cal/strat-chatbot
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
master
strat-chatbot/domain
History
Cal Corum 43d36ce439 fix: resolve HIGH-severity issues from code review 
API authentication:
- Add X-API-Secret shared-secret header validation on /chat and /stats
- /health remains public for monitoring
- Auth is a no-op when API_SECRET is empty (dev mode)

Rate limiting:
- Add per-user sliding-window rate limiter on /chat (10 req/60s default)
- Returns 429 with clear message when exceeded
- Self-cleaning memory (prunes expired entries on each check)

Exception sanitization:
- Discord bot no longer exposes raw exception text to users
- Error embeds show generic "Something went wrong" message
- Full exception details logged server-side with context
- query_chat_api RuntimeError no longer includes response body

Async correctness:
- Wrap synchronous RuleRepository.search() in run_in_executor()
  to prevent blocking the event loop during SentenceTransformer inference
- Port contract stays synchronous; service owns the async boundary

Test coverage: 101 passed, 1 skipped (11 new tests for auth + rate limiting)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 16:00:26 -05:00
..
__init__.py refactor: hexagonal architecture with ports & adapters, DI, and test-first development 2026-03-08 15:51:16 -05:00
models.py refactor: hexagonal architecture with ports & adapters, DI, and test-first development 2026-03-08 15:51:16 -05:00
ports.py refactor: hexagonal architecture with ports & adapters, DI, and test-first development 2026-03-08 15:51:16 -05:00
services.py fix: resolve HIGH-severity issues from code review 2026-03-08 16:00:26 -05:00