Copilot/fix unauthorized data in path expression

[parkcheolhong]

Summary by Sourcery

Sanitize and standardize diagnostic error reporting to avoid leaking internal details, strengthen auth and recovery time handling, and improve orchestration progress persistence and marketplace failure messaging while updating dependencies and CI configuration.

Bug Fixes:

• Redact low-level CPU, GPU, memory, and queue diagnostic errors to stable public error codes instead of raw exception text or paths.
• Ensure orchestration progress for multiple runs is persisted and loaded from a shared, thread-safe JSON store keyed by run_id.
• Prevent unauthorized or unsafe values from influencing orchestration progress file paths by using a fixed store filename.

Enhancements:

• Switch JWT and auth-related time handling to timezone-aware datetimes and modern Pydantic model configuration.
• Refine marketplace feature failure UX by surfacing a user-friendly generic error message instead of raw exception details in SSE and metadata.
• Improve GPU LLM server error signaling by exposing a stable model load failure code.
• Adjust feature orchestrator frontend defaults to use the configured popup metadata without unnecessary string replacement.

Build:

• Bump Pillow dependency to the latest supported major version range.

CI:

• Extend the CodeQL workflow to set up Python 3.13 for Python-language analysis.

Deployment:

• Add a new top-level .gitignore file placeholder, preparing for repository-level ignore configuration.

Documentation:

• Add a comprehensive bilingual design-change summary document capturing orchestrator, generator, admin UI, and operational readiness decisions.

Tests:

• Add tests that dynamically load and validate diagnostic sanitization behavior for CPU, GPU, and memory health snapshots, ensuring only safe error codes are exposed.
• Harden auth router security tests with timezone-aware expiry handling and a webauthn stub to allow importing when the library is absent.

[sourcery-ai]

Reviewer's Guide

Sanitizes backend diagnostic error exposure, centralizes orchestration progress persistence into a shared, locked store, tightens auth time handling and secret-key configuration, improves marketplace/ad queue and GPU server error privacy, bumps Pillow, and adds tests and docs around the new health-diagnostics behavior.

Sequence diagram for sanitized runtime health diagnostics

sequenceDiagram
    actor User
    participant Frontend
    participant BackendRuntime as Backend_runtime_health_endpoint
    participant MemDiag as _memory_snapshot
    participant CpuDiag as _cpu_snapshot
    participant GpuDiag as _gpu_snapshot
    participant QueueDiag as get_ad_queue_runtime_status
    participant Sanitizer as _sanitize_diagnostic_error

    User->>Frontend: Open health dashboard / diagnostics
    Frontend->>BackendRuntime: GET /api/runtime/health

    BackendRuntime->>MemDiag: _memory_snapshot()
    alt linux or windows memory error
        MemDiag->>Sanitizer: _sanitize_diagnostic_error(exc, "memory_snapshot_unavailable")
        Sanitizer-->>MemDiag: safe_error_code or fallback
        MemDiag-->>BackendRuntime: {available: False, state: warning, error: safe_code}
    else memory ok
        MemDiag-->>BackendRuntime: {available: True, usage_percent, ...}
    end

    BackendRuntime->>CpuDiag: _cpu_snapshot()
    alt cpu load error
        CpuDiag->>Sanitizer: _sanitize_diagnostic_error(exc, "cpu_load_unavailable")
        Sanitizer-->>CpuDiag: safe_error_code or fallback
        CpuDiag-->>BackendRuntime: {available: False, state: warning, error: safe_code}
    else cpu ok
        CpuDiag-->>BackendRuntime: {available: True, usage_percent, ...}
    end

    BackendRuntime->>GpuDiag: _gpu_snapshot()
    GpuDiag->>Sanitizer: _sanitize_diagnostic_error(gpu_runtime.error, "gpu_runtime_unavailable")
    Sanitizer-->>GpuDiag: safe_error_code or fallback
    alt gpu unavailable
        GpuDiag-->>BackendRuntime: {available: False, state: warning, error: safe_code}
    else gpu ok
        GpuDiag-->>BackendRuntime: {available: True, devices, ...}
    end

    BackendRuntime->>QueueDiag: get_ad_queue_runtime_status()
    alt RedisError on queue depth
        QueueDiag-->>BackendRuntime: {redis_queue: {available: False, error: "redis_queue_unavailable"}, ad_worker: {...}}
    else queue ok
        QueueDiag-->>BackendRuntime: {redis_queue: {available: True, ...}, ad_worker: {...}}
    end

    BackendRuntime-->>Frontend: Aggregated health payload with sanitized error codes
    Frontend-->>User: Render health status without raw exception data

Loading

Sequence diagram for shared orchestration progress persistence

sequenceDiagram
    participant Orchestrator as Orchestrator_logic
    participant StoreMem as _ORCHESTRATION_PROGRESS_STORE
    participant SaveFn as _save_orchestration_progress
    participant LoadFn as _load_orchestration_progress
    participant File as progress_store_json
    participant Lock as _ORCHESTRATION_PROGRESS_FILE_LOCK

    Orchestrator->>SaveFn: _save_orchestration_progress(run_id, payload)
    SaveFn->>SaveFn: normalize run_id, updated_at
    SaveFn->>StoreMem: StoreMem[run_id] = normalized

    SaveFn->>Lock: acquire()
    alt file exists and valid
        SaveFn->>File: read_text()
        File-->>SaveFn: existing_json
        SaveFn->>SaveFn: persisted_payload = existing_json
    else missing or invalid
        SaveFn->>SaveFn: persisted_payload = {}
    end
    SaveFn->>SaveFn: persisted_payload[run_id] = normalized
    SaveFn->>File: write_text(json.dumps(persisted_payload))
    SaveFn->>Lock: release()
    SaveFn-->>Orchestrator: normalized

    Orchestrator->>LoadFn: _load_orchestration_progress(run_id)
    alt cached in memory
        LoadFn->>StoreMem: get(run_id)
        StoreMem-->>LoadFn: cached_payload
        LoadFn-->>Orchestrator: copy(cached_payload)
    else not cached
        LoadFn->>Lock: acquire()
        LoadFn->>File: read_text()
        File-->>LoadFn: persisted_json
        LoadFn->>Lock: release()
        alt run_id key exists
            LoadFn->>LoadFn: stored = persisted_json[run_id]
            LoadFn->>StoreMem: StoreMem[run_id] = stored
            LoadFn-->>Orchestrator: copy(stored)
        else missing or error
            LoadFn-->>Orchestrator: {}
        end
    end

Loading

File-Level Changes

Change	Details	Files
Sanitize and normalize health-diagnostics error reporting to expose only stable, non-sensitive error codes.	Introduce _SAFE_DIAGNOSTIC_ERROR_CODES and _sanitize_diagnostic_error helper to whitelist diagnostic error strings. Use sanitized error codes instead of raw exception messages in Linux/Windows memory snapshots and the composite _memory_snapshot payload. Change CPU snapshot to store and expose a sanitized error_code instead of an arbitrary error_message. Normalize GPU snapshot to read from a runtime dict safely and emit a stable gpu_runtime_unavailable error code when unavailable. Adjust runtime health payload and ad queue diagnostics to log full exceptions server-side while returning public-safe queue_runtime_unavailable/redis_queue_unavailable codes to clients. Add a dedicated test module that loads selected backend.main functions via AST and asserts that memory, CPU, and GPU diagnostics only expose safe error codes and not raw paths or messages.	backend/main.py backend/llm/orchestrator.py backend/marketplace/router.py backend/marketplace/router.py tests/test_health_diagnostics_sanitization.py
Make orchestration progress persistence multi-run aware and thread-safe by centralizing progress into a single JSON store guarded by a lock.	Replace per-run JSON file paths with a single progress_store.json file under the runtime progress root. Introduce a global threading.Lock to guard concurrent read/modify/write operations to the progress store file. When saving progress, merge the new normalized entry into the existing persisted dict (if any) and rewrite the full store atomically. When loading, read the central store, extract the specific run_id entry, cache it in the in-memory store, and add error logging on failures.	backend/llm/orchestrator.py
Tighten auth and password-recovery handling around timezones and secret-key configuration.	Change token expiry and recovery/passkey session timestamps from naive datetime.utcnow() to timezone-aware datetime.now(timezone.utc). Update tests to match the new timezone-aware datetime usage. Refactor _resolve_secret_key to prefer an explicit SECRET_KEY or SECRET_KEY_FILE without writing secrets to disk, and log when falling back to an ephemeral runtime secret. Move auth logger initialization next to SECRET_KEY resolution to log misconfiguration clearly.	backend/auth.py backend/auth_router.py tests/test_auth_router_security.py
Improve marketplace feature orchestration and ad queue diagnostics to avoid leaking internal exception details while still logging them for operators.	In marketplace feature orchestrate stream, log exceptions with stack traces but expose a generic user-facing error message in SSE events, progress metadata, and popup state. In ad queue runtime status, log RedisError exceptions while exposing a stable redis_queue_unavailable error string instead of the raw exception.	backend/marketplace/router.py
Miscellaneous operational and tooling updates (GPU server error code, dependency bump, workflow tweak, docs).	Change GPU LLM custom server model_load_error to a stable model_load_failed code instead of the raw exception string. Bump Pillow dependency from <12.0 to <13.0 to support newer versions. Update CodeQL GitHub Actions workflow to set up Python 3.13 for Python-language analyses. Fix a minor frontend feature orchestrator hook quirk by using the popupKicker string as-is instead of a no-op replace. Add a comprehensive bilingual design-change summary and PR body draft document for future reference. Add a top-level .gitignore file (content not shown in diff).	gpu-llm-server/custom-server/server.py pyproject.toml .github/workflows/codeql.yml frontend/frontend/hooks/use-feature-orchestrator.ts docs/overall-design-change-pr-report-2026-05-08.md .gitignore

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• The change to _resolve_secret_key removes the on-disk fallback secret and will now invalidate all tokens on every restart unless SECRET_KEY or SECRET_KEY_FILE is explicitly configured; consider whether this behavioral change is acceptable in existing deployments or if a migration/shim path is needed.
• The orchestration progress storage now writes all runs into a single JSON file guarded by a threading.Lock, which won’t protect against multi‑process concurrency (e.g., multiple app workers) and may lead to file corruption; consider using a file-based lock or reverting to per-run files for safer cross-process writes.
• The _SAFE_DIAGNOSTIC_ERROR_CODES set is duplicated between backend/main.py and test_health_diagnostics_sanitization.py; to avoid test drift if new codes are added or renamed, consider sourcing this list from the implementation module instead of redefining it in the test.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The change to `_resolve_secret_key` removes the on-disk fallback secret and will now invalidate all tokens on every restart unless `SECRET_KEY` or `SECRET_KEY_FILE` is explicitly configured; consider whether this behavioral change is acceptable in existing deployments or if a migration/shim path is needed.
- The orchestration progress storage now writes all runs into a single JSON file guarded by a `threading.Lock`, which won’t protect against multi‑process concurrency (e.g., multiple app workers) and may lead to file corruption; consider using a file-based lock or reverting to per-run files for safer cross-process writes.
- The `_SAFE_DIAGNOSTIC_ERROR_CODES` set is duplicated between `backend/main.py` and `test_health_diagnostics_sanitization.py`; to avoid test drift if new codes are added or renamed, consider sourcing this list from the implementation module instead of redefining it in the test.

## Individual Comments

### Comment 1
<location path="backend/llm/orchestrator.py" line_range="2687" />
<code_context>


 _ORCHESTRATION_PROGRESS_STORE: Dict[str, Dict[str, Any]] = {}
+_ORCHESTRATION_PROGRESS_FILE_LOCK = threading.Lock()


</code_context>
<issue_to_address>
**issue (bug_risk):** The new file-based progress store is only protected intra-process; cross-process races are still possible.

The shared `progress_store.json` plus `_ORCHESTRATION_PROGRESS_FILE_LOCK` guards only threads in a single process. If multiple processes (e.g., multiple Uvicorn/Gunicorn workers or services) can access this file, they can still interleave reads/writes and corrupt the store.

If cross-process access is possible, please add a process-wide file lock (e.g., `fcntl`/`msvcrt` or a locking library) or move this store to a process-safe backend such as Redis or a database, so the in-memory cache and on-disk state cannot diverge under concurrency.
</issue_to_address>

### Comment 2
<location path="backend/auth.py" line_range="21-30" />
<code_context>
+    configured_file = str(os.getenv("SECRET_KEY_FILE") or "").strip()
</code_context>
<issue_to_address>
**🚨 question (security):** Generating a non-persisted fallback SECRET_KEY changes token lifetime semantics in a potentially surprising way.

Previously the fallback secret was persisted, so JWTs remained valid across restarts. With the new behavior, if both `SECRET_KEY` and `SECRET_KEY_FILE` are unset or unreadable, a fresh key is generated on each startup and all existing tokens are invalidated after a restart.

If this change is intentional, consider distinguishing this case in the returned boolean (e.g., marking ephemeral vs persisted keys), or adding a clearer way for operators to detect this misconfiguration before rollout. Otherwise, reintroducing persistence or failing fast when neither `SECRET_KEY` nor a readable `SECRET_KEY_FILE` is available would avoid surprising token invalidation.
</issue_to_address>

### Comment 3
<location path=".github/workflows/codeql.yml" line_range="35-39" />
<code_context>
             - name: Checkout repository
               uses: actions/checkout@v5

+            - name: Setup Python
+              if: matrix.language == 'python'
+              uses: actions/setup-python@v6
+              with:
+                  python-version: '3.13'
+
             - name: Initialize CodeQL
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Using Python 3.13 in CI might outpace runtime support or some tooling.

CodeQL now always uses Python 3.13 for `matrix.language == 'python'`. If your deployed/runtime version (e.g. 3.10/3.11) or dependencies don’t yet support 3.13, this can hide real compatibility issues or cause flaky workflow failures.

Recommend matching the configured version here to the project’s supported/runtime Python version (or lowest supported) so analysis reflects the actual environment.

```suggestion
            - name: Setup Python
              if: matrix.language == 'python'
              uses: actions/setup-python@v6
              with:
                  # Use the project's supported/runtime Python version (or lowest supported)
                  # so that CodeQL analysis reflects the actual environment.
                  python-version: '3.11'
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): The new file-based progress store is only protected intra-process; cross-process races are still possible.

The shared progress_store.json plus _ORCHESTRATION_PROGRESS_FILE_LOCK guards only threads in a single process. If multiple processes (e.g., multiple Uvicorn/Gunicorn workers or services) can access this file, they can still interleave reads/writes and corrupt the store.

If cross-process access is possible, please add a process-wide file lock (e.g., fcntl/msvcrt or a locking library) or move this store to a process-safe backend such as Redis or a database, so the in-memory cache and on-disk state cannot diverge under concurrency.

[Copilot]

Pull request overview

This PR reduces exposure of internal/unauthorized details by replacing raw exception strings with safe error codes/messages in several runtime/health and orchestration paths, while also updating time handling and a few repo hygiene/config items.

Changes:

• Sanitize health diagnostics and runtime errors to avoid leaking filesystem paths/device identifiers.
• Adjust orchestration progress persistence to avoid user-controlled path components.
• Standardize datetime usage to timezone-aware UTC and update minor config/dependency files.

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tests/test_health_diagnostics_sanitization.py	Adds tests verifying health-diagnostic error redaction behavior.
tests/test_auth_router_security.py	Updates tests to use timezone-aware UTC datetimes and stubs webauthn for import safety.
pyproject.toml	Updates Pillow dependency range.
gpu-llm-server/custom-server/server.py	Replaces model load exception text with a safe error code for /health.
frontend/frontend/hooks/use-feature-orchestrator.ts	Removes a no-op replace call when building default catalog item titles.
docs/overall-design-change-pr-report-2026-05-08.md	Adds a repository-wide design-change summary / PR body draft document.
backend/marketplace/router.py	Replaces raw exception messages with a generic public error message; sanitizes Redis diagnostics error.
backend/main.py	Introduces _sanitize_diagnostic_error and applies safe error codes to memory/cpu/gpu/queue diagnostics.
backend/llm/orchestrator.py	Moves orchestration progress persistence to a shared progress_store.json and adds a thread lock.
backend/auth.py	Changes secret key resolution flow; uses timezone-aware token expiry.
backend/auth_router.py	Switches to timezone-aware UTC, updates Pydantic config style, imports timezone.
.gitignore	Adds standard ignore rules for Python/Node/IDE artifacts.
.github/workflows/codeql.yml	Adds Python 3.13 setup step for CodeQL Python analysis.

[parkcheolhong]

@copilot apply changes based on this feedback

[parkcheolhong]

감사합니다. 수정해주세요

[Copilot]

요청하신 feedback 반영은 8a513c7에서 적용했고, 병합 충돌 해결 커밋 74b779f에서도 그대로 유지했습니다. SECRET_KEY_FILE 오설정(누락/파일아님/빈파일/읽기실패) 케이스를 구분 로그하도록 수정되어 있습니다.

[parkcheolhong]

@copilot apply changes based on this feedback

[Copilot]

해당 feedback도 반영 완료했습니다. 8a513c7에서 PR 범위와 맞지 않는 docs/overall-design-change-pr-report-2026-05-08.md를 제거했고, merge conflict 해결 커밋 74b779f에서도 제거 상태를 유지했습니다.

[parkcheolhong]

@copilot apply changes based on the comments in this thread

[parkcheolhong]

@copilot resolve the merge conflicts in this pull request

[parkcheolhong]

@copilot resolve the merge conflicts in this pull request

[Copilot]

@copilot apply changes based on the comments in this thread

리뷰 스레드 기준으로 요청하신 수정 반영했습니다. 8a513c7 커밋에서 다음을 처리했습니다: orchestrator 진행 저장을 run별 해시 파일 + 원자적 교체 쓰기로 변경, SECRET_KEY_FILE 오설정(없음/파일아님/빈파일/읽기실패) 로그 분리, 그리고 PR 범위와 맞지 않던 docs/overall-design-change-pr-report-2026-05-08.md 제거.

[Copilot]

@copilot resolve the merge conflicts in this pull request

merge conflict 해결 완료했습니다. 74b779f에서 origin/main 병합 충돌(.github/workflows/codeql.yml, backend/auth.py, backend/llm/orchestrator.py)을 정리해 PR 충돌 상태를 해소했습니다.

@copilot resolve the merge conflicts in this pull request

추가 요청 주신 merge conflict도 74b779f로 해결 완료했습니다. 현재 브랜치에 병합 커밋이 반영되어 PR 충돌이 해소된 상태입니다.