feat(perf): Phase 1 performance & observability improvements

[0ui-labs]

Summary

• Backend: log request/response sizes (Content-Length), error stack traces
• Frontend: Performance API hook (Navigation/Server Timing) + integration
• Docs: Phase 1 final report (EN) + Step 09 deployment & monitoring runbook

Motivation/Impact

• Lower latency and bandwidth, clearer diagnostics, safer rollouts

Tests

• Frontend: 42/42 (Vitest)
• Backend: 10/10 (Pytest essentials)

Migration

• Non-blocking: CREATE INDEX CONCURRENTLY (run outside transactions)

Rollout

• See: Upgrade/tasks/phase1/02_Implementation log/09-deployment-and-monitoring.protokoll.md

Monitoring

• Backend logs: duration_ms, req_bytes, resp_bytes, full stack traces
• Frontend console: [perf] NavigationTiming, optional [perf] ServerTiming

Rollback

• As per runbook (compose previous images / tags)

Docs

• Upgrade/tasks/phase1/phase1-final-report.en.md

Summary by CodeRabbit

• New Features
  • Task list now returns lightweight items by default and a new task-details endpoint supports on-demand full details.
• UX
  • Task Edit modal lazy-loads task details, shows loading/error states with retry, and prevents saving until details are ready.
• Performance
  • DB indexes and payload-size targets reduce task-list payloads (50-task benchmark ≤30KB); client logs lightweight perf metrics.
• Documentation
  • Added architecture analysis, phased roadmap, tests, deployment/runbook, and migration guidance.

[coderabbitai]

Walkthrough

Adds Phase‑1 architecture, implementation steps, validation logs, tests, migrations, and frontend lazy-loading for task management; implements lightweight task list responses, a task details endpoint, server-side description validation, indexing migrations, instrumentation, and corresponding tests and docs across backend and frontend.

Changes

Cohort / File(s)	Summary of Changes
Architecture & Roadmap (new) Upgrade/task-management-architecture-analysis.md	New high‑level architecture analysis and phased roadmap (optimizations → Socket.IO → scaling) with proposed endpoints, events, DB/index guidance, performance targets, testing and risk plans.
Phase 1 docs & implementation steps Upgrade/tasks/phase1/*.md, Upgrade/tasks/phase1/01_Implementation steps/*, Upgrade/tasks/phase1/02_Implementation log/*, Upgrade/tasks/phase1/03_Implementation review/*, Upgrade/tasks/phase1/README.md, Upgrade/tasks/phase1/phase1-final-report.en.md	Added stepwise implementation docs, logs, validation reviews and final report covering Steps 01–09 (exclude_large_fields default, details endpoint, frontend services/hooks, modal lazy loading, server validation, DB migration, tests/benchmarks, deployment/monitoring).
Backend: APIs, services, schemas, middleware, errors, tests python/src/server/api_routes/tasks_api.py, python/src/server/api_routes/projects_api.py, python/src/server/services/projects/task_service.py, python/src/server/schemas/tasks.py, python/src/server/middleware/logging_middleware.py, python/src/server/utils/api_errors.py, python/src/server/main.py, python/tests/*, python/tests/conftest.py, python/pyproject.toml	New tasks router with GET /api/tasks/{task_id}/details; TaskService changes (get_task_details, list_tasks lightweight/stat behavior, MAX_DESCRIPTION_LENGTH, validation guards); added Pydantic schemas (TaskCreate/TaskUpdate) with 50k description limit; logging middleware adds req/resp byte headers; unified API error helpers; multiple backend tests and fixtures; pinned httpx <0.28.
Database migrations & tooling migration/07_add_archon_tasks_indexes.sql, migration/complete_setup.sql, migration/add_task_description_constraint.sql, migration/apply_task_constraint.py, migration/README_TASK_CONSTRAINT.md	New migration to create composite index on (project_id, status, task_order) (CONCURRENTLY for upgrades), updated complete_setup.sql for fresh installs, DB constraint migration and helper script for description length enforcement, and README for constraint application.
Frontend: services, hooks, lazy components, perf hook, tests archon-ui-main/src/features/projects/tasks/services/taskService.ts, archon-ui-main/src/features/projects/tasks/hooks/useTaskQueries.ts, archon-ui-main/src/features/projects/tasks/components/TaskEditModal.tsx, archon-ui-main/src/features/projects/tasks/components/TaskEditModalLazy.tsx, archon-ui-main/src/features/projects/tasks/components/index.ts, archon-ui-main/src/features/projects/tasks/TasksTab.tsx, archon-ui-main/src/hooks/usePerformanceMetrics.ts, archon-ui-main/src/App.tsx, archon-ui-main/test/**/*, archon-ui-main/tests/**/*	Added getTaskDetails and excludeLargeFields default in taskService; new useTaskDetails/useProjectTasks hooks and taskKeys; TaskEditModal lazy‑loading + guarded save; TaskEditModalLazy wrapper with preload; TasksTab switched to lazy modal; performance metrics hook integrated; frontend tests updated/added for services, hooks and modal behavior.
Docs & README updates README.md, docs/docs/getting-started.mdx	Added Task Indexes (Performance) guidance to Getting Started / README; minor formatting tweaks in README and docs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant FE as Frontend
  participant API as REST API
  participant DB as Database
  participant Cache as ETag/Cache

  Note over FE,API: Phase 1 — Lightweight list + ETag polling
  User->>FE: Open Tasks view
  FE->>API: GET /api/projects/{id}/tasks?exclude_large_fields=true (If-None-Match: etag)
  API->>Cache: Check ETag
  alt ETag fresh
    Cache-->>API: 304 Not Modified
    API-->>FE: 304
  else Miss / changed
    API->>DB: SELECT tasks (project_id, status ORDER BY task_order) [light fields]
    DB-->>API: rows
    API-->>FE: 200 + lightweight JSON (ETag)
  end

  Note over FE,API: Lazy details on demand
  User->>FE: Open Edit Modal (existing task)
  FE->>API: GET /api/tasks/{task_id}/details
  API->>DB: SELECT full task (includes description, sources, code_examples)
  DB-->>API: full row
  API-->>FE: 200 { task: ... }

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Fix critical token consumption issue in list endpoints (#488) #502 — Overlaps task-list surface changes (TaskService.list_tasks and payload exclusion flag) and related API behavior.
• refactor: Remove Socket.IO and implement HTTP polling architecture #514 — Related by shared changes to polling/real‑time strategy (ETag polling vs Socket.IO migration).
• POC: TanStack Query POC implementation #567 — Related frontend TanStack Query and hooks changes (taskKeys, useProjectTasks/useTaskDetails).

Suggested reviewers

• leex279
• tazmon95
• coleam00

Pre-merge checks (1 passed, 2 warnings)

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The current description does not adhere to the repository’s PR template: it omits the required “Changes Made” list, does not specify the “Type of Change” and “Affected Services” checkboxes, lacks a structured “Testing” section with checkboxes and “Test Evidence,” and is missing the “Checklist,” “Breaking Changes,” and “Additional Notes” headings. Without these sections, reviewers cannot easily verify the scope, impact, or validation steps of the changes.	Please restructure the description to match the provided template by adding a “Changes Made” list, selecting and marking the appropriate “Type of Change” and “Affected Services,” completing the “Testing” section with checkboxes and specific test commands under “Test Evidence,” and including the “Checklist,” “Breaking Changes,” and “Additional Notes” sections to guide reviewers.
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.42% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly conveys the primary change by highlighting a feature focused on Phase 1 performance and observability improvements, using a conventional commit prefix for clarity. It is concise and specific, avoiding extraneous details or vague terminology, and clearly indicates the main purpose of the pull request.

Poem

I thump my paws on specs so wide,
A roadmap’s trail I gladly guide—
From ETags’ hush to sockets’ cheer,
Pages, cursors, indexes near.
Carrot in paw, I plot each hop,
Real-time sprouts—no need to stop! 🥕

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (8)

Upgrade/task-management-architecture-analysis.md (8)

21-27: Fix markdownlint MD040: add language to fenced block.

Specify a language (use text) for the ASCII diagram.

-```
+```text
 Frontend (5s intervals) → HTTP API → Supabase → Full Task Data
      ↓                      ↓           ↓            ↓
 TanStack Query         FastAPI      PostgreSQL   All descriptions
 ETag Caching          projects_api    TEXT fields   every request
 Smart Polling         TaskService     No indexes    250KB+ payload

---

`51-57`: **Fix markdownlint MD040: add language to fenced block.**

Endpoints block should also declare a language.  


```diff
-```
+```text
 GET /api/projects/{id}/tasks     - Lists all tasks (with descriptions)
 GET /api/tasks/{id}              - Single task details
 POST /api/tasks                  - Create task
 PUT /api/tasks/{id}              - Update task
 DELETE /api/tasks/{id}           - Delete task

---

`115-122`: **Avoid redundant/ineffective indexes; define update strategy for FTS.**

- GIN tsvector index + separate btree on description is likely redundant; btree won’t help substring/FTS.  
- Later you add a stored search_vector without describing how it’s maintained. Prefer a generated column and index that doesn’t require triggers. Also use CONCURRENTLY for all online index builds.  


```diff
- CREATE INDEX CONCURRENTLY idx_archon_tasks_description_btree 
-   ON archon_tasks(description);
+ -- Drop the btree text index unless you have equality lookups on description.

- ALTER TABLE archon_tasks ADD COLUMN search_vector tsvector;
- CREATE INDEX idx_tasks_search_vector ON archon_tasks USING gin(search_vector);
+ ALTER TABLE archon_tasks
+   ADD COLUMN search_vector tsvector
+   GENERATED ALWAYS AS (to_tsvector('english', coalesce(description,''))) STORED;
+ CREATE INDEX CONCURRENTLY idx_tasks_search_vector
+   ON archon_tasks USING gin(search_vector);

If prefix/ILIKE search is needed, consider pg_trgm GIN/GIST. Otherwise, keep only the FTS GIN.

Also applies to: 292-301

---

155-158: Unify event naming (underscore vs colon).

Doc mixes task_created/task_updated and task:created/task:updated. Pick one convention and use it consistently across specs and examples.

-'task:created' | 'task:updated' | 'task:deleted'
+'task_created' | 'task_updated' | 'task_deleted'

(or adopt the colon style everywhere—just be consistent.)

Also applies to: 310-312

---

191-195: Clarify “0ms” latency claim.

“Instant (0ms)” is unrealistic and conflicts with later “<100ms”. Replace 0ms with <100ms.

- **Real-time Updates:** Instant (0ms vs 5000ms polling)
+ **Real-time Updates:** <100ms vs 5000ms polling

---

210-215: Note migration caveat for CONCURRENTLY.

State that CREATE INDEX CONCURRENTLY/ DROP INDEX CONCURRENTLY must run outside transaction blocks; configure your migration tool accordingly (e.g., Alembic: set transactional_ddl=False for that op).

I can add an Alembic snippet if useful.

---

168-171: Add UX guardrails for virtual scrolling.

Document preserving keyboard focus/aria relationships and estimating row size variability to avoid jumpy scroll.

Also applies to: 326-331

---

224-233: Add measurement plan ownership.

Name the owners and dashboards for KPIs (network KB/request, list response p95, socket event lag p95) so results are auditable.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 012d2c5 and 2593d0f.

📒 Files selected for processing (1)

• Upgrade/task-management-architecture-analysis.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

Upgrade/task-management-architecture-analysis.md

21-21: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

51-51: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (1)

Upgrade/task-management-architecture-analysis.md (1)

1-16: Strong, actionable doc.

Clear bottleneck analysis and phased plan. Good emphasis on backward-compatible rollout and measurable targets.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Align “remove descriptions from list endpoints” with backward compatibility.

Removing descriptions by default conflicts with “All existing APIs remain functional.” Make exclusion opt-in (query param) or behind a feature flag, or provide a new lightweight list endpoint.

- **Response Optimization:** Remove descriptions from list endpoints
+ **Response Optimization:** Default to legacy behavior; add `exclude_descriptions=true`
+ (feature-flagged default can switch later). Provide new `/api/tasks:summary`
+ for lightweight lists to avoid breaking existing clients.

Also applies to: 204-209

---

🏁 Script executed:

#!/bin/bash
set -e
# Search for backward compatibility statement
rg -n "All existing APIs remain functional" -C2 -n "Upgrade/task-management-architecture-analysis.md"
# Show lines 120 to 140 for context
sed -n '120,140p' "Upgrade/task-management-architecture-analysis.md"

Length of output: 909

---

Align description removal with backward compatibility
Change “Remove descriptions from list endpoints” to only exclude descriptions when exclude_descriptions=true (or behind a feature flag), keeping the default response unchanged. Provide a new /api/tasks/summary endpoint for clients needing lightweight lists.

🤖 Prompt for AI Agents

In Upgrade/task-management-architecture-analysis.md around lines 124 to 133,
update the API Optimizations section to preserve backward compatibility by
changing the blanket "Remove descriptions from list endpoints" to only omit
descriptions when clients pass exclude_descriptions=true or when a feature flag
is enabled, and add a note to introduce a new lightweight endpoint
/api/tasks/summary for clients that need description-free lists; specify default
behavior remains unchanged, document the new query parameter or feature flag
usage, and describe the purpose and contract of the /api/tasks/summary endpoint
for consumers.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Tighten Socket.IO security (CORS, authN/Z, room membership).

• cors_allowed_origins="*" is risky; restrict via config.
• Document authentication (JWT/cookie) and server-side project access checks before joining rooms.

-sio = socketio.AsyncServer(
-    async_mode='asgi',
-    cors_allowed_origins="*",
-    ping_timeout=60,
-    ping_interval=25
-)
+sio = socketio.AsyncServer(
+    async_mode='asgi',
+    cors_allowed_origins=os.getenv("SOCKETIO_ALLOWED_ORIGINS","https://app.example.com").split(","),
+    ping_timeout=60,
+    ping_interval=25
+)
 
 def create_socketio_app(app: FastAPI):
     return socketio.ASGIApp(sio, other_asgi_app=app)

Also specify: on connect, validate token; on room join, verify user’s membership in the requested project server-side.

Also applies to: 156-163

[0ui-labs]

Phase 1 – Performance & Observability summary and verification results

What changed

• Backend: Added logging for request/response sizes via Content‑Length and full stack traces for errors
• Frontend: Added a lightweight Performance API hook (Navigation/Server Timing) and integrated it into the app
• Docs: Added Phase‑1 final report (EN) and a deployment & monitoring runbook

Why it matters

• Lower latency and bandwidth, faster diagnostics during incidents, and a safer rollout process in beta

Verification

• Frontend: 42/42 tests passing (Vitest); production build succeeds
• Backend: 10/10 tests passing (Pytest essentials); app boots cleanly with enhanced logging
• Instrumentation: server logs now include duration_ms, req_bytes, resp_bytes; browser console shows [perf] NavigationTiming and ServerTiming entries

Migration & Rollout

• Database: Only non‑blocking operations; any index creation must use CREATE INDEX CONCURRENTLY and be executed outside transactions
• Runbook: See Upgrade/tasks/phase1/02_Implementation log/09-deployment-and-monitoring.protokoll.md for step‑by‑step deployment/monitoring and rollback

Notes for reviewers

• No breaking API changes; minimal surface‑area changes with clear observability benefits
• Follows beta guideline of failing loud with detailed errors; avoids storing corrupted/partial data

Suggested labels (for maintainers)

• performance, backend, frontend, docs, observability

[0ui-labs]

cc @coleam00 — Phase 1 performance & observability improvements are ready for review. Summary + verification details are in the PR description and the latest comment above. Happy to address any feedback quickly.

[0ui-labs]

Reviewer guide – fast validation for Phase 1 improvements

What to verify (3–5 minutes)

1. Server logging

   • Start backend (your usual method).

   • Hit any API endpoint (open the UI or curl /api/health).

   • Expect two info lines per request with sizes and timing:

     Example format (illustrative):

     • INFO Request GET /api/health | client=127.0.0.1 | req_bytes=0
     • INFO Response 200 /api/health | duration_ms=12 | resp_bytes=132

   • On errors, expect a single error log with full stack trace (exc_info).

2. Frontend performance signals

   • Open the app in the browser, DevTools → Console.
   • Expect entries like:
     • [perf] NavigationTiming { domInteractive: <ms>, domComplete: <ms> }
     • [perf] ServerTiming { name: <resource|navigation>, metric: <key>, duration: <ms> }

3. Docs presence

   • Final report (EN): Upgrade/tasks/phase1/phase1-final-report.en.md
   • Runbook: Upgrade/tasks/phase1/02_Implementation log/09-deployment-and-monitoring.protokoll.md

Non‑blocking migration policy

• Any new DB indexes must use CREATE INDEX CONCURRENTLY and be executed outside of transactions (no direct app writes of partial or corrupt state).

Acceptance checklist

• Backend logs show req_bytes and resp_bytes with duration_ms
• Frontend console shows NavigationTiming and (if provided) ServerTiming
• Errors produce detailed stack traces (no silent failures)
• Docs cover rollout and rollback (links above)

Optional quick commands

• Curl health: curl -i http://localhost:8181/api/health
• Open UI (dev): http://localhost:3737 and check DevTools Console
• Tail logs (compose): docker compose logs -f archon-server

Sample log lines (copy/paste expected shape)

INFO Request  POST /api/knowledge/search | client=127.0.0.1 | req_bytes=4281
INFO Response 200  /api/knowledge/search | duration_ms=146 | resp_bytes=18234
ERROR HTTP Error | POST /api/knowledge/search | status_code=500 | ...
Traceback (most recent call last):
  File "...", line ..., in ...
    ...

Lightweight benchmark template (fill during review if helpful)

• Payload size (avg): → bytes
• Latency P50/P95 (search): → ms
• Home nav domComplete: → ms

If you want, I can attach concrete numbers from a local run or provide a short screen recording of the signals in DevTools and server logs.

[coderabbitai]

Actionable comments posted: 29

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/docs/getting-started.mdx (1)

192-198: Replace all Socket.IO/WebSocket references with HTTP polling across documentation

• In docs/docs/getting-started.mdx (lines 192–198), update:

- **Real-time Updates**: Socket.IO-based live progress tracking
+ **Live Updates**: HTTP polling (1–2 s active ops, 5–10 s background) with ETag caching

• Run rg -nP 'Socket\.IO|WebSocket' docs/ README.md archon-ui-main and replace all remaining mentions to reflect the polling model.

🧹 Nitpick comments (78)

python/src/server/middleware/logging_middleware.py (2)

39-45: Good: request/response byte logging and stack traces; add request-id correlation.

Consider capturing an x-request-id (or similar) to correlate logs across hops.

Apply:

-        # Lightweight request/response size capture (header-based only)
-        req_size = request.headers.get("content-length", "unknown")
+        # Lightweight request/response size capture (header-based only)
+        req_size = request.headers.get("content-length", "unknown")
+        req_id = request.headers.get("x-request-id") or request.headers.get("x-correlation-id") or "n/a"
...
-        self.logger.info(
-            f"HTTP Request | method={request.method} | path={request.url.path} | client={request.client.host if request.client else 'unknown'} | req_bytes={req_size}"
-        )
+        self.logger.info(
+            f"HTTP Request | method={request.method} | path={request.url.path} | client={request.client.host if request.client else 'unknown'} | req_bytes={req_size} | req_id={req_id}"
+        )
...
-            self.logger.info(
-                f"HTTP Response | method={request.method} | path={request.url.path} | status_code={response.status_code} | duration_ms={round(duration * 1000, 2)} | resp_bytes={resp_size}"
-            )
+            self.logger.info(
+                f"HTTP Response | method={request.method} | path={request.url.path} | status_code={response.status_code} | duration_ms={round(duration * 1000, 2)} | resp_bytes={resp_size} | req_id={req_id}"
+            )
...
-            self.logger.error(
-                f"HTTP Error | method={request.method} | path={request.url.path} | error={str(e)} | duration_ms={round(duration * 1000, 2)}",
-                exc_info=True,
-            )
+            self.logger.error(
+                f"HTTP Error | method={request.method} | path={request.url.path} | error={str(e)} | duration_ms={round(duration * 1000, 2)} | req_id={req_id}",
+                exc_info=True,
+            )

Also applies to: 54-56, 65-70

---

132-134: Include stack traces in route-level errors for parity with middleware.

Add exc_info=True to LoggingRoute error logs.

-                logger.error(
-                    f"Endpoint: {endpoint_name} | duration_ms={round(duration * 1000, 2)} | status=error | error={str(e)}"
-                )
+                logger.error(
+                    f"Endpoint: {endpoint_name} | duration_ms={round(duration * 1000, 2)} | status=error | error={str(e)}",
+                    exc_info=True,
+                )

README.md (1)

216-216: Docs drift: Socket.IO vs. polling; ensure consistency across README.

The repo guidelines state polling hooks are the current pattern and Socket.IO is removed. README still references “WebSocket/Socket.IO” in multiple sections. Align wording to avoid user confusion.

I can prep a follow-up patch to:

• Replace “Socket.IO/WebSocket updates” with “HTTP polling (1–2s active, 5–10s background) with ETag”.
• Ensure the server port references consistently use 8181.
  Would you like me to open that PR?

migration/add_task_description_constraint.sql (1)

21-34: Avoid silent data loss: back up oversized descriptions before truncation.

Before UPDATE, snapshot violating rows to an audit table for recovery.

-        -- Truncate oversized descriptions (preserve first 49,997 chars + '...')
+        -- Backup violating rows, then truncate (preserve first 49,997 chars + '...')
+        CREATE TABLE IF NOT EXISTS archon_tasks_description_overflow_backup
+        AS TABLE archon_tasks WITH NO DATA;
+        INSERT INTO archon_tasks_description_overflow_backup
+        SELECT * FROM archon_tasks
+        WHERE description IS NOT NULL AND char_length(description) > 50000;
+
+        -- Truncate in-place
         UPDATE archon_tasks
         SET description = LEFT(description, 49997) || '...',
             updated_at = NOW()
         WHERE description IS NOT NULL 
         AND char_length(description) > 50000;

migration/07_add_archon_tasks_indexes.sql (1)

13-15: Consider a covering index to enable index-only scans.

Including id helps common “SELECT id … ORDER BY task_order” become index-only.

-CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_archon_tasks_project_status_order
-  ON archon_tasks(project_id, status, task_order);
+CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_archon_tasks_project_status_order
+  ON archon_tasks(project_id, status, task_order)
+  INCLUDE (id);

archon-ui-main/src/hooks/usePerformanceMetrics.ts (1)

40-57: Avoid @ts-expect-error with a type guard for serverTiming.

Minor TS cleanup; keeps console output identical.

-          // Server-Timing if present
-          // @ts-expect-error serverTiming may exist
-          const serverTiming = (entry as any).serverTiming as Array<{ name: string; description?: string; duration?: number }>|undefined;
-          if (serverTiming && serverTiming.length > 0) {
+          // Server-Timing if present
+          let serverTiming:
+            | Array<{ name: string; description?: string; duration?: number }>
+            | undefined;
+          if ("serverTiming" in (entry as any)) {
+            serverTiming = (entry as any).serverTiming;
+          }
+          if (Array.isArray(serverTiming) && serverTiming.length > 0) {

archon-ui-main/src/App.tsx (1)

77-79: Gate console perf logs in production to reduce noise.
Keep metrics best‑effort but consider sampling or an env flag inside the hook to suppress logs in prod.

migration/apply_task_constraint.py (1)

105-128: Fail fast with structured logs instead of prints; preserve stack traces.
Replace prints with logging and raise on fatal errors to align with backend guidelines.

-    try:
-        supabase = get_supabase_client()
-        print("Connected to Supabase successfully")
-    except Exception as e:
-        print(f"Failed to connect to Supabase: {e}")
-        sys.exit(1)
+    import logging
+    try:
+        supabase = get_supabase_client()
+        logging.info("Connected to Supabase successfully")
+    except Exception:
+        logging.exception("Failed to connect to Supabase")
+        sys.exit(1)

python/src/server/main.py (1)

216-221: Update advertised modules to reflect reality.
Add "tasks" and remove the deprecated "mcp-clients" to avoid confusion.

-        "modules": ["settings", "mcp", "mcp-clients", "knowledge", "projects"],
+        "modules": ["settings", "mcp", "knowledge", "projects", "tasks"],

archon-ui-main/test/tasks/TaskEditModal.test.tsx (1)

42-62: Optional: prefer userEvent over fireEvent for input to mimic real typing.
Improves realism and catches debounce/validation behavior.

python/tests/test_tasks_list_lightweight.py (1)

5-7: Remove unused FastAPI import.
Keep imports minimal in tests.

-from fastapi import FastAPI, Request, Response
+from fastapi import Request, Response

archon-ui-main/src/features/projects/tasks/TasksTab.tsx (1)

20-21: Optional: rename editingTask → selectedTask to match naming conventions.
Aligns with “selected[Resource]” guideline across features.

-  const [editingTask, setEditingTask] = useState<Task | null>(null);
+  const [selectedTask, setSelectedTask] = useState<Task | null>(null);
...
-  const openEditModal = (task: Task) => {
-    setEditingTask(task);
+  const openEditModal = (task: Task) => {
+    setSelectedTask(task);
     setIsModalOpen(true);
   };
...
-  const openCreateModal = () => {
-    setEditingTask(null);
+  const openCreateModal = () => {
+    setSelectedTask(null);
     setIsModalOpen(true);
   };
...
-  const closeModal = () => {
-    setEditingTask(null);
+  const closeModal = () => {
+    setSelectedTask(null);
     setIsModalOpen(false);
   };
...
-  <TaskEditModalLazy isModalOpen={isModalOpen} editingTask={editingTask} projectId={projectId} onClose={closeModal} />
+  <TaskEditModalLazy isModalOpen={isModalOpen} editingTask={selectedTask} projectId={projectId} onClose={closeModal} />

archon-ui-main/src/features/projects/tasks/hooks/useTaskQueries.ts (3)

33-39: Polish details query for smoother UX when switching tasks.

Consider preserving previous details data during task switches to avoid flicker, and align with the “clear failure” guidance by surfacing brief retries.

Apply:

 export function useTaskDetails(taskId?: string, opts?: { enabled?: boolean }) {
   return useQuery<Task>({
     queryKey: taskId ? taskKeys.details(taskId) : ["task-details-undefined"],
     queryFn: () => taskService.getTaskDetails(taskId!),
     enabled: !!taskId && (opts?.enabled ?? true),
     staleTime: 30_000,
+    keepPreviousData: true,
+    retry: 2,
   });
 }

---

145-156: Keep task details cache consistent after updates.

If an update changes description or other large fields, the details cache may become stale. Invalidate the details query alongside the list.

Apply:

     onSuccess: (data, { updates }) => {
       // Merge server response to keep timestamps and computed fields in sync
       queryClient.setQueryData<Task[]>(taskKeys.all(projectId), (old) =>
         old ? old.map((t) => (t.id === data.id ? data : t)) : old,
       );
       // Only invalidate counts if status changed (which affects counts)
       if (updates.status) {
         queryClient.invalidateQueries({ queryKey: projectKeys.taskCounts() });
         // Show toast for significant status changes
         showToast(`Task moved to ${updates.status}`, "success");
       }
+      // Refresh details if large fields may have changed
+      if (updates.description != null || updates.sources != null || updates.code_examples != null) {
+        queryClient.invalidateQueries({ queryKey: taskKeys.details(data.id) });
+      }
     },

---

194-197: Optional: also refetch the task list after delete for eventual consistency.

You optimistically remove the item, which is fine. Adding a list invalidation post-delete keeps parity with create.

Apply:

   onSettled: () => {
     // Always refetch counts after deletion
     queryClient.invalidateQueries({ queryKey: projectKeys.taskCounts() });
+    queryClient.invalidateQueries({ queryKey: taskKeys.all(projectId) });
   },

Upgrade/tasks/phase1/01_Implementation steps/05-task-edit-modal-lazy-loading.md (1)

12-16: Tighten acceptance criteria to gate by both modal open and valid ID.

Document the actual guard used in code to avoid accidental fetches when editingTask is unset.

Apply:

- - Existing task: triggers `useTaskDetails(taskId, { enabled: isModalOpen })`.
+ - Existing task: triggers `useTaskDetails(taskId, { enabled: isModalOpen && !!taskId })`.

python/tests/test_task_validation.py (3)

7-8: Avoid “magic number” duplication for MAX_LEN. Import the canonical constant.

Hardcoding 50_000 risks drift if server-side limits change. Import the single source of truth.

Apply:

-from src.server.schemas.tasks import TaskUpdate, TaskCreate
+from src.server.schemas.tasks import TaskUpdate, TaskCreate, MAX_DESCRIPTION_LENGTH
@@
-MAX_LEN = 50_000
+MAX_LEN = MAX_DESCRIPTION_LENGTH

---

10-20: Strengthen boundary test with a positive service assertion.

Given the boundary is allowed, asserting ok is True adds signal (if the mock client supports it).

Apply:

     svc = TaskService(supabase_client=mock_supabase_client)
-    ok, _ = await svc.update_task("abc123", {"description": "a" * MAX_LEN})
-    # Note: we won't assert ok because mock update returns minimal data; just ensure no exception
+    ok, _ = await svc.update_task("abc123", {"description": "a" * MAX_LEN})
+    assert ok is True

---

41-44: Mirror the null-acceptance test with an ok assertion.

This ensures service-level handling matches schema expectations.

Apply:

     svc = TaskService(supabase_client=mock_supabase_client)
-    ok, _ = await svc.update_task("abc123", {"description": None})
+    ok, _ = await svc.update_task("abc123", {"description": None})
+    assert ok is True

migration/complete_setup.sql (1)

399-409: Optional: consider a partial index for active tasks.

List queries exclude archived tasks via “archived IS NULL OR archived = FALSE”, which can’t use a plain btree well. A partial index can help if archived density is low.

Example (for fresh installs):

CREATE INDEX IF NOT EXISTS idx_archon_tasks_active_project_status_order
  ON archon_tasks(project_id, status, task_order)
  WHERE archived IS DISTINCT FROM TRUE;

python/tests/test_tasks_payload_benchmark.py (1)

36-62: Good payload guardrail; add a check that large fields are absent.

Ensures the “lightweight” contract is enforced, not just size.

Apply:

     body = resp.json()
     json_size = len(json.dumps(body))
@@
     assert isinstance(body, list)
     assert len(body) == 50
+    # Ensure large fields are omitted
+    assert "description" not in body[0]
+    assert "sources" not in body[0]
+    assert "code_examples" not in body[0]

python/tests/test_task_details_endpoint.py (2)

37-39: Assert error payload for 404

Strengthen the not-found test by asserting the standardized error detail.

Apply this diff:

 resp = client.get(f"/api/tasks/{task_id}/details")
 assert resp.status_code == 404
+body = resp.json()
+assert body.get("detail") == "Task not found"

---

41-68: Error logging test is robust; minor polish optional

Great use of monkeypatch to validate contextual logging. Consider also asserting that no stack trace is logged on service-returned errors (exc_info not set) if you decide to enforce that convention.

python/src/server/api_routes/tasks_api.py (1)

13-16: Unused logger

logger is defined but not used. Either use it for non-logfire logs or remove it.

-logger = get_logger(__name__)
+logger = get_logger(__name__)  # Use or remove

archon-ui-main/test/tasks/taskService.test.ts (1)

44-54: Also assert cache invalidation for counts on status update

updateTaskStatus invalidates /api/tasks/counts. Add an assertion to prevent regressions.

Apply this diff:

 expect(options?.body && JSON.parse(options.body as string)).toEqual({ status: 'doing' });
+
+// Counts cache should be invalidated on status change
+expect(invalidateETagCache).toHaveBeenCalledWith('/api/tasks/counts');

archon-ui-main/tests/tasks/components.TaskEditModal.test.tsx (1)

7-14: Use vi.importActual for module augmentation to avoid factory-arg pitfalls

Vitest’s recommended pattern avoids relying on a non-standard importOriginal arg.

Apply this diff:

-vi.mock('lucide-react', async (importOriginal) => {
-  const actual = await importOriginal<any>();
+vi.mock('lucide-react', async () => {
+  const actual = await vi.importActual<any>('lucide-react');
   return {
     ...actual,
     ChevronsUpDown: (props: any) => React.createElement('svg', props),
     Check: (props: any) => React.createElement('svg', props),
   };
 });

archon-ui-main/src/features/projects/tasks/components/TaskEditModalLazy.tsx (1)

47-63: Harden preloading listeners for SSR and auto-unsubscribe

Guard for SSR and use { once: true } so listeners auto-remove after preloading.

Apply this diff:

 useEffect(() => {
-  const handlePreload = () => setShouldPreload(true);
-  
-  // Find buttons that might trigger this modal
-  const triggerButtons = document.querySelectorAll('[data-preload-task-modal="true"]');
-  triggerButtons.forEach(btn => {
-    btn.addEventListener('mouseenter', handlePreload);
-    btn.addEventListener('focus', handlePreload);
-  });
+  if (typeof document === "undefined") return;
+  const handlePreload = () => setShouldPreload(true);
+  const opts = { once: true } as AddEventListenerOptions;
+  const triggerButtons = document.querySelectorAll('[data-preload-task-modal="true"]');
+  triggerButtons.forEach((btn) => {
+    btn.addEventListener("mouseenter", handlePreload, opts);
+    btn.addEventListener("focus", handlePreload, opts);
+  });
   
   return () => {
-    triggerButtons.forEach(btn => {
-      btn.removeEventListener('mouseenter', handlePreload);
-      btn.removeEventListener('focus', handlePreload);
-    });
+    triggerButtons.forEach((btn) => {
+      btn.removeEventListener("mouseenter", handlePreload);
+      btn.removeEventListener("focus", handlePreload);
+    });
   };
 }, []);

Upgrade/tasks/phase1/01_Implementation steps/03-frontend-service-layer.md (1)

12-15: Clarify acceptance criteria wording

Make the default explicit on the parameter name.

Apply this diff:

-- `getTasksByProject(projectId, true)` is default and excludes large fields (via query param).
+- `getTasksByProject(projectId, excludeLargeFields=true)` defaults to excluding large fields (via query param).

Upgrade/tasks/phase1/03_Implementation review/01-backend-exclude-large-fields-validation.md (2)

60-64: Fix markdownlint: add language to fenced code block

Silence MD040 by specifying a language.

Apply this diff:

-```
+```text
 ======================== 6 passed, 16 warnings in 0.58s ========================

---

`7-16`: **Optional: add English summary alongside German**

Consider a brief English summary to help non-German speakers scan validation results.

</blockquote></details>
<details>
<summary>archon-ui-main/tests/tasks/service.taskService.test.ts (1)</summary><blockquote>

`34-90`: **Consolidate duplicate service tests or unify mocking strategy**

You now have two taskService test suites: this file (fetch-spy) and `test/tasks/taskService.test.ts` (ETag helper mock). Consider consolidating to one approach to reduce maintenance and flakiness.


I can merge them to the ETag-mock style and keep a single suite under `test/tasks/` if you prefer.

</blockquote></details>
<details>
<summary>archon-ui-main/src/features/projects/tasks/hooks/tests/useTaskQueries.test.ts (3)</summary><blockquote>

`57-60`: **Nice: stable query key for task details.**

Consider also asserting the disabled/undefined-key behavior when `taskId` is missing for completeness.

---

`62-79`: **Solid happy-path coverage for details fetch.**

Optional: assert `result.current.fetchStatus === "idle" || "fetching"` as appropriate to be resilient across TanStack Query versions rather than relying only on `isSuccess`.

---

`81-91`: **Disabled query test is good; make it version-robust.**

In React Query v5, a disabled query has `fetchStatus: "idle"` and `status: "pending"`. Prefer asserting `fetchStatus` and lack of calls over `isLoading`.

</blockquote></details>
<details>
<summary>archon-ui-main/src/features/projects/tasks/components/TaskEditModal.tsx (4)</summary><blockquote>

`43-50`: **Naming: align error state with guidelines.**

Rename `isDetailsError` to `taskDetailsError` to follow `[resource]Error` convention; also consider `isTaskDetailsLoading` for symmetry.

Apply:

```diff
-    const {
-      data: taskDetails,
-      isLoading: isDetailsLoading,
-      isError: isDetailsError,
-      refetch: refetchDetails,
-    } = useTaskDetails(editingTask?.id, { enabled: isModalOpen && isEditingExisting });
+    const {
+      data: taskDetails,
+      isLoading: isTaskDetailsLoading,
+      isError: taskDetailsError,
+      refetch: refetchDetails,
+    } = useTaskDetails(editingTask?.id, { enabled: isModalOpen && isEditingExisting });

And update all subsequent references.

---

112-114: Loading state: improve a11y.

Add aria-live="polite" so screen readers announce the state.

-<div className="py-12 text-center text-muted-foreground">Loading task details...</div>
+<div className="py-12 text-center text-muted-foreground" aria-live="polite">Loading task details...</div>

---

116-121: Error state: include actionable context and a11y.

Mention the task ID and add aria-live. Keep logs/message specific per guidelines.

-  <div className="py-12 text-center space-y-3">
-    <p className="text-red-500">Failed to load task details.</p>
-    <Button variant="outline" onClick={() => refetchDetails()}>Retry</Button>
-  </div>
+  <div className="py-12 text-center space-y-3" aria-live="polite">
+    <p className="text-red-500">
+      Failed to load task details{editingTask?.id ? ` for task ${editingTask.id}` : ""}. Please check your connection and try again.
+    </p>
+    <Button variant="outline" onClick={() => refetchDetails()}>Retry</Button>
+  </div>

---

231-235: Disable logic is correct; update names after rename.

After renaming to isTaskDetailsLoading/taskDetailsError, update this expression accordingly.

-  disabled={
-    isSavingTask ||
-    !localTask?.title ||
-    (isEditingExisting && (isDetailsLoading || isDetailsError || !taskDetails))
-  }
+  disabled={
+    isSavingTask ||
+    !localTask?.title ||
+    (isEditingExisting && (isTaskDetailsLoading || taskDetailsError || !taskDetails))
+  }

Upgrade/tasks/phase1/phase1-final-report.en.md (4)

3-5: Owner attribution: prefer team/role over model name.

Replace “Augment Agent (GPT‑5)” with a neutral owner tag (e.g., “Augment Agent”) to avoid vendor/model churn in docs.

-Date: 2025‑09‑09  
-Owner: Augment Agent (GPT‑5)
+Date: 2025‑09‑09  
+Owner: Augment Agent

---

20-26: Back claims with pointers to implementation.

Add file/PR references where ETag handling and client metrics were implemented so readers can trace proof.

-- Efficient HTTP polling with ETag
-  - Polling endpoints support ETag/304 strategy.
+- Efficient HTTP polling with ETag
+  - Polling endpoints support ETag/304 strategy (see: python/src/server/middleware/logging_middleware.py and tasks list controller; add exact commit/line refs).

Please confirm the exact files/lines where ETag and If-None-Match are set/validated.

---

71-78: Test counts: include CI build link or artifact.

Numbers are helpful; link to the CI run or include the command/output snippet to make this verifiable.

Attach the latest CI URL and paste the summary block for frontend/backend test runs.

---

121-127: Outcome section: quantify with before/after metrics.

Add a small table with baseline vs. post‑Phase‑1 numbers (payload size, load time P50/P95, DB query timings) to substantiate the claims.

python/tests/conftest.py (5)

20-29: Define a dedicated NotFound subclass instead of aliasing to Exception.

Using Exception prevents precise exception handling (isinstance checks). Define a specific subclass to mirror docker.errors.NotFound.

-_docker_errors_stub = _types.ModuleType("docker.errors")
-setattr(_docker_errors_stub, "NotFound", Exception)
+_docker_errors_stub = _types.ModuleType("docker.errors")
+class _NotFound(Exception):
+    pass
+setattr(_docker_errors_stub, "NotFound", _NotFound)

---

42-57: Supabase stub is fine; ensure it doesn’t mask a real install unexpectedly.

The try/except ensures we only stub when missing. Consider also stubbing minimal sub-APIs you use (e.g., storage) to avoid AttributeError in import-time code paths.

-    supabase_stub.Client = _Client
-    supabase_stub.create_client = _dummy_create_client
+    supabase_stub.Client = _Client
+    supabase_stub.create_client = _dummy_create_client
+    supabase_stub.storage = _types.SimpleNamespace()  # minimal placeholder

---

64-74: Manage global patches lifecycle via a session-scoped fixture.

Starting patches at import time without a stop risks leakage if future tests rely on real implementations. Use a session fixture to start/stop cleanly.

-from unittest.mock import patch
-_global_patches = [
-    patch("supabase.create_client", return_value=mock_client),
-    patch("src.server.services.client_manager.get_supabase_client", return_value=mock_client),
-    patch("src.server.utils.get_supabase_client", return_value=mock_client),
-]
-
-for p in _global_patches:
-    p.start()
+from unittest.mock import patch
+
+@pytest.fixture(scope="session", autouse=True)
+def _global_patches_session():
+    patchers = [
+        patch("supabase.create_client", return_value=mock_client),
+        patch("src.server.services.client_manager.get_supabase_client", return_value=mock_client),
+        patch("src.server.utils.get_supabase_client", return_value=mock_client),
+    ]
+    for p in patchers: p.start()
+    yield
+    for p in reversed(patchers): p.stop()

---

90-118: Duplicate patch layers across autouse + client fixture.

prevent_real_db_calls patches the same targets later patched in client(). This layering can obscure failures. Consider removing overlaps and keeping one source of truth (prefer the client fixture).

---

167-193: Module reload pattern works; consider an app factory to drop reloads.

Reloading tasks_api and main on every client() adds overhead and may hide import-time side effects. If feasible, expose a create_app() to build the FastAPI app with dependencies injected/mocked.

Upgrade/tasks/phase1/03_Implementation review/05-task-edit-modal-lazy-loading-review.md (1)

86-90: Add a language to the fenced code block (markdownlint MD040).

Annotate this block as text to satisfy markdownlint.

-```
+```text
 Test Files  1 passed (1)
      Tests  3 passed (3)

</blockquote></details>
<details>
<summary>Upgrade/tasks/phase1/02_Implementation log/09-deployment-and-monitoring.protokoll.md (1)</summary><blockquote>

`88-92`: **Add operational guardrails to migration step.**

Recommend documenting statement_timeout/lock_timeout for safety, even with CONCURRENTLY, and advising off-peak execution windows.

Proposed doc snippet:

```diff
+- Before running CONCURRENTLY in production, set safe session limits:
+  - SET statement_timeout = '10min';
+  - SET lock_timeout = '15s';
+  - Execute during low write traffic.

Upgrade/tasks/phase1/02_Implementation log/07-db-migration.protokoll.md (1)

49-54: Document partial filter verification for archived.

Since services often filter archived IS NULL OR = FALSE, add a note to EXPLAIN that predicate to ensure index usage is still efficient.

Upgrade/tasks/phase1/01_Implementation steps/01-backend-exclude-large-fields.md (1)

21-31: Avoid suggesting selecting large JSONB to compute counts.

In lightweight mode, selecting sources/code_examples to derive counts defeats the purpose. Either omit stats entirely or expose counts via a view/RPC. Note in docs to avoid selecting those arrays in lightweight responses.

python/src/server/schemas/tasks.py (2)

2-2: Remove unused import.
Any is unused.

-from typing import Any

---

14-16: Tighten types for status/assignee/task_order.

Constrain status to allowed values and avoid Optional defaults where not needed.

+from typing import Literal
@@
-    status: str | None = "todo"
-    assignee: str | None = "User"
-    task_order: int | None = 0
+    status: Literal["todo", "doing", "review", "done"] = "todo"
+    assignee: str = "User"
+    task_order: int = 0

For TaskUpdate keep optionals, but constrain status:

-    status: str | None = None
+    status: Literal["todo", "doing", "review", "done"] | None = None

Upgrade/tasks/phase1/03_Implementation review/09-deployment-and-monitoring-review.md (1)

23-33: Consider streaming-response caveat.

Call out that resp_bytes may be unavailable for streaming/chunked responses and that middleware should skip size logging in those cases to avoid side effects.

python/src/server/services/projects/task_service.py (2)

266-282: Lightweight-mode stats block is dead code as fields aren’t selected.

Since sources/code_examples aren’t selected, stats will never be emitted. Either remove this block or compute counts via a view/RPC to keep payloads small.

-                else:
-                    # Lightweight mode: exclude large fields but include counts if available
-                    stats = {}
-                    src = task.get("sources")
-                    if isinstance(src, list):
-                        stats["sources_count"] = len(src)
-                    code = task.get("code_examples")
-                    if isinstance(code, list):
-                        stats["code_examples_count"] = len(code)
-                    if stats:
-                        task_data["stats"] = stats
+                # Lightweight mode: omit large-field-derived stats to avoid rehydrating arrays

---

327-340: Separate get_task_details entrypoint is fine.

Good for future extension. Consider adding exc_info=True in the except for stack traces.

-        except Exception as e:
-            logger.error(f"Error getting task details: {e}")
+        except Exception as e:
+            logger.error(f"Error getting task details: {e}", exc_info=True)
             return False, {"error": f"Error getting task details: {str(e)}"}

python/src/server/api_routes/projects_api.py (1)

631-638: Preserve None semantics for description on create.

Passing "" when the client sent null can conflate meanings and bloat payloads. Let None persist; the service already defaults/handles it.

-            description=request.description or "",
+            description=request.description,

Upgrade/tasks/phase1/02_Implementation log/06-server-side-validation.protokoll.md (2)

28-33: Avoid duplicate limits across layers.

Since schemas define MAX_DESCRIPTION_LENGTH, ensure services import the constant rather than redefining it (see service comment).

---

68-75: Add a quick negative-path test for API layer 422.

You mention model-level 422s; add a FastAPI-level test (even minimal) when the client body exceeds limits, to lock the contract.

Upgrade/tasks/phase1/02_Implementation log/01-backend-exclude-large-fields.protokoll.md (1)

72-79: Add lightweight telemetry to prove the ~95% reduction.

Include a tiny measurement plan (median/95th response size before/after for 50 tasks, plus 304 hit rate with ETags) and wire simple counters to logs.

I can draft a minimal metrics checklist if helpful.

Upgrade/tasks/phase1/01_Implementation steps/API-ERROR-CONTRACT.md (1)

89-93: Annotate fenced blocks with a language (markdownlint MD040).

Add a language to the REST path examples.

-```
+```http
 GET /projects/{project_id}/tasks
 POST /projects/{project_id}/tasks
 GET /projects/{project_id}/tasks/{task_id}

- +http
GET /tasks?project_id={project_id}
POST /tasks (with project_id in body)
GET /tasks/{task_id}

-```
+```http
Authorization: Bearer <token with project scope>
GET /tasks

Also applies to: 106-110, 122-126

</blockquote></details>
<details>
<summary>Upgrade/tasks/phase1/03_Implementation review/08-tests-and-benchmarks-review.md (1)</summary><blockquote>

`104-121`: **Use jsonc (or remove comments) in the JSON example.**

The example includes comments; switch the fence to jsonc to avoid invalid JSON.


```diff
-```json
+```jsonc
 // Lightweight list response
 [
   {

Upgrade/tasks/phase1/03_Implementation review/07-db-migration-validation.md (1)

72-74: Audit single-column index redundancy vs. query patterns.

Composite (project_id, status, task_order) covers many cases, but single-column status-only queries won’t benefit. Review usage before dropping them.

Run post-deploy:

SELECT indexrelid::regclass AS idx, idx_scan
FROM pg_stat_user_indexes
WHERE indexrelid::regclass IN (
  'idx_archon_tasks_project_status_order'::regclass,
  'archon_tasks_project_id_idx'::regclass,
  'archon_tasks_status_idx'::regclass,
  'archon_tasks_task_order_idx'::regclass
)
ORDER BY idx_scan DESC;

Upgrade/tasks/phase1/03_Implementation review/06-server-side-validation-review.md (1)

116-128: One unlabeled fenced block flagged by markdownlint.

Ensure every code fence has a language (e.g., bash, python).

Upgrade/tasks/phase1/02_Implementation log/03+04-frontend-service-layer.protokoll.md (1)

45-62: Expose excludeLargeFields toggle in useProjectTasks (optional).

Edge flows (e.g., admin list with previews) might want full payload. Consider an options param with {excludeLargeFields?: boolean} and default true.

python/src/server/utils/api_errors.py (3)

112-123: Add a 401 helper to complete the status coverage.

Contract documents 401; add an unauthorized_error() for consistency.

 def bad_request_error(
     message: str,
     error_code: str = "INVALID_REQUEST",
     context: Optional[Dict[str, Any]] = None
 ) -> APIError:
     """Create standardized 400 error."""
     return APIError(
         status_code=status.HTTP_400_BAD_REQUEST,
         error_code=error_code,
         detail=message,
         context=context
     )
+
+def unauthorized_error(message: str = "Authentication required") -> APIError:
+    """Create standardized 401 error."""
+    return APIError(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        error_code="AUTH_REQUIRED",
+        detail=message,
+    )

---

1-9: Optional: export public API.

Add all to make the public surface explicit and help static analysis.

 logger = logging.getLogger(__name__)
 
+__all__ = [
+    "APIError",
+    "not_found_error",
+    "validation_error",
+    "internal_error",
+    "forbidden_error",
+    "bad_request_error",
+    "unauthorized_error",
+]

---

39-46: Minor: resource name normalization.

not_found_error uppercases the input for error_code but uses the original casing in the message. Consider .capitalize() for the message for consistency.

Upgrade/tasks/phase1/02_Implementation log/02-api-tasks-details-endpoint.protokoll.md (5)

23-26: Define a stable JSON error schema and avoid stacktrace leakage.

Specify an error response model (problem+json), ensure stack traces are only logged (exc_info) and never returned.

Apply to the doc:

-  - Error handling:
-    - 200: `{ "task": { ... } }`
-    - 404: when task does not exist
-    - 500: internal errors, logging with `exc_info=True` via Logfire
+  - Error handling:
+    - 200: `{ "task": { ... } }`
+    - 404: `{ "type":"https://archon/errors/not-found", "title":"Not Found", "detail":"Task not found", "status":404 }`
+    - 500: `{ "type":"https://archon/errors/server-error", "title":"Internal Server Error", "status":500 }`
+  - Traces: stack traces logged with `exc_info=True` only; never included in responses.
+  - Content-Type: `application/problem+json` for non-2xx.

---

20-26: Add ETag/Last-Modified to details responses.

Align details endpoint with list caching; include validators for conditional GET (If-None-Match/If-Modified-Since).

-  - Route: `GET /api/tasks/{task_id}/details`
+  - Route: `GET /api/tasks/{task_id}/details`
+  - Caching: returns `ETag` and `Last-Modified`; supports `If-None-Match`/`If-Modified-Since` (304 on match).

---

39-47: Stabilize dependency bounds via constraints and Starlette pin.

Pin Starlette to a known-compatible version with httpx<0.28 and capture both in a constraints/lock to prevent drift.

-## 4) Dependency / Version Management (Professional Approach)
+## 4) Dependency / Version Management (Professional Approach)
+### Constraints
+- Add `uv` constraints (or `constraints.txt`) pinning:
+  - `httpx<0.28`
+  - `starlette==<compatible-version>`
+  - `fastapi==<compatible-version>`
+### Repro steps
 - `uv add --group server "httpx<0.28"`
 ...
 - `uv sync`
+### CI guard
+- Fail CI on accidental upgrades: `uv pip compile --quiet && git diff --exit-code` in a pre-test step.

---

49-52: Augment tests: assert no-trace leakage and correct content types.

Add assertions for content-type: application/problem+json in 404/500 and that body contains no internal exception strings.

-  - Cases: 200 (found), 404 (not found), 500 (error logging)
+  - Cases: 200 (found), 404 (not found), 500 (error logging)
+  - Plus: assert `application/problem+json` and absence of stack traces or debug messages in bodies.

---

82-86: Promote OpenAPI schema and structured fields to “Do now.”

Response models and structured fields (task_id, request_id, tenant_id) will streamline observability and client integration; worth including before rollout.

I can draft the OpenAPI schema snippets and logging field list if useful.

Upgrade/tasks/phase1/02_Implementation log/08-tests-and-benchmarks.protokoll.md (5)

33-35: Back-compat risk: bare list vs { tasks: [...] } wrapper.

Document contract change and migration plan (feature flag, alias route, or response-shape versioning) to avoid client breaks.

-  - The endpoint `GET /api/projects/{project_id}/tasks` returns a JSON list (not an object).
+  - API compatibility note: `GET /api/projects/{project_id}/tasks` now returns a bare JSON list.
+    - Migration: maintain `/v1/...` wrapper for N releases, introduce `/v2/...` bare list, or add `?shape=list|object`.

---

46-48: Large warning count masks regressions.

Triage or silence known warnings; consider -W error::DeprecationWarning for target modules to keep the signal high.

-- Result: 441 passed, 0 failed, 122 warnings
+- Result: 441 passed, 0 failed, 122 warnings
+  - Action: add `pytest.ini` filters for known noisy deps; treat project-local deprecations as errors.

---

71-75: Document stats schema and cap counts computation cost.

Define the optional stats shape and ensure counts are derived without fetching full arrays (DB-side counts).

-  - Resolution: Enhanced `TaskService.list_tasks` to add `stats.sources_count` and `stats.code_examples_count` ...
+  - Resolution: Enhanced `TaskService.list_tasks` to add:
+    - `stats: { sources_count: int, code_examples_count: int }`
+    - Counts computed via DB-side aggregations to avoid loading full arrays.

---

86-89: Include gzipped size and p95 payload sizes in evidence.

Report both raw and gzipped sizes; add p95 across several synthetic runs to catch variance.

-- The test passed in CI-like local run (`uv run pytest -q -v`).
+- The test passed locally. Also record:
+  - raw bytes and gzipped bytes
+  - p50/p95 across N=5 runs to account for serialization variance.

---

90-97: Add benchmark methodology appendix for reproducibility.

Briefly capture dataset seed, environment (CPU/RAM), and tooling versions to make results comparable in CI.

 ## Commands used
 ...
+## Benchmark methodology (appendix)
+- Synthetic dataset seed, machine specs, and versions (Python/node/fastapi/starlette/httpx) recorded to ensure reproducibility.

[coderabbitai]

🛠️ Refactor suggestion

Prevent clobbering user edits when details arrive.

This effect overwrites localTask after the user may have started typing, causing silent data loss. Gate hydration to run only if the user hasn’t edited, and only once.

Apply:

-    // When full details arrive for existing tasks, hydrate local state
-    useEffect(() => {
-      if (taskDetails && isEditingExisting) {
-        setLocalTask(taskDetails);
-      }
-    }, [taskDetails, isEditingExisting]);
+    // When full details arrive for existing tasks, hydrate local state (once, if user hasn't edited)
+    useEffect(() => {
+      if (!isEditingExisting || !taskDetails) return;
+      if (userEditedRef.current) return;
+      setLocalTask((prev) => (prev ? { ...taskDetails, id: prev.id } : taskDetails));
+      userEditedRef.current = true; // prevent re-hydration
+    }, [taskDetails, isEditingExisting]);

Outside this range, add:

// after localTask state
const userEditedRef = useRef(false);

And in all input handlers (title/description/feature/status/assignee/priority), set userEditedRef.current = true; before setLocalTask(...).

Example inside handlers:

```diff
-const handleTitleChange = useCallback((value: string) => {
-  setLocalTask((prev) => (prev ? { ...prev, title: value } : null));
-}, []);
+const handleTitleChange = useCallback((value: string) => {
+  userEditedRef.current = true;
+  setLocalTask((prev) => (prev ? { ...prev, title: value } : null));
+}, []);

🤖 Prompt for AI Agents

In archon-ui-main/src/features/projects/tasks/components/TaskEditModal.tsx
around lines 69 to 75, the useEffect hydrates localTask whenever
taskDetails/isEditingExisting change and can clobber user edits; add a
userEditedRef (useRef(false)) after the localTask state, change the hydration
effect to only setLocalTask(taskDetails) when userEditedRef.current is false and
ensure it runs only once for initial hydration (e.g., check a flag or set
userEditedRef to true after hydration), and update every input handler (title,
description, feature, status, assignee, priority) to set userEditedRef.current =
true before calling setLocalTask(...) so subsequent arrivals of taskDetails
won't overwrite user edits.

[coderabbitai]

🛠️ Refactor suggestion

URL param construction is correct; ensure cache invalidation matches the exact key.
Lists default to ?exclude_large_fields=true, but createTask invalidates only the base path. Add invalidation for the exact cached key to prevent stale lists.

-      invalidateETagCache(`/api/projects/${taskData.project_id}/tasks`);
+      // Invalidate both base and lightweight list keys
+      invalidateETagCache(`/api/projects/${taskData.project_id}/tasks`);
+      invalidateETagCache(`/api/projects/${taskData.project_id}/tasks?exclude_large_fields=true`);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	async getTasksByProject(projectId: string, excludeLargeFields = true): Promise<Task[]> {
	try {
	const tasks = await callAPIWithETag<Task[]>(`/api/projects/${projectId}/tasks`);
	const params = excludeLargeFields ? "?exclude_large_fields=true" : "";
	const tasks = await callAPIWithETag<Task[]>(`/api/projects/${projectId}/tasks${params}`);
	// inside your createTask mutation/service, after successfully creating the task
	// Invalidate both base and lightweight list keys
	invalidateETagCache(`/api/projects/${taskData.project_id}/tasks`);
	invalidateETagCache(
	`/api/projects/${taskData.project_id}/tasks?exclude_large_fields=true`,
	);

🤖 Prompt for AI Agents

In archon-ui-main/src/features/projects/tasks/services/taskService.ts around
lines 17-21, getTasksByProject always uses the query param
"?exclude_large_fields=true" by default but createTask only invalidates the base
"/api/projects/{projectId}/tasks" cache key; update createTask to also
invalidate the exact cached key that includes the query param (or
programmatically build the same key used by getTasksByProject) so both
"/api/projects/{projectId}/tasks" and
"/api/projects/{projectId}/tasks?exclude_large_fields=true" ETag/cache entries
are cleared after creating a task.

[coderabbitai]

🛠️ Refactor suggestion

Make constraint addition idempotent and low-lock.

Current ADD CONSTRAINT will fail if re-run and validates in a single step. Prefer guarding + NOT VALID + separate VALIDATE to reduce lock time on large tables.

-ALTER TABLE archon_tasks
-    ADD CONSTRAINT tasks_description_length_check
-    CHECK (description IS NULL OR char_length(description) <= 50000);
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_constraint
+    WHERE conname = 'tasks_description_length_check'
+      AND conrelid = 'archon_tasks'::regclass
+  ) THEN
+    ALTER TABLE archon_tasks
+      ADD CONSTRAINT tasks_description_length_check
+      CHECK (description IS NULL OR char_length(description) <= 50000)
+      NOT VALID;
+  END IF;
+END $$;
+
+-- Validate separately to minimize locking
+ALTER TABLE archon_tasks
+  VALIDATE CONSTRAINT tasks_description_length_check;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ALTER TABLE archon_tasks
	ADD CONSTRAINT tasks_description_length_check
	CHECK (description IS NULL OR char_length(description) <= 50000);
	DO $$
	BEGIN
	IF NOT EXISTS (
	SELECT 1 FROM pg_constraint
	WHERE conname = 'tasks_description_length_check'
	AND conrelid = 'archon_tasks'::regclass
	) THEN
	ALTER TABLE archon_tasks
	ADD CONSTRAINT tasks_description_length_check
	CHECK (description IS NULL OR char_length(description) <= 50000)
	NOT VALID;
	END IF;
	END $$;
	-- Validate separately to minimize locking
	ALTER TABLE archon_tasks
	VALIDATE CONSTRAINT tasks_description_length_check;

🤖 Prompt for AI Agents

In migration/add_task_description_constraint.sql around lines 41-44, the direct
ADD CONSTRAINT is not idempotent and runs validation in a single step (causing
failures on re-run and long locks); change to: 1) add the constraint only if it
doesn't exist inside a DO $$ BEGIN ... END $$ block using ALTER TABLE
archon_tasks ADD CONSTRAINT tasks_description_length_check CHECK (description IS
NULL OR char_length(description) <= 50000) NOT VALID; 2) then run a separate
conditional VALIDATE step (ALTER TABLE archon_tasks VALIDATE CONSTRAINT
tasks_description_length_check) only if the constraint exists and is not yet
validated (check pg_constraint.convalidated), so the migration is safe to re-run
and validation is done in a low-lock phase.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Unbounded full-table scan; no pagination; OOM/runtime risk on large datasets.
Selecting id, description for all rows will not scale and may miss rows due to implicit PostgREST limits. Compute length server-side or paginate.

High-level fix options:

• Preferred: add constraint NOT VALID, then validate after cleanup (avoids initial full scan).
• Or: paginate with range() and only fetch ids that need truncation via a DB-side filter.

Minimal paginated approach:

-def check_violations(supabase) -> Tuple[int, Optional[int]]:
+def check_violations(supabase) -> Tuple[int, Optional[int]]:
     """Check for existing descriptions that exceed the limit."""
-    try:
-        # Query for violations
-        result = supabase.table("archon_tasks").select("id, description").execute()
-        
-        violations = []
-        max_length = 0
-        
-        for task in result.data:
-            if task.get("description"):
-                desc_length = len(task["description"])
-                if desc_length > 50000:
-                    violations.append(task["id"])
-                    max_length = max(max_length, desc_length)
-        
-        return len(violations), max_length if violations else None
+    try:
+        batch = 1000
+        offset = 0
+        total = 0
+        max_length = 0
+        while True:
+            res = supabase.table("archon_tasks")\
+                .select("id,description")\
+                .range(offset, offset + batch - 1)\
+                .execute()
+            rows = res.data or []
+            if not rows:
+                break
+            for task in rows:
+                desc = task.get("description")
+                if desc and len(desc) > 50000:
+                    total += 1
+                    max_length = max(max_length, len(desc))
+            offset += batch
+        return total, (max_length if total > 0 else None)
     except Exception as e:
-        print(f"Error checking violations: {e}")
-        return 0, None
+        import logging
+        logging.exception("Error checking violations")
+        raise

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def check_violations(supabase) -> Tuple[int, Optional[int]]:
	"""Check for existing descriptions that exceed the limit."""
	try:
	# Query for violations
	result = supabase.table("archon_tasks").select("id, description").execute()
	violations = []
	max_length = 0
	for task in result.data:
	if task.get("description"):
	desc_length = len(task["description"])
	if desc_length > 50000:
	violations.append(task["id"])
	max_length = max(max_length, desc_length)
	return len(violations), max_length if violations else None
	except Exception as e:
	def check_violations(supabase) -> Tuple[int, Optional[int]]:
	"""Check for existing descriptions that exceed the limit."""
	try:
	batch = 1000
	offset = 0
	total = 0
	max_length = 0
	while True:
	res = supabase.table("archon_tasks") \
	.select("id,description") \
	.range(offset, offset + batch - 1) \
	.execute()
	rows = res.data or []
	if not rows:
	break
	for task in rows:
	desc = task.get("description")
	if desc and len(desc) > 50000:
	total += 1
	max_length = max(max_length, len(desc))
	offset += batch
	return total, (max_length if total > 0 else None)
	except Exception as e:
	import logging
	logging.exception("Error checking violations")
	raise

🤖 Prompt for AI Agents

In migration/apply_task_constraint.py around lines 24 to 41, the current code
performs an unbounded full-table select of id and description which can OOM or
miss rows due to PostgREST limits; change to avoid a full scan by either
(preferred) creating the NOT VALID constraint first and then running a
server-side validation after cleanup, or implement paginated fetching with
supabase.range(...) and a DB-side filter that computes length server-side (e.g.
using SQL/rlike or length(description) > 50000) so only violating ids are
returned per page; ensure you iterate pages until no more rows, collect ids to
truncate or validate, and handle rate/timeout and errors.

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

Row-by-row truncation via client; use a single SQL UPDATE and avoid pulling large payloads.
Current logic downloads and rewrites each description. Prefer DB-side update and count affected rows; also paginate if you keep client-side logic.

DB-side approach to print and run manually (safe and fast):

UPDATE archon_tasks
SET description = left(description, 49997) || '...'
WHERE description IS NOT NULL AND char_length(description) > 50000;

If retaining client-side truncation, at least select only ids and a small slice to check length, and paginate.

🤖 Prompt for AI Agents

In migration/apply_task_constraint.py around lines 46 to 66, the current
implementation fetches full descriptions and truncates row-by-row in the client,
which downloads large payloads and is inefficient; replace this with a single
DB-side UPDATE that truncates descriptions to 49997 characters and appends "..."
for rows where char_length(description) > 50000 and return the number of
affected rows, or if you must remain client-side, change the query to select
only ids and a small length indicator and iterate in paginated batches to avoid
pulling full text; ensure the function returns the affected row count and that
dry_run prints what would be changed without performing the DB UPDATE.

[coderabbitai]

⚠️ Potential issue

Fix typo in rollback step.

“backed” → “backend”.

Apply:

- - Indexes can remain; revert frontend/backed to previous versions if necessary
+ - Indexes can remain; revert frontend/backend to previous versions if necessary

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Rollback
	- Indexes can remain; revert frontend/backed to previous versions if necessary
	- Optional feature flag for details endpoint
	Rollback
	- Indexes can remain; revert frontend/backend to previous versions if necessary
	- Optional feature flag for details endpoint

🤖 Prompt for AI Agents

In Upgrade/tasks/phase1/01_Implementation steps/09-deployment-and-monitoring.md
around lines 31 to 34, fix the typo in the Rollback section by changing “backed”
to “backend” so the line reads “revert frontend/backend to previous versions if
necessary”; preserve surrounding punctuation and formatting.

[coderabbitai]

⚠️ Potential issue

FastAPI will nest your envelope under "detail" unless you add an exception handler.

Raising HTTPException with a dict detail yields {"detail": {...}}. To match the contract (top-level detail/error_code/context), add an exception handler for APIError.

Add this example to the spec:

from fastapi import FastAPI, Request
from fastapi.responses import JSONResponse
from python.src.server.utils.api_errors import APIError

def install_api_error_handler(app: FastAPI) -> None:
    @app.exception_handler(APIError)
    async def _api_error_handler(request: Request, exc: APIError):
        payload = exc.detail if isinstance(exc.detail, dict) else {"detail": str(exc.detail)}
        return JSONResponse(status_code=exc.status_code, content=payload)

Also consider a handler for RequestValidationError to emit the unified 422 envelope.

🤖 Prompt for AI Agents

In Upgrade/tasks/phase1/01_Implementation steps/API-ERROR-CONTRACT.md around
lines 131 to 183, the FastAPI example raises APIError using an HTTPException
with a dict detail which causes FastAPI to nest the envelope under a top-level
"detail" key, breaking the specified top-level contract; fix it by adding and
documenting an exception handler for APIError that unwraps exc.detail (or
converts it to {"detail": str(...)} if not a dict) and returns a JSONResponse
with exc.status_code and the unwrapped payload, and also add a handler or note
to normalize RequestValidationError responses to the unified 422 envelope.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Clarify auth/tenant isolation for the details endpoint.

Document and enforce how authentication and authorization are performed (e.g., 404-on-unauthorized vs 403) to avoid data leaks in multi-tenant projects.

Run to verify the router includes auth dependencies and hides unauthorized tasks:

---

🏁 Script executed:

#!/bin/bash
# Expect: auth dependency (e.g., Depends(get_current_user)) and tenant/project checks
rg -nC3 -g 'python/**' -P 'router\s*=\s*APIRouter|FastAPI|@router\.get\("/api/tasks/\{task_id\}/details".*\)'
rg -nC3 -g 'python/**' -P '\bDepends\(\s*get_current_user\s*\)'
rg -nC3 -g 'python/**' -P '\braise\s+HTTPException\(status_code=404\b.*unauth|not\s+found|visibility'

Length of output: 84424

---

Add auth dependency and tenant isolation to the details endpoint
In python/src/server/api_routes/tasks_api.py, update the GET /tasks/{task_id}/details handler to accept an authenticated user (e.g. current_user: User = Depends(get_current_user)) and verify the task belongs to that user’s tenant—raise 404 when the task isn’t found or isn’t visible to prevent cross-tenant leaks.

🤖 Prompt for AI Agents

In Upgrade/tasks/phase1/02_Implementation
log/02-api-tasks-details-endpoint.protokoll.md around lines 8 to 11: the GET
/tasks/{task_id}/details handler must require authentication and enforce tenant
isolation; update the FastAPI route in python/src/server/api_routes/tasks_api.py
to add a parameter current_user: User = Depends(get_current_user) (and import
Depends and get_current_user if missing), fetch the task as before but verify
task.tenant_id == current_user.tenant_id (or equivalent visibility check) and if
not equal or task not found raise HTTPException(status_code=404); keep existing
200 and 500 behavior and ensure no cross-tenant data is returned.

[coderabbitai]

🛠️ Refactor suggestion

Include created_at in the composite index to match ORDER BY.

Service queries order by task_order, created_at. Current index (project_id, status, task_order) may still require a sort on created_at. Add created_at as the 4th key to enable full index-order scans.

Suggested upgrade SQL:

-CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_archon_tasks_project_status_order
-  ON archon_tasks(project_id, status, task_order);
+CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_archon_tasks_proj_status_order_created
+  ON archon_tasks(project_id, status, task_order, created_at);

And in complete_setup.sql:

-CREATE INDEX IF NOT EXISTS idx_archon_tasks_project_status_order
-  ON archon_tasks(project_id, status, task_order);
+CREATE INDEX IF NOT EXISTS idx_archon_tasks_proj_status_order_created
+  ON archon_tasks(project_id, status, task_order, created_at);

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Don’t return tuples on validation failure—raise a typed API error.

Per guidelines, fail with a 422 exception rather than returning (False, error). Tie this to the unified error contract.

-if description is not None and isinstance(description, str) and len(description) > MAX_DESCRIPTION_LENGTH:
-    logger.error(f"Description too long | length={len(description)} > max={MAX_DESCRIPTION_LENGTH}")
-    return False, {"error": f"description exceeds {MAX_DESCRIPTION_LENGTH} characters"}
+if description is not None and isinstance(description, str) and len(description) > MAX_DESCRIPTION_LENGTH:
+    logger.error("Description too long | length=%d > max=%d", len(description), MAX_DESCRIPTION_LENGTH)
+    raise validation_error(
+        field="description",
+        message="Task description exceeds maximum length",
+        error_code="TASK_DESCRIPTION_TOO_LONG",
+        context={"max_length": MAX_DESCRIPTION_LENGTH, "provided_length": len(description)},
+    )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	```python
	if description is not None and isinstance(description, str) and len(description) > MAX_DESCRIPTION_LENGTH:
	logger.error(f"Description too long | length={len(description)} > max={MAX_DESCRIPTION_LENGTH}")
	return False, {"error": f"description exceeds {MAX_DESCRIPTION_LENGTH} characters"}
	```
	if description is not None and isinstance(description, str) and len(description) > MAX_DESCRIPTION_LENGTH:
	logger.error("Description too long | length=%d > max=%d", len(description), MAX_DESCRIPTION_LENGTH)
	raise validation_error(
	field="description",
	message="Task description exceeds maximum length",
	error_code="TASK_DESCRIPTION_TOO_LONG",
	context={"max_length": MAX_DESCRIPTION_LENGTH, "provided_length": len(description)},
	)

🤖 Prompt for AI Agents

In Upgrade/tasks/phase1/03_Implementation
review/06-server-side-validation-review.md around lines 55 to 59, the validator
returns a tuple (False, {...}) on failure; change this to raise the unified API
422 error instead. Replace the return with raising the project's typed
unprocessable entity exception (or an HTTP 422 exception) using the unified
error contract format (include the standardized error code/key and a clear
message like "description exceeds X characters" and any metadata such as actual
length and max). Ensure callers expect exceptions or the global handler maps
this typed exception to a 422 response.

[0ui-labs]

Local lightweight checks (ran on my machine)

Backend tests

• Command: uv run pytest -q tests/test_api_essentials.py -q
• Result: 10 passed, 11 warnings in 0.84s

Live server health probe

• Skipped for now: the backend requires SUPABASE_URL and SUPABASE_SERVICE_KEY at startup (fails fast by design). Without a running Supabase instance, the process exits before serving /api/health.

If you want me to capture real HTTP latency/size numbers next, I can:

• Start a local Supabase (docker) and boot the backend, then curl /api/health with -w to record time_total and size_download (takes ~2–3 minutes), or
• Point the server to your existing Supabase (you can DM sanitized .env values), or
• Run the checks in your environment and I’ll provide the exact one-liner to collect metrics.

One-liner for maintainers (if Supabase is available)

ARCHON_SERVER_PORT=8181 SUPABASE_URL=http://localhost:54321 \
SUPABASE_SERVICE_KEY="<service_key>" \
uv run python -m src.server.main & sleep 3 && \
curl -s -o /dev/null -w 'http_code=%{http_code}\ntime_total=%{time_total}\nsize_download=%{size_download}\n' \
http://127.0.0.1:8181/api/health; kill %+

[Wirasm]

Thanks for the contribution @0ui-labs

Could you please remove all the md files, and also explain the migration strategy and what changes you have made to the database?

[Wirasm]

I will close this, feel free to reopen it if you answer the above comment and fix merge conflicts.

Thank you for the contribution!