0
package/app/backend/multiplication_division_tickets.json +42 -0
package/app/backend/pyproject.toml +45 -0
package/app/backend/requirements-dev.txt +8 -0
package/app/backend/requirements.txt +20 -0
package/app/backend/run.sh +30 -0
package/app/backend/run_with_logs.sh +10 -0
package/app/backend/scientific_calculator_tickets.json +40 -0
package/app/backend/scripts/extract_openapi.py +21 -0
package/app/backend/scripts/seed_demo.py +187 -0
package/app/backend/setup_demo_review.py +302 -0
package/app/backend/test_actual_parse.py +41 -0
package/app/backend/test_agent_streaming.py +61 -0
package/app/backend/test_parse.py +51 -0
package/app/backend/test_streaming.py +51 -0
package/app/backend/test_subprocess_streaming.py +50 -0
package/app/backend/tests/__init__.py +1 -0
package/app/backend/tests/conftest.py +46 -0
package/app/backend/tests/test_auth.py +341 -0
package/app/backend/tests/test_autonomy_service.py +391 -0
package/app/backend/tests/test_cleanup_service_safety.py +417 -0
package/app/backend/tests/test_middleware.py +279 -0
package/app/backend/tests/test_planner_providers.py +290 -0
package/app/backend/tests/test_planner_unblock.py +183 -0
package/app/backend/tests/test_revision_invariants.py +618 -0
package/app/backend/tests/test_sqlite_kv.py +290 -0
package/app/backend/tests/test_sqlite_worker.py +353 -0
package/app/backend/tests/test_task_dispatch.py +100 -0
package/app/backend/tests/test_ticket_validation.py +304 -0
package/app/backend/tests/test_udar_agent.py +693 -0
package/app/backend/tests/test_webhook_service.py +184 -0
package/app/backend/tickets_output.json +59 -0
package/app/backend/user_management_tickets.json +50 -0
package/app/backend/uvicorn.log +0 -0
package/app/draft.yaml +313 -0
package/app/frontend/dist/assets/index-LcjCczu5.js +155 -0
package/app/frontend/dist/assets/index-_FP_279e.css +1 -0
package/app/frontend/dist/index.html +14 -0
package/app/frontend/dist/vite.svg +1 -0
package/app/frontend/package.json +101 -0
package/bin/cli.js +527 -0
package/package.json +37 -0

package/app/backend/app/main.py ADDED Viewed

@@ -0,0 +1,486 @@
+"""Draft Backend - FastAPI Application."""
+import logging
+import os
+import traceback
+from contextlib import asynccontextmanager
+from pathlib import Path
+from dotenv import load_dotenv
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import FileResponse, JSONResponse
+from fastapi.staticfiles import StaticFiles
+from starlette.middleware.base import BaseHTTPMiddleware
+from app.database import init_db
+from app.exceptions import (
+    ConfigurationError,
+    ConflictError,
+    DraftError,
+    InvalidStateTransitionError,
+    LLMAPIError,
+    ResourceNotFoundError,
+    ValidationError,
+)
+from app.middleware import (
+    IdempotencyMiddleware,
+    RateLimitMiddleware,
+    SecurityHeadersMiddleware,
+    TimeoutMiddleware,
+)
+from app.routers import (
+    board_legacy_router,
+    boards_router,
+    debug_router,
+    evidence_router,
+    goals_router,
+    jobs_router,
+    maintenance_router,
+    merge_router,
+    planner_router,
+    repos_router,
+    revisions_router,
+    tickets_router,
+)
+from app.routers.agents import router as agents_router
+from app.routers.auth import router as auth_router
+from app.routers.dashboard import router as dashboard_router
+from app.routers.executors import router as executors_router
+from app.routers.pull_requests import router as pull_requests_router
+from app.routers.settings import router as settings_router
+from app.routers.webhooks import router as webhooks_router
+from app.routers.websocket import router as websocket_router
+load_dotenv()
+# Initialize Sentry error tracking (only if SENTRY_DSN is set)
+_sentry_dsn = os.getenv("SENTRY_DSN")
+if _sentry_dsn:
+    try:
+        import sentry_sdk
+        from sentry_sdk.integrations.fastapi import FastApiIntegration
+        from sentry_sdk.integrations.sqlalchemy import SqlalchemyIntegration
+        sentry_sdk.init(
+            dsn=_sentry_dsn,
+            environment=os.getenv("SENTRY_ENVIRONMENT", "development"),
+            traces_sample_rate=0.1,
+            integrations=[FastApiIntegration(), SqlalchemyIntegration()],
+        )
+    except ImportError:
+        pass  # sentry-sdk not installed, skip
+APP_NAME = "Draft"
+APP_VERSION = "0.1.0"
+logger = logging.getLogger(__name__)
+class RequestSizeLimitMiddleware(BaseHTTPMiddleware):
+    """Limit request body size to prevent OOM attacks."""
+    def __init__(self, app, max_body_size: int = 10_000_000):  # 10MB default
+        super().__init__(app)
+        self.max_body_size = max_body_size
+    async def dispatch(self, request: Request, call_next):
+        """Check content-length header before processing request."""
+        if request.method in ("POST", "PUT", "PATCH"):
+            content_length = request.headers.get("content-length")
+            if content_length and int(content_length) > self.max_body_size:
+                return JSONResponse(
+                    status_code=413,
+                    content={
+                        "detail": f"Request body too large. Max size: {self.max_body_size / 1_000_000:.1f}MB",
+                        "error_type": "payload_too_large",
+                    },
+                )
+        return await call_next(request)
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Application lifespan manager - initializes database on startup."""
+    # Startup: Initialize database tables
+    await init_db()
+    # Start in-process background worker
+    from app.services.sqlite_worker import setup_worker
+    worker = setup_worker()
+    worker.start()
+    logger.info("Background worker started")
+    yield
+    # Shutdown
+    worker.stop()
+    logger.info("Application shutdown complete")
+app = FastAPI(
+    title=APP_NAME,
+    version=APP_VERSION,
+    description="A local-first Draft application with state machine workflow",
+    lifespan=lifespan,
+)
+# Security headers (add first, applies to all responses)
+app.add_middleware(SecurityHeadersMiddleware)
+# Request timeout (600s global timeout, needed for long-running analysis)
+app.add_middleware(TimeoutMiddleware, timeout_seconds=600)
+# CORS configuration — supports both dev (vite on :5173) and production (same origin)
+_frontend_url = os.getenv("FRONTEND_URL")
+if not _frontend_url:
+    _frontend_dist = Path(__file__).parent.parent / "frontend" / "dist"
+    if _frontend_dist.exists():
+        _backend_port = os.getenv("PORT", "8000")
+        _frontend_url = f"http://localhost:{_backend_port}"
+    else:
+        _frontend_url = "http://localhost:5173"
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[_frontend_url, "http://localhost:5173", "http://localhost:8000"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+# Request size limits (prevent DoS)
+app.add_middleware(RequestSizeLimitMiddleware, max_body_size=10_000_000)
+# Rate limiting for LLM endpoints (10 req/min)
+app.add_middleware(RateLimitMiddleware)
+# Idempotency support for expensive operations
+app.add_middleware(IdempotencyMiddleware)
+# Exception handlers
+@app.exception_handler(ResourceNotFoundError)
+async def resource_not_found_handler(
+    request: Request, exc: ResourceNotFoundError
+) -> JSONResponse:
+    """Handle resource not found errors."""
+    return JSONResponse(
+        status_code=404,
+        content={
+            "detail": exc.message,
+            "error_type": "resource_not_found",
+        },
+    )
+@app.exception_handler(InvalidStateTransitionError)
+async def invalid_transition_handler(
+    request: Request, exc: InvalidStateTransitionError
+) -> JSONResponse:
+    """Handle invalid state transition errors."""
+    return JSONResponse(
+        status_code=400,
+        content={
+            "detail": exc.message,
+            "error_type": "invalid_state_transition",
+            "from_state": exc.from_state,
+            "to_state": exc.to_state,
+        },
+    )
+@app.exception_handler(ValidationError)
+async def validation_error_handler(
+    request: Request, exc: ValidationError
+) -> JSONResponse:
+    """Handle validation errors."""
+    return JSONResponse(
+        status_code=422,
+        content={
+            "detail": exc.message,
+            "error_type": "validation_error",
+        },
+    )
+@app.exception_handler(ConflictError)
+async def conflict_error_handler(request: Request, exc: ConflictError) -> JSONResponse:
+    """Handle conflict errors (e.g., duplicate operations, stale state)."""
+    return JSONResponse(
+        status_code=409,
+        content={
+            "detail": exc.message,
+            "error_type": "conflict",
+        },
+    )
+@app.exception_handler(ConfigurationError)
+async def configuration_error_handler(
+    request: Request, exc: ConfigurationError
+) -> JSONResponse:
+    """Handle configuration errors (e.g., missing API keys)."""
+    return JSONResponse(
+        status_code=400,
+        content={
+            "detail": exc.message,
+            "error_type": "configuration_error",
+        },
+    )
+@app.exception_handler(LLMAPIError)
+async def llm_api_error_handler(request: Request, exc: LLMAPIError) -> JSONResponse:
+    """Handle LLM API errors."""
+    return JSONResponse(
+        status_code=502,
+        content={
+            "detail": exc.message,
+            "error_type": "llm_api_error",
+            "provider": exc.provider,
+        },
+    )
+@app.exception_handler(DraftError)
+async def smart_kanban_error_handler(request: Request, exc: DraftError) -> JSONResponse:
+    """Handle generic Draft errors."""
+    return JSONResponse(
+        status_code=500,
+        content={
+            "detail": str(exc),
+            "error_type": "internal_error",
+        },
+    )
+@app.exception_handler(Exception)
+async def generic_exception_handler(request: Request, exc: Exception) -> JSONResponse:
+    """Catch-all handler that prevents information leakage (SECURITY).
+    In production, sanitizes errors to prevent exposing internal details.
+    In development, includes full traceback for debugging.
+    """
+    # Log full error internally (for debugging/monitoring)
+    logger.error(
+        f"Unhandled exception in {request.method} {request.url.path}",
+        exc_info=exc,
+        extra={
+            "path": request.url.path,
+            "method": request.method,
+            "client": request.client.host if request.client else None,
+        },
+    )
+    # Return sanitized error to client
+    if os.getenv("APP_ENV") == "production":
+        # PRODUCTION: Never expose internal details
+        return JSONResponse(
+            status_code=500,
+            content={
+                "detail": "Internal server error",
+                "error_type": "internal_error",
+                # NO stack trace or exception details
+            },
+        )
+    else:
+        # DEVELOPMENT: Include details for debugging
+        return JSONResponse(
+            status_code=500,
+            content={
+                "detail": str(exc),
+                "error_type": type(exc).__name__,
+                "traceback": traceback.format_exc(),
+            },
+        )
+# Health check endpoints (for monitoring/load balancers)
+@app.get("/health", tags=["monitoring"])
+async def healthcheck() -> JSONResponse:
+    """Health check endpoint for load balancers and monitoring.
+    Checks:
+    - Basic service availability
+    Returns 200 OK if service is running.
+    """
+    from datetime import UTC, datetime
+    return JSONResponse(
+        status_code=200,
+        content={
+            "status": "healthy",
+            "timestamp": datetime.now(UTC).isoformat(),
+            "service": APP_NAME,
+            "version": APP_VERSION,
+        },
+    )
+@app.get("/health/detailed", tags=["monitoring"])
+async def healthcheck_detailed(request: Request) -> JSONResponse:
+    """Detailed health check with dependency checks.
+    Checks:
+    - Database connectivity
+    - Redis connectivity
+    - Disk space
+    Returns 200 if all healthy, 503 if any component unhealthy.
+    """
+    from datetime import UTC, datetime, timedelta
+    from sqlalchemy import func, select
+    from app.database import get_db
+    checks = {
+        "status": "healthy",
+        "timestamp": datetime.now(UTC).isoformat(),
+        "service": APP_NAME,
+        "version": APP_VERSION,
+        "checks": {},
+    }
+    # Check database
+    try:
+        async for db in get_db():
+            await db.execute(select(1))
+            checks["checks"]["database"] = "ok"
+            break
+    except Exception as e:
+        checks["status"] = "unhealthy"
+        checks["checks"]["database"] = f"error: {str(e)}"
+        logger.error(f"Database health check failed: {e}")
+    # Check disk space
+    try:
+        import shutil
+        stat = shutil.disk_usage("/")
+        free_percent = (stat.free / stat.total) * 100
+        checks["checks"]["disk_space"] = f"{free_percent:.1f}% free"
+        if free_percent < 10:
+            checks["status"] = "degraded"
+            logger.warning(f"Low disk space: {free_percent:.1f}% free")
+    except Exception as e:
+        checks["checks"]["disk_space"] = f"error: {str(e)}"
+        logger.error(f"Disk space check failed: {e}")
+    # Check worker health
+    try:
+        from app.services.sqlite_worker import _worker
+        worker_running = _worker is not None and _worker._running
+        checks["checks"]["worker"] = "running" if worker_running else "stopped"
+        if not worker_running:
+            checks["status"] = "degraded"
+    except Exception as e:
+        checks["checks"]["worker"] = f"error: {str(e)}"
+    # Check last planner tick time
+    try:
+        async for db in get_db():
+            from app.models.planner_lock import PlannerLock
+            lock_result = await db.execute(
+                select(PlannerLock).where(PlannerLock.lock_key == "planner_tick")
+            )
+            lock = lock_result.scalar_one_or_none()
+            if lock:
+                checks["checks"]["planner_lock"] = {
+                    "held": True,
+                    "acquired_at": lock.acquired_at.isoformat()
+                    if lock.acquired_at
+                    else None,
+                }
+            else:
+                checks["checks"]["planner_lock"] = {"held": False}
+            # Count stuck jobs (RUNNING longer than 30 minutes)
+            from app.models.job import Job, JobStatus
+            thirty_min_ago = datetime.now(UTC) - timedelta(minutes=30)
+            stuck_result = await db.execute(
+                select(func.count(Job.id)).where(
+                    Job.status == JobStatus.RUNNING.value,
+                    Job.started_at < thirty_min_ago,
+                )
+            )
+            stuck_count = stuck_result.scalar() or 0
+            checks["checks"]["stuck_jobs"] = stuck_count
+            if stuck_count > 0:
+                checks["status"] = "degraded"
+            break
+    except Exception as e:
+        checks["checks"]["worker_details"] = f"error: {str(e)}"
+    status_code = 200 if checks["status"] == "healthy" else 503
+    return JSONResponse(content=checks, status_code=status_code)
+@app.get("/readiness", tags=["monitoring"])
+async def readiness() -> JSONResponse:
+    """Readiness check for Kubernetes/container orchestration."""
+    return JSONResponse(status_code=200, content={"status": "ready"})
+@app.get("/liveness", tags=["monitoring"])
+async def liveness() -> JSONResponse:
+    """Liveness check for Kubernetes/container orchestration."""
+    return JSONResponse(status_code=200, content={"status": "alive"})
+# Include routers
+app.include_router(auth_router)  # User registration and login
+app.include_router(goals_router)
+app.include_router(tickets_router)
+app.include_router(boards_router)  # New multi-board endpoints (/boards/...)
+app.include_router(board_legacy_router)  # Legacy kanban view (/board)
+app.include_router(repos_router)  # Repository discovery and management
+app.include_router(jobs_router)
+app.include_router(evidence_router)
+app.include_router(planner_router)
+app.include_router(revisions_router)
+app.include_router(merge_router)
+app.include_router(maintenance_router)
+# Debug endpoints only available in development mode
+if os.getenv("APP_ENV", "development") == "development":
+    app.include_router(debug_router)
+app.include_router(agents_router)  # AI agent management
+app.include_router(dashboard_router)  # Sprint dashboard and metrics
+app.include_router(executors_router)  # Executor plugin management
+app.include_router(settings_router)  # Global settings (draft.yaml)
+app.include_router(websocket_router)  # WebSocket real-time updates
+app.include_router(pull_requests_router)  # GitHub PR integration
+app.include_router(webhooks_router)  # Webhook notifications for ticket changes
+@app.get("/version")
+async def get_version():
+    """Return application name and version."""
+    return {"app": APP_NAME, "version": APP_VERSION}
+# Serve pre-built frontend (production / npx mode).
+# Must be AFTER all API routes so /health, /api/*, /ws/* take priority.
+_frontend_dist_path = Path(__file__).parent.parent / "frontend" / "dist"
+if _frontend_dist_path.exists():
+    # Serve static assets (js, css, images)
+    app.mount(
+        "/assets",
+        StaticFiles(directory=_frontend_dist_path / "assets"),
+        name="frontend-assets",
+    )
+    # SPA catch-all: serve index.html for all non-API, non-asset routes
+    @app.get("/{full_path:path}", include_in_schema=False)
+    async def serve_spa(full_path: str):
+        """Serve the SPA index.html for client-side routing."""
+        file_path = _frontend_dist_path / full_path
+        if file_path.is_file():
+            return FileResponse(file_path)
+        return FileResponse(_frontend_dist_path / "index.html")

package/app/backend/app/middleware/__init__.py ADDED Viewed

@@ -0,0 +1,13 @@
+"""Middleware for the Kanban API."""
+from app.middleware.idempotency import IdempotencyMiddleware
+from app.middleware.rate_limit import RateLimitMiddleware
+from app.middleware.security_headers import SecurityHeadersMiddleware
+from app.middleware.timeout import TimeoutMiddleware
+__all__ = [
+    "IdempotencyMiddleware",
+    "RateLimitMiddleware",
+    "SecurityHeadersMiddleware",
+    "TimeoutMiddleware",
+]