feat: Add API documentation and dashboard dark mode

[rsalus]

Summary

Enhances API documentation across services and adds dark mode to the dashboard. The Intelligence Service now has rich OpenAPI metadata with feature descriptions and endpoint tags. The Gateway adds Scalar API reference UI with a dark theme. The dashboard is renamed from "Shadow Dashboard" to "AuthScript Dashboard" and includes a theme toggle with localStorage persistence.

Changes

• Intelligence Service — Rich OpenAPI metadata with Features section and Health/Analysis tags
• Gateway API — Scalar API reference UI at /scalar/v1 with DeepSpace theme
• Dashboard — Dark mode toggle, ThemeProvider with localStorage, semantic color tokens

Test Plan

Dashboard tests verified (284 passing). Python syntax validated. .NET build succeeded.

---

Results: Tests 284 pass | Build 0 errors

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds dashboard theming (CSS HSL variables, ThemeProvider, ThemeToggle), replaces hardcoded success/warning classes across components and tests, wraps the app with ThemeProvider, updates package description, exposes Scalar UI in Gateway dev, enriches Intelligence OpenAPI/docs and packaging, adjusts CI targets and schema sync path, and includes minor code hygiene and formatting edits.

Changes

Cohort / File(s)	Summary
Dashboard theming core apps/dashboard/src/hooks/useTheme.tsx, apps/dashboard/src/components/ThemeToggle.tsx, apps/dashboard/src/main.tsx, apps/dashboard/src/index.css	Adds ThemeProvider/useTheme, ThemeToggle component, CSS variables (--success, --success-foreground, --warning, --warning-foreground) with dark overrides, and wraps app root with ThemeProvider. Review SSR-safe init, root class toggling, media-listener, and persistence.
Dashboard component color updates apps/dashboard/src/components/ConfidenceMeter.tsx, apps/dashboard/src/components/EvidencePanel.tsx, apps/dashboard/src/components/FormPreview.tsx, apps/dashboard/src/components/StatusFeed.tsx, apps/dashboard/src/routes/index.tsx	Replaces fixed Tailwind success/warning classes with arbitrary HSL/CSS-variable classes (e.g., bg-[hsl(var(--success))], text-[hsl(var(--warning))]). Review CSS variable resolution and visual regressions.
Dashboard tests apps/dashboard/src/components/__tests__/* (ConfidenceMeter.test.tsx, EvidencePanel.test.tsx, FormPreview.test.tsx)	Updates assertions to expect HSL/CSS-variable-based class names. Review test selectors and snapshots.
Nav & package metadata apps/dashboard/package.json, apps/dashboard/src/routes/__root.tsx	Package description changed; ThemeToggle inserted into navigation. Review placement and aria-label.
Intelligence API surface & docs apps/intelligence/src/main.py, apps/intelligence/src/api/analyze.py, apps/intelligence/openapi.json, apps/intelligence/README.md, apps/intelligence/pyproject.toml	Adds OpenAPI spec, new POST /analyze/with-documents multipart endpoint, expands FastAPI metadata/tags, README, and wheel packaging config. Review endpoint signatures, OpenAPI accuracy, and packaging settings.
Intelligence code hygiene & small edits apps/intelligence/src/llm_client.py, apps/intelligence/src/models/pa_form.py, apps/intelligence/src/parsers/pdf_parser.py, apps/intelligence/src/policies/mri_lumbar.py, apps/intelligence/src/reasoning/*	Type-ignore comments for Gemini calls, removed unused import, explicit str cast, prompt/formatting/comment tweaks. Review type suppressions and prompt integrity.
Gateway Scalar UI (dev only) apps/gateway/Gateway.API/Gateway.API.csproj, apps/gateway/Gateway.API/Program.cs	Adds Scalar.AspNetCore dependency and maps Scalar API UI in development (DeepSpace theme). Review dev-only registration.
CI & scripts .github/workflows/ci.yml, scripts/build/sync-schemas.sh	Lowers coverage threshold, adjusts Gateway CI to test project, updates pytest/uv flags, and changes schema sync target path. Review CI target correctness.
Lint config apps/dashboard/eslint.config.js	Adds ignore pattern src/api/generated/** and disables react-hooks/set-state-in-effect rule. Review lint exclusions.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant User
participant ThemeToggle
participant ThemeProvider
participant LocalStorage
participant Document
User->>ThemeToggle: click toggle
ThemeToggle->>ThemeProvider: call setTheme('light'|'dark'|'system')
ThemeProvider->>LocalStorage: persist selected theme
ThemeProvider->>Document: update document.documentElement.classList
Note over ThemeProvider,Document: If 'system', ThemeProvider queries matchMedia and listens for changes

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: Add API documentation and dashboard dark mode #1 — Overlapping dashboard theming changes (ThemeProvider/useTheme, ThemeToggle, CSS variable updates) and corresponding test updates.

Poem

🌗 Hues now live in CSS and light,
A toggle flips the dashboard’s sight,
Docs grow thick and endpoints named,
Tests shift hues to match the frame,
Small edits make the theme feel right.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main changes: API documentation enhancements and dark mode implementation across services.
Description check	✅ Passed	The description clearly relates to the changeset, covering the three main areas of change with appropriate context and test results.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/integration-api-docs-dashboard

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/ci.yml (1)

107-121: Coverage collection is missing and must be re-enabled.

The test step lacks collection flags, so the upload will fail to find coverage files. To enable XPlat Code Coverage collection with .NET's Coverlet, include Format=cobertura in the collector argument and specify the results directory. The glob pattern must account for VSTest's automatic GUID subfolder.

✅ Suggested fix (re-enable XPlat coverage + align upload path)

       - name: Test with coverage
         if: hashFiles('apps/gateway/Gateway.API.Tests/*.csproj') != ''
         run: |
           dotnet test apps/gateway/Gateway.API.Tests/Gateway.API.Tests.csproj \
             --configuration Release \
             --no-build \
-            --logger "console;verbosity=detailed"
+            --collect:"XPlat Code Coverage;Format=cobertura" \
+            --results-directory apps/gateway/coverage \
+            --logger "console;verbosity=detailed"
@@
       - name: Upload coverage
-        if: hashFiles('apps/gateway/coverage/*.xml') != ''
+        if: hashFiles('apps/gateway/coverage/**/coverage.cobertura.xml') != ''
         uses: actions/upload-artifact@v4
         with:
           name: gateway-coverage
-          path: apps/gateway/coverage/*.xml
+          path: apps/gateway/coverage/**/coverage.cobertura.xml

🧹 Nitpick comments (1)

apps/intelligence/README.md (1)

1-21: Consider adding prerequisites and testing sections.

The README is technically sound and covers the essentials. To improve developer onboarding, consider adding:

• A Prerequisites section (Python version requirement, uv installation)
• Environment configuration notes (if any .env or config files are needed)
• Testing instructions

📝 Example additions

After line 9, you could add:

## Prerequisites

- Python 3.11+
- [uv](https://github.com/astral-sh/uv) package manager

After line 17, you could add:

## Testing

```bash
uv run pytest

</details>

</blockquote></details>

</blockquote></details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@apps/intelligence/openapi.json`:
- Around line 59-86: The OpenAPI spec currently defines clinical_data as a query
parameter; remove that entry from the "parameters" array and instead add it to
the operation's requestBody under "content": "multipart/form-data" (alongside
the existing documents field), defining clinical_data as a form field (string or
JSON schema as appropriate). Also update the source endpoint signature that
generated this spec (where clinical_data and documents are declared) to accept
clinical_data via Form(...) (or as a JSON part) and documents via File(...), so
the spec generation reflects a multipart form body rather than a query
parameter; ensure the new requestBody schema names the field "clinical_data" and
marks it required if needed.
- Around line 201-215: The documents array in the OpenAPI schema for
Body_analyze_with_documents_analyze_with_documents_post has no maxItems
constraint allowing unbounded file uploads; add a reasonable "maxItems" (e.g.,
10 or another project-appropriate limit) to the documents property in the
generated schema and ensure the FastAPI endpoint (the analyze_with_documents
POST handler) enforces the same limit via request validation (Pydantic model or
a custom validator) and returns a clear 4xx error when exceeded so the runtime
cannot be DoS'd by too many uploaded files.

🧹 Nitpick comments (1)

scripts/build/sync-schemas.sh (1)

36-57: Consider preserving error output for debugging.

The 2>/dev/null on line 48 suppresses all stderr from the Python generation, which could make debugging difficult when generation fails. The generic "Python generation failed" message doesn't reveal the actual error.

For better observability:

Optional improvement

-" 2>/dev/null || echo "      ! Python generation failed"
+" 2>&1 || echo "      ! Python generation failed (see output above)"

Alternatively, redirect to a log file if you want clean CI output but still want errors accessible.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Consider moving clinical_data from query parameter to request body.

Placing clinical_data (a JSON string containing patient information) in a query parameter raises concerns:

1. Privacy/Compliance: Query strings are often logged by proxies, load balancers, and web servers, risking PHI exposure
2. Size limits: URLs have practical length limits (~2-8KB depending on infrastructure), constraining payload size

Since this endpoint already uses multipart/form-data, consider adding clinical_data as a form field alongside documents rather than a query parameter. This is likely an artifact of how FastAPI generates the spec from the endpoint signature.

🤖 Prompt for AI Agents

In `@apps/intelligence/openapi.json` around lines 59 - 86, The OpenAPI spec
currently defines clinical_data as a query parameter; remove that entry from the
"parameters" array and instead add it to the operation's requestBody under
"content": "multipart/form-data" (alongside the existing documents field),
defining clinical_data as a form field (string or JSON schema as appropriate).
Also update the source endpoint signature that generated this spec (where
clinical_data and documents are declared) to accept clinical_data via Form(...)
(or as a JSON part) and documents via File(...), so the spec generation reflects
a multipart form body rather than a query parameter; ensure the new requestBody
schema names the field "clinical_data" and marks it required if needed.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add maxItems constraint to prevent unbounded file uploads.

The documents array lacks a maximum items constraint. Without this, clients could potentially upload an unbounded number of files, leading to resource exhaustion or DoS concerns.

Consider adding a reasonable limit based on expected use cases:

Suggested schema modification

 "documents": {
   "items": {
     "type": "string",
     "format": "binary"
   },
   "type": "array",
   "title": "Documents",
-  "default": []
+  "default": [],
+  "maxItems": 10
 }

Note: This would need to be enforced in the FastAPI endpoint definition (e.g., via a custom validator), as the OpenAPI spec is auto-generated.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"Body_analyze_with_documents_analyze_with_documents_post": {
	"properties": {
	"documents": {
	"items": {
	"type": "string",
	"format": "binary"
	},
	"type": "array",
	"title": "Documents",
	"default": []
	}
	},
	"type": "object",
	"title": "Body_analyze_with_documents_analyze_with_documents_post"
	},
	"Body_analyze_with_documents_analyze_with_documents_post": {
	"properties": {
	"documents": {
	"items": {
	"type": "string",
	"format": "binary"
	},
	"type": "array",
	"title": "Documents",
	"default": [],
	"maxItems": 10
	}
	},
	"type": "object",
	"title": "Body_analyze_with_documents_analyze_with_documents_post"
	},

🧰 Tools

🪛 Checkov (3.2.334)

[medium] 203-211: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

🤖 Prompt for AI Agents

In `@apps/intelligence/openapi.json` around lines 201 - 215, The documents array
in the OpenAPI schema for
Body_analyze_with_documents_analyze_with_documents_post has no maxItems
constraint allowing unbounded file uploads; add a reasonable "maxItems" (e.g.,
10 or another project-appropriate limit) to the documents property in the
generated schema and ensure the FastAPI endpoint (the analyze_with_documents
POST handler) enforces the same limit via request validation (Pydantic model or
a custom validator) and returns a clear 4xx error when exceeded so the runtime
cannot be DoS'd by too many uploaded files.