Updated ARchon with latest code from main branch of Cole

[rohitmathur507]

Pull Request

Summary

Changes Made

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Code refactoring

Affected Services

• Frontend (React UI)
• Server (FastAPI backend)
• MCP Server (Model Context Protocol)
• Agents (PydanticAI service)
• Database (migrations/schema)
• Docker/Infrastructure
• Documentation site

Testing

• All existing tests pass
• Added new tests for new functionality
• Manually tested affected user flows
• Docker builds succeed for all services

Test Evidence

# Example: python -m pytest tests/
# Example: cd archon-ui-main && npm run test

Checklist

• My code follows the service architecture patterns
• If using an AI coding assistant, I used the CLAUDE.md rules
• I have added tests that prove my fix/feature works
• All new and existing tests pass locally
• My changes generate no new warnings
• I have updated relevant documentation
• I have verified no regressions in existing features

Breaking Changes

Additional Notes

Summary by CodeRabbit

• New Features

  • Added Azure OpenAI and AWS Bedrock as supported LLM/embedding providers
  • New Cloud Providers settings section for managing provider credentials (add/edit/delete, encrypted values)
  • Automatic provider switching when required provider credentials are configured

• Documentation

  • Updated setup docs and .env example to include Azure OpenAI and AWS Bedrock configuration and guidance

[coderabbitai]

Walkthrough

This PR adds Azure OpenAI and AWS Bedrock support across the stack: env/docs updates, UI for cloud provider credential management, DB migration entries for provider credentials, a new AWS Bedrock adapter and Azure embedding adapter, config and service changes to recognize providers, auto-switching provider logic on credential save, and boto3 dependency.

Changes

Cohort / File(s)	Summary
Configuration & Documentation \.env.example, README.md	Add Azure OpenAI and AWS Bedrock configuration examples and docs; minor README formatting tweaks.
Database Migration migration/complete_setup.sql	Insert cloud provider settings (Azure OpenAI keys/endpoint/version/deployment and AWS Bedrock access key/secret/region/model id) with encryption flags.
Frontend: Cloud Providers UI archon-ui-main/src/components/settings/CloudProvidersSection.tsx	New component: tabbed UI for Azure OpenAI/AWS Bedrock credentials with per-field state, masking/encryption handling, load/save/discard flows and validation.
Frontend: Settings Integration archon-ui-main/src/pages/SettingsPage.tsx	Integrate CloudProvidersSection into SettingsPage (collapsible card, icon).
Frontend: API Keys UI archon-ui-main/src/components/settings/APIKeysSection.tsx	Exclude cloud provider keys from generic API keys list; introduce dynamic per-credential editing UI, encryption/view toggles, add/delete, and bulk save/cancel.
Backend: Python Dependencies python/pyproject.toml	Add boto3>=1.34.0 dependency for AWS Bedrock support.
Backend: AWS Bedrock Adapter python/src/server/adapters/aws_bedrock_adapter.py, python/src/server/adapters/__init__.py	New AWS Bedrock adapter and package export: OpenAI-compatible chat/completions adapter and embedding adapter mapping Bedrock Converse/invoke_model responses to OpenAI-shaped responses.
Backend: Configuration python/src/server/config/config.py	Add azure_openai_* and aws_* environment fields and validators; load these from environment.
Backend: Credential & Provider Services python/src/server/services/credential_service.py, python/src/server/services/llm_provider_service.py, python/src/server/services/embeddings/embedding_service.py	Extend provider lists and resolution to include azure-openai and aws-bedrock; add AzureOpenAIEmbeddingAdapter; adapt API key/credential mapping, provider defaults, embedding model handling, and client creation (including boto3 Bedrock client path).
Backend: API Routes & Settings Logic python/src/server/api_routes/knowledge_api.py, python/src/server/api_routes/settings_api.py	Extend provider validation to cloud providers; add auto-switching logic in settings API to set LLM_PROVIDER/EMBEDDING_PROVIDER when saved credentials meet provider requirements; various formatting/logging refinements.
Other	Minor formatting, logging, and import reflows across several Python files; no signature-breaking public API removals.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CloudUI as CloudProvidersSection
    participant BackendAPI as Settings API
    participant CredentialsSvc as credentialsService

    User->>CloudUI: Open Settings
    CloudUI->>BackendAPI: GET /credentials
    BackendAPI-->>CloudUI: Return credentials (masked/encrypted flags)
    User->>CloudUI: Edit provider fields
    CloudUI->>CloudUI: Track hasChanges
    User->>CloudUI: Click Save Changes
    CloudUI->>CredentialsSvc: Create/Update credential entries
    CredentialsSvc->>BackendAPI: Persist credentials
    BackendAPI->>BackendAPI: Validate required fields for provider
    BackendAPI->>BackendAPI: Auto-set LLM_PROVIDER/EMBEDDING_PROVIDER if complete
    BackendAPI-->>CloudUI: Success
    CloudUI->>BackendAPI: Refresh credentials
    BackendAPI-->>CloudUI: Updated credentials

Loading

sequenceDiagram
    participant Client
    participant LLMSvc as llm_provider_service
    participant BedrockAdapter as AWSBedrockClientAdapter
    participant Bedrock as AWS Bedrock

    Client->>LLMSvc: get_llm_client("aws-bedrock")
    LLMSvc->>Bedrock: create boto3 bedrock client
    LLMSvc->>BedrockAdapter: wrap client
    Client->>BedrockAdapter: create(model, messages)
    BedrockAdapter->>BedrockAdapter: translate OpenAI → Bedrock
    BedrockAdapter->>Bedrock: invoke Converse API
    Bedrock-->>BedrockAdapter: response
    BedrockAdapter->>BedrockAdapter: normalize to OpenAI format
    BedrockAdapter-->>Client: OpenAI-compatible response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Areas needing extra attention:

• python/src/server/adapters/aws_bedrock_adapter.py: message translation, streaming rejection, thread-pool/async correctness.
• python/src/server/api_routes/settings_api.py: auto-switch provider logic and validation edge cases.
• archon-ui-main/src/components/settings/CloudProvidersSection.tsx & APIKeysSection.tsx: encrypted-value UX, state management, save/delete concurrency.
• python/src/server/services/llm_provider_service.py: provider client creation paths (Azure vs Bedrock) and embedding routing.

Possibly related PRs

• Feat:Openrouter/Anthropic/grok-support #231 — similar multi-provider support across credential, provider, and embedding service files.
• Feature/LLM-Providers-UI-Polished #736 — related credential/provider UI and EMBEDDING_PROVIDER wiring changes.
• Making API keys completely write only for the frontend #608 — changes to credentials UI/backend handling of encrypted keys and masking semantics.

Suggested labels

enhancement

Suggested reviewers

• coleam00
• leex279
• Wirasm

Poem

🐰 I hopped through code to add cloud delight,

Azure and Bedrock now shine in the light.
Keys tucked in secrets, UI cozy and neat,
Providers auto-switch with a confident beat.
A rabbit's small cheer for this multi-cloud feat 🥕☁️

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is entirely empty; all required sections (Summary, Changes Made, Type of Change, Affected Services, Testing, Checklist) contain only placeholders or are unchecked with no actual content provided.	Complete all required sections: provide a summary of what the PR accomplishes, list the specific changes, mark the change type and affected services, describe testing performed, and fill in the checklist with evidence.
Title check	❓ Inconclusive	The title is vague and generic, using a non-descriptive phrase 'latest code from main branch' that doesn't clearly convey the primary changes (adding Azure OpenAI and AWS Bedrock support).	Replace with a specific, descriptive title such as 'Add Azure OpenAI and AWS Bedrock cloud provider support' to accurately reflect the main changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rohitmathur507]

All ok!

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

archon-ui-main/src/components/settings/APIKeysSection.tsx (1)

152-167: Ensure renamed credentials delete the original key.

If someone renames an existing credential locally and then clicks Delete before saving, we end up calling the backend with the new key—which doesn’t exist yet—so the API returns 404 and the original credential survives. Delete should target the persisted key (originalKey when it differs). The diff below fixes the bug and keeps the toast accurate.

-        await credentialsService.deleteCredential(cred.key);
-        setCustomCredentials(customCredentials.filter((_, i) => i !== index));
-        showToast(`Deleted ${cred.key}`, 'success');
+        const keyToDelete =
+          cred.originalKey && cred.originalKey !== cred.key ? cred.originalKey : cred.key;
+        await credentialsService.deleteCredential(keyToDelete);
+        setCustomCredentials(customCredentials.filter((_, i) => i !== index));
+        showToast(`Deleted ${keyToDelete}`, 'success');

python/src/server/config/config.py (1)

239-334: Load AWS Bedrock env vars into EnvironmentConfig.

We introduced AWS Bedrock fields but never read the corresponding environment variables, nor pass them into EnvironmentConfig. As written, every AWS value stays None, so Bedrock can’t be configured and the new provider support breaks at runtime. Please pull the AWS_* env vars, run the provided validators, and include them in the returned dataclass.

-    # Azure OpenAI configuration (optional)
+    # Azure OpenAI configuration (optional)
     azure_openai_endpoint = os.getenv("AZURE_OPENAI_ENDPOINT")
     azure_openai_api_key = os.getenv("AZURE_OPENAI_API_KEY")
     azure_openai_api_version = os.getenv("AZURE_OPENAI_API_VERSION")
     azure_openai_deployment = os.getenv("AZURE_OPENAI_DEPLOYMENT")
+
+    # AWS Bedrock configuration (optional)
+    aws_access_key_id = os.getenv("AWS_ACCESS_KEY_ID")
+    aws_secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY")
+    aws_region = os.getenv("AWS_REGION")
+    aws_bedrock_model_id = os.getenv("AWS_BEDROCK_MODEL_ID")
@@
-    if azure_openai_api_version:
+    if azure_openai_api_version:
         validate_azure_openai_api_version(azure_openai_api_version)
+    if aws_access_key_id:
+        validate_aws_access_key_id(aws_access_key_id)
+    if aws_region:
+        validate_aws_region(aws_region)
@@
-        transport=transport,
-        azure_openai_endpoint=azure_openai_endpoint,
-        azure_openai_api_key=azure_openai_api_key,
-        azure_openai_api_version=azure_openai_api_version,
-        azure_openai_deployment=azure_openai_deployment,
+        transport=transport,
+        azure_openai_endpoint=azure_openai_endpoint,
+        azure_openai_api_key=azure_openai_api_key,
+        azure_openai_api_version=azure_openai_api_version,
+        azure_openai_deployment=azure_openai_deployment,
+        aws_access_key_id=aws_access_key_id,
+        aws_secret_access_key=aws_secret_access_key,
+        aws_region=aws_region,
+        aws_bedrock_model_id=aws_bedrock_model_id,
     )

🧹 Nitpick comments (1)

python/src/server/adapters/aws_bedrock_adapter.py (1)

262-267: Use get_running_loop() inside async code.

asyncio.get_event_loop() is deprecated in async contexts on Python 3.12. Switching to asyncio.get_running_loop() avoids deprecation warnings and is the recommended pattern.

-            loop = asyncio.get_event_loop()
+            loop = asyncio.get_running_loop()

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4ebdeda and 51dcc64.

📒 Files selected for processing (15)

• .env.example (1 hunks)
• README.md (5 hunks)
• archon-ui-main/src/components/settings/APIKeysSection.tsx (7 hunks)
• archon-ui-main/src/components/settings/CloudProvidersSection.tsx (1 hunks)
• archon-ui-main/src/pages/SettingsPage.tsx (2 hunks)
• migration/complete_setup.sql (1 hunks)
• python/pyproject.toml (2 hunks)
• python/src/server/adapters/__init__.py (1 hunks)
• python/src/server/adapters/aws_bedrock_adapter.py (1 hunks)
• python/src/server/api_routes/knowledge_api.py (43 hunks)
• python/src/server/api_routes/settings_api.py (9 hunks)
• python/src/server/config/config.py (7 hunks)
• python/src/server/services/credential_service.py (13 hunks)
• python/src/server/services/embeddings/embedding_service.py (17 hunks)
• python/src/server/services/llm_provider_service.py (39 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

archon-ui-main/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

archon-ui-main/src/**/*.{ts,tsx}: Frontend TypeScript must use strict mode with no implicit any
Use TanStack Query for all data fetching; avoid prop drilling
Use database values directly in the frontend; avoid mapping layers between BE and FE types

Files:

• archon-ui-main/src/components/settings/CloudProvidersSection.tsx
• archon-ui-main/src/pages/SettingsPage.tsx
• archon-ui-main/src/components/settings/APIKeysSection.tsx

python/src/**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

python/src/**/*.py: On service startup, missing configuration, DB connection failures, auth/authorization failures, critical dependency outages, or invalid/corrupting data: fail fast and bubble errors
For batch processing, background tasks, WebSocket events, optional features, and external API calls: continue processing but log errors (with retries/backoff for APIs)
Never accept or persist corrupted data; skip failed items entirely (e.g., zero embeddings, null FKs, malformed JSON)
Error messages must include operation context, IDs/URLs, use specific exception types, preserve full stack traces (logging with exc_info=True), and avoid returning None/null—raise exceptions instead; for batches report success counts and detailed failures
Backend code targets Python 3.12 and adheres to a 120 character line length
Use Ruff for linting (errors, warnings, unused imports) in backend code
Use Mypy for static type checking in backend code

Files:

• python/src/server/services/embeddings/embedding_service.py
• python/src/server/adapters/__init__.py
• python/src/server/services/credential_service.py
• python/src/server/adapters/aws_bedrock_adapter.py
• python/src/server/api_routes/settings_api.py
• python/src/server/api_routes/knowledge_api.py
• python/src/server/config/config.py
• python/src/server/services/llm_provider_service.py

🧠 Learnings (6)

📚 Learning: 2025-09-19T10:32:55.580Z

Learnt from: CR
Repo: coleam00/Archon PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-09-19T10:32:55.580Z
Learning: Applies to archon-ui-main/src/features/*/components/**/*.{ts,tsx} : Place new UI components under src/features/[feature]/components

Applied to files:

• archon-ui-main/src/components/settings/CloudProvidersSection.tsx
• archon-ui-main/src/pages/SettingsPage.tsx

📚 Learning: 2025-09-19T10:32:55.580Z

Learnt from: CR
Repo: coleam00/Archon PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-09-19T10:32:55.580Z
Learning: Applies to python/src/**/*.py : For batch processing, background tasks, WebSocket events, optional features, and external API calls: continue processing but log errors (with retries/backoff for APIs)

Applied to files:

• python/src/server/services/embeddings/embedding_service.py

📚 Learning: 2025-10-19T09:25:49.653Z

Learnt from: CR
Repo: coleam00/Archon PR: 0
File: archon-example-workflow/CLAUDE.md:0-0
Timestamp: 2025-10-19T09:25:49.653Z
Learning: Before any task management work, stop and check if the Archon MCP server is available

Applied to files:

• README.md

📚 Learning: 2025-08-20T19:38:04.097Z

Learnt from: Chillbruhhh
Repo: coleam00/Archon PR: 378
File: python/src/server/services/storage/document_storage_service.py:304-306
Timestamp: 2025-08-20T19:38:04.097Z
Learning: The archon_crawled_pages table in the Archon project has a table-level unique constraint on (url, chunk_number) defined inline in the CREATE TABLE statement in migration/complete_setup.sql at line 202, which allows upsert operations with on_conflict="url,chunk_number" to work properly without requiring additional migrations.

Applied to files:

• migration/complete_setup.sql

📚 Learning: 2025-08-20T19:38:04.097Z

Learnt from: Chillbruhhh
Repo: coleam00/Archon PR: 378
File: python/src/server/services/storage/document_storage_service.py:304-306
Timestamp: 2025-08-20T19:38:04.097Z
Learning: The archon_crawled_pages table in the Archon project has a table-level unique constraint on (url, chunk_number) defined inline in the CREATE TABLE statement in migration/complete_setup.sql at line 202, which allows upsert operations with on_conflict="url,chunk_number" to work properly.

Applied to files:

• migration/complete_setup.sql

📚 Learning: 2025-09-19T10:32:55.580Z

Learnt from: CR
Repo: coleam00/Archon PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-09-19T10:32:55.580Z
Learning: Applies to .env : Require SUPABASE_URL and SUPABASE_SERVICE_KEY in .env

Applied to files:

• .env.example

🧬 Code graph analysis (10)

archon-ui-main/src/components/settings/CloudProvidersSection.tsx (4)

archon-ui-main/src/features/shared/hooks/useToast.ts (1)

• useToast (26-32)

archon-ui-main/src/services/credentialsService.ts (1)

• credentialsService (604-604)

archon-ui-main/src/features/ui/primitives/card.tsx (1)

• Card (23-136)

archon-ui-main/src/features/ui/primitives/button.tsx (1)

• Button (11-130)

python/src/server/services/embeddings/embedding_service.py (4)

python/src/server/services/embeddings/embedding_exceptions.py (2)

• EmbeddingRateLimitError (61-72)
• EmbeddingAPIError (86-99)

python/src/server/services/llm_provider_service.py (2)

• get_llm_client (370-704)
• get_embedding_model (775-883)

python/src/server/services/credential_service.py (1)

• get_credentials_by_category (345-394)

python/src/server/services/threading_service.py (1)

• rate_limited_operation (459-479)

python/src/server/adapters/__init__.py (1)

python/src/server/adapters/aws_bedrock_adapter.py (1)

• AWSBedrockClientAdapter (18-280)

python/src/server/services/credential_service.py (1)

python/src/server/api_routes/settings_api.py (1)

• get_credential (146-191)

python/src/server/adapters/aws_bedrock_adapter.py (1)

python/src/server/config/logfire_config.py (1)

• get_logger (137-147)

python/src/server/api_routes/settings_api.py (1)

python/src/server/services/credential_service.py (4)

• get_credential (160-179)
• get_credential (620-622)
• set_credential (192-285)
• set_credential (625-635)

archon-ui-main/src/pages/SettingsPage.tsx (1)

archon-ui-main/src/components/settings/CloudProvidersSection.tsx (1)

• CloudProvidersSection (117-463)

archon-ui-main/src/components/settings/APIKeysSection.tsx (3)

archon-ui-main/src/services/credentialsService.ts (3)

• credentialsService (604-604)
• updateCredential (276-303)
• deleteCredential (331-346)

archon-ui-main/src/features/ui/primitives/button.tsx (1)

• Button (11-130)

archon-ui-main/src/features/ui/primitives/card.tsx (1)

• Card (23-136)

python/src/server/api_routes/knowledge_api.py (5)

python/src/server/services/embeddings/provider_error_adapters.py (2)

• ProviderErrorFactory (121-162)
• sanitize_provider_error (135-137)

python/src/server/utils/progress/progress_tracker.py (5)

• error (196-219)
• start (75-91)
• complete (166-194)
• get_progress (45-47)
• update (93-164)

python/src/server/services/credential_service.py (1)

• get_active_provider (451-555)

python/src/server/utils/document_processing.py (1)

• extract_text_from_document (158-221)

python/src/server/services/crawling/crawling_service.py (2)

• get_active_orchestration (47-51)
• unregister_orchestration (61-65)

python/src/server/services/llm_provider_service.py (3)

python/src/server/services/credential_service.py (4)

• get_credentials_by_category (345-394)
• get_active_provider (451-555)
• get_credential (160-179)
• get_credential (620-622)

python/src/server/adapters/aws_bedrock_adapter.py (1)

• AWSBedrockClientAdapter (18-280)

python/src/server/services/ollama/model_discovery_service.py (1)

• check_instance_health (958-1012)

🪛 ast-grep (0.39.7)

python/src/server/config/config.py

[warning] 165-175: A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. Use environment variables to securely provide credentials and other secrets or retrieve them from a secure vault or Hardware Security Module (HSM).
Context: jwt.decode(
supabase_key,
"",
options={
"verify_signature": False,
"verify_aud": False,
"verify_exp": False,
"verify_nbf": False,
"verify_iat": False,
},
)
Note: [CWE-798]: Use of Hard-coded Credentials [OWASP A01:2021]: Identification and Authentication Failures [REFERENCES]
https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html

(python-pyjwt-hardcoded-secret-python)

🪛 markdownlint-cli2 (0.18.1)

README.md

212-212: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (3)

python/pyproject.toml (1)

35-69: Dependency addition looks appropriate.

Bringing in boto3>=1.34.0 aligns with the new Bedrock adapters and keeps the server/all groups consistent. No concerns here.

python/src/server/adapters/__init__.py (1)

1-7: Good export surface.

Exposing AWSBedrockClientAdapter via __all__ keeps the package boundary clean and makes the adapter discoverable. Looks solid.

.env.example (1)

57-83: Nice guidance on cloud provider variables.

Calling out both Azure OpenAI and AWS Bedrock env vars (and nudging users toward the UI) makes onboarding smoother. Looks good.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

python/src/server/config/config.py (1)

340-351: AWS Bedrock fields missing from EnvironmentConfig constructor.

The AWS Bedrock fields are not being passed to the EnvironmentConfig constructor, even though they were added to the dataclass. After loading the AWS environment variables (see previous comment), they must be included in the returned configuration.

Add the AWS fields to the constructor after line 350:

         azure_openai_endpoint=azure_openai_endpoint,
         azure_openai_api_key=azure_openai_api_key,
         azure_openai_api_version=azure_openai_api_version,
         azure_openai_deployment=azure_openai_deployment,
+        aws_access_key_id=aws_access_key_id,
+        aws_secret_access_key=aws_secret_access_key,
+        aws_region=aws_region,
+        aws_bedrock_model_id=aws_bedrock_model_id,
     )

🧹 Nitpick comments (1)

python/src/server/config/config.py (1)

135-163: Consider dynamic AWS region validation.

The validator uses a hardcoded list of AWS regions, which may become stale as AWS frequently adds new regions, especially for Bedrock. While the validator allows non-standard regions (lines 159-161), consider documenting this list's maintenance requirements or fetching valid regions dynamically if boto3 is already a dependency.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 51dcc64 and 14e4dce.

📒 Files selected for processing (4)

• .env.example (1 hunks)
• README.md (3 hunks)
• python/pyproject.toml (2 hunks)
• python/src/server/config/config.py (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• .env.example
• python/pyproject.toml
• README.md

🧰 Additional context used

📓 Path-based instructions (1)

python/src/**/*.py

📄 CodeRabbit inference engine (AGENTS.md)

python/src/**/*.py: On service startup, missing configuration, DB connection failures, auth/authorization failures, critical dependency outages, or invalid/corrupting data: fail fast and bubble errors
For batch processing, background tasks, WebSocket events, optional features, and external API calls: continue processing but log errors (with retries/backoff for APIs)
Never accept or persist corrupted data; skip failed items entirely (e.g., zero embeddings, null FKs, malformed JSON)
Error messages must include operation context, IDs/URLs, use specific exception types, preserve full stack traces (logging with exc_info=True), and avoid returning None/null—raise exceptions instead; for batches report success counts and detailed failures
Backend code targets Python 3.12 and adheres to a 120 character line length
Use Ruff for linting (errors, warnings, unused imports) in backend code
Use Mypy for static type checking in backend code

Files:

• python/src/server/config/config.py