Worked security

Author: SHRAVANIRANE

.env.example

@@ -2,7 +2,9 @@ APP_ENV=development
 SECRET_KEY=replace-with-a-long-random-string
 FRONTEND_URL=http://localhost:5173
 SESSION_TTL_SECONDS=3600
+SESSION_STORE_TYPE=sqlite  # or 'redis'
 SESSIONS_DB_PATH=sessions.db
+REDIS_URL=redis://localhost:6379/0
 GITHUB_CLIENT_ID=your_github_client_id
 GITHUB_CLIENT_SECRET=your_github_client_secret
 GITHUB_TOKEN=your_github_token

.gitattributes

@@ -1 +1 @@
-* text=auto
+* text=auto

.github/workflows/ci.yml

@@ -0,0 +1,54 @@
+name: CI
+
+on:
+  push:
+    branches: ["main", "master"]
+  pull_request:
+    branches: ["main", "master"]
+
+jobs:
+  backend:
+    name: Backend tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11
+
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Run formatting + lint checks (pre-commit)
+        env:
+          SKIP: eslint,prettier
+        run: pre-commit run --all-files
+
+      - name: Run backend tests
+        run: python -m unittest discover -s tests -v
+
+  frontend:
+    name: Frontend lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 18
+          cache: "npm"
+
+      - name: Install frontend dependencies
+        working-directory: frontend
+        run: npm ci
+
+      - name: Run frontend lint
+        working-directory: frontend
+        run: npm run lint

.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+
+  - repo: https://github.com/psf/black
+    rev: 26.3.1
+    hooks:
+      - id: black
+        language_version: python3.11
+
+  - repo: https://github.com/PyCQA/isort
+    rev: 8.0.1
+    hooks:
+      - id: isort
+        language_version: python3.11

PRODUCTION_READINESS.md

@@ -1,6 +1,7 @@
 # Production Readiness Checklist
 
 ## 1. Security
+
 - [x] `.env` excluded from git.
 - [x] `.env.example` provided with non-secret placeholders.
 - [x] Backend enforces `SECRET_KEY` outside development mode.
@@ -9,32 +10,37 @@
 - [ ] Move secrets to deployment secret manager (not file-based on server).
 
 ## 2. Auth & Sessions
+
 - [x] Session cookie uses environment-based `secure` and `samesite`.
 - [x] Session TTL configurable (`SESSION_TTL_SECONDS`).
 - [x] Replace `sessions.json` with SQLite-backed session store (`sessions.db`).
-- [ ] Add CSRF protections for state-changing endpoints.
-- [ ] Optional: move sessions from SQLite to Redis for multi-instance horizontal scaling.
+- [x] Add CSRF protections for state-changing endpoints (enforced in non-development environments).
+- [x] Optional: move sessions from SQLite to Redis for multi-instance horizontal scaling.
 
 ## 3. Reliability
+
 - [x] AI model fallback and status endpoint (`/api/ai-status`) added.
 - [x] Recursive file tree endpoint with graceful fallback.
 - [x] Better GitHub/Ollama error messages exposed to frontend.
-- [ ] Add circuit-breaker/retry policy for repeated upstream failures.
+- [x] Add circuit-breaker/retry policy for repeated upstream failures.
 
 ## 4. Observability
+
 - [x] Request ID added on all responses (`X-Request-ID`).
 - [x] Basic request latency logging middleware added.
 - [ ] Centralized structured logging sink (ELK/Datadog/etc.).
 - [ ] Error alerting and uptime checks.
 
 ## 5. Quality Gates
+
 - [x] Static checks currently passing (`py_compile`, frontend lint).
 - [x] Add backend API tests for auth/session lifecycle (`tests/test_auth_sessions.py`).
 - [ ] Extend backend API tests to files/chat endpoints.
 - [ ] Add frontend integration tests (repo tree + file preview + chat).
-- [ ] CI pipeline enforcing lint/tests before merge.
+- [x] CI pipeline enforcing lint/tests before merge.
 
 ## Recommended Next Sprint
+
 1. Replace file-based session store with Redis.
 2. Add automated tests for core flows.
 3. Add deployment config for managed secrets and observability.

README.md

@@ -1,24 +1,28 @@
 # 🤖 CodeScribeAI
 
 CodeScribeAI is a local-first coding assistant with:
+
 - FastAPI backend
 - React + Vite frontend
 - GitHub repository analysis
 - Ollama-powered AI responses
 
 ## Current Architecture
+
 - Backend: `main.py` (FastAPI)
 - Frontend: `frontend/` (React, Vite)
 - Session store: SQLite (`sessions.db`)
 - Optional async workers: Celery + Redis
 
 ## Prerequisites
+
 - Python 3.10+
 - Node.js 18+
 - Ollama installed and running
 - (Optional) Redis for async chat endpoints
 
 ## Environment Setup
+
 1. Copy `.env.example` to `.env`
 2. Fill real credentials and secrets
 
@@ -27,12 +31,15 @@ cp .env.example .env
 ```
 
 Required keys:
+
 ```env
 APP_ENV=development
 SECRET_KEY=replace-with-a-long-random-string
 FRONTEND_URL=http://localhost:5173
 SESSION_TTL_SECONDS=3600
+SESSION_STORE_TYPE=sqlite  # or "redis"
 SESSIONS_DB_PATH=sessions.db
+REDIS_URL=redis://localhost:6379/0
 GITHUB_CLIENT_ID=your_github_client_id
 GITHUB_CLIENT_SECRET=your_github_client_secret
 GITHUB_TOKEN=your_github_token
@@ -42,42 +49,60 @@ OLLAMA_FALLBACK_MODELS=
 ```
 
 Optional async keys:
+
 ```env
 CELERY_BROKER_URL=redis://localhost:6379/0
 CELERY_RESULT_BACKEND=redis://localhost:6379/0
 ```
 
 ## Install
+
 ### Backend
+
 ```bash
 # from repo root
 python -m venv venv
 # Windows PowerShell
 .\venv\Scripts\Activate.ps1
-pip install fastapi uvicorn httpx python-dotenv itsdangerous pydantic celery
+pip install -r requirements.txt
+```
+
+### Pre-commit (format + lint hooks)
+
+```bash
+# after installing requirements
+pre-commit install
+pre-commit run --all-files
 ```
 
+(If you're using a different shell, use the same commands with the appropriate activation step.)
+
 ### Frontend
+
 ```bash
 cd frontend
 npm install
 ```
 
 ## Run Locally
+
 ### 1) Start Ollama
+
 ```bash
 ollama serve
 ollama pull phi3:mini
 ```
 
 ### 2) Start backend
+
 ```bash
 # from repo root
 .\venv\Scripts\Activate.ps1
 uvicorn main:app --reload --host 127.0.0.1 --port 8000
 ```
 
 ### 3) Start frontend
+
 ```bash
 cd frontend
 npm run dev
@@ -86,6 +111,7 @@ npm run dev
 Open: `http://localhost:5173`
 
 ## Optional: Async Worker (Celery)
+
 Only needed if you use async task endpoints.
 
 ```bash
@@ -95,18 +121,22 @@ celery -A main:celery_app worker --loglevel=info --pool=solo
 ```
 
 ## Testing and Quality
+
 ### Backend tests
+
 ```bash
 python -m unittest discover -s tests -v
 ```
 
 ### Frontend lint
+
 ```bash
 cd frontend
 npm run lint
 ```
 
 ## Key API Endpoints
+
 - `GET /health`
 - `GET /api/ai-status`
 - `POST /api/chat`
@@ -116,11 +146,13 @@ npm run lint
 - `GET /repos/{owner}/{repo}/file-content?path=...`
 
 ## Security Notes
+
 - Never commit `.env`.
 - Rotate any leaked credentials immediately.
 - For non-development environments:
   - set a strong `SECRET_KEY`
   - use secure deployment secrets management
 
 ## Production Readiness
+
 See `PRODUCTION_READINESS.md` for checklist and current status.

frontend/eslint.config.js

@@ -1,29 +1,29 @@
-import js from '@eslint/js'
-import globals from 'globals'
-import reactHooks from 'eslint-plugin-react-hooks'
-import reactRefresh from 'eslint-plugin-react-refresh'
-import { defineConfig, globalIgnores } from 'eslint/config'
+import js from "@eslint/js";
+import globals from "globals";
+import reactHooks from "eslint-plugin-react-hooks";
+import reactRefresh from "eslint-plugin-react-refresh";
+import { defineConfig, globalIgnores } from "eslint/config";
 
 export default defineConfig([
-  globalIgnores(['dist']),
+  globalIgnores(["dist"]),
   {
-    files: ['**/*.{js,jsx}'],
+    files: ["**/*.{js,jsx}"],
     extends: [
       js.configs.recommended,
-      reactHooks.configs['recommended-latest'],
-      reactRefresh.configs.vite,
+      reactHooks.configs["recommended-latest"],
+      reactRefresh.configs.vite
     ],
     languageOptions: {
       ecmaVersion: 2020,
       globals: globals.browser,
       parserOptions: {
-        ecmaVersion: 'latest',
+        ecmaVersion: "latest",
         ecmaFeatures: { jsx: true },
-        sourceType: 'module',
-      },
+        sourceType: "module"
+      }
     },
     rules: {
-      'no-unused-vars': ['error', { varsIgnorePattern: '^[A-Z_]' }],
-    },
-  },
-])
+      "no-unused-vars": ["error", { varsIgnorePattern: "^[A-Z_]" }]
+    }
+  }
+]);

frontend/postcss.config.js

@@ -2,6 +2,6 @@
 export default {
   plugins: {
     "@tailwindcss/postcss": {},
-    autoprefixer: {},
-  },
+    autoprefixer: {}
+  }
 };

frontend/public/vite.svg

@@ -16,9 +16,11 @@ export default function App() {
           <Route
             path="/playground"
             element={
-              <ProtectedRoute>
-                <Playground />
-              </ProtectedRoute>
+              (
+                <ProtectedRoute>
+                  <Playground />
+                </ProtectedRoute>
+              )
             }
           />
           <Route path="/" element={<Home />} />