got 2 services talking to each other

[chrisaddy]

This pull request introduces major improvements to the development workflow, service architecture, and infrastructure security for the project. The most significant changes include new documentation for development commands and architecture, conversion of the datamanager and portfoliomanager services to FastAPI microservices with Docker deployment, enhanced Docker Swarm stack configuration, and improved infrastructure security through configurable network CIDRs. Additionally, permissions and settings for development tools have been updated for better automation and CI/CD support.

Why we moved from mise to mask

We migrated our task runner from mise
to mask
for a few key reasons:

Markdown as the source of truth
mask tasks live directly inside a Markdown file (maskfile.md). This means our task definitions are both executable and readable as documentation. Contributors can view and understand available commands without needing to learn a separate DSL or tool-specific config format.

Better integration with AI tooling (Claude Code, etc.)
Because mask tasks are defined in plain Markdown, they work naturally with AI code assistants like Claude Code. Tasks can be surfaced, explained, or modified inline as part of a conversation, rather than being hidden away in specialized TOML/YAML config.

Standard developer workflow
Markdown is already our default format for READMEs, docs, and design notes. Using mask keeps our developer workflow consistent and lowers the barrier for new contributors—everything looks and feels like standard documentation.

Lightweight and declarative
mask keeps tasks simple, self-documenting, and avoids over-engineering. We don’t need advanced dependency management from a task runner; instead, we value clarity and interoperability.

Documentation and Workflow Improvements

• Added CLAUDE.md to provide comprehensive guidance for Claude Code, including development commands, architecture overview, code standards, and deployment principles.
• Removed outdated AGENTS.md and updated its reference in CLAUDE.md to streamline documentation. [1] [2]

Microservice Architecture and Deployment

• Migrated datamanager and portfoliomanager services to FastAPI, updated their Dockerfiles for Python 3.12.10 and uv-based execution, and refactored their pyproject.toml dependencies for minimal, production-ready images. [1] [2] [3] [4] [5] [6]
• Added Docker Swarm stack.yml for orchestrating both services with health checks, networking, environment variables, and deployment strategies.

Infrastructure Security and Configuration

• Updated infrastructure/__main__.py to use configurable CIDRs for Swarm manager and cluster ports, reducing public exposure and improving security. [1] [2]
• Integrated Docker secrets management for Grafana admin password in infrastructure/stack.yml, replacing plaintext credentials with secure secret references. [1] [2]

Development Tooling and Permissions

• Expanded allowed tools and directories in .claude/settings.local.json for enhanced automation, including support for Flox, Pulumi, Docker, and SSH access.
• Added .claude/commands for CI, lint, and infrastructure management, enabling automated fixes and streamlined workflows. [1] [2] [3]
• Added gum to Flox manifest for improved CLI interactions.
• Created service-specific Claude settings for datamanager to support Docker Swarm operations and cross-service access.

Minor Code Cleanup

• Removed a commented-out line in mhsa_network.py for clarity.

Summary by CodeRabbit

• New Features
  • Introduced Datamanager and Portfoliomanager services with health endpoints and inter-service health checks.
• Infrastructure
  • Added Docker Swarm stack with replicated services, health checks, and shared overlay network.
  • Containerized services with production-ready images.
• Security
  • Restricted swarm management/cluster ports via configurable CIDR lists.
  • Migrated Grafana admin credentials to Docker secrets.
• Documentation
  • Added comprehensive developer guide and task manager documentation.
  • Added commands for CI, infrastructure, and lint workflows; removed outdated agent guide.
• Chores
  • Updated tooling permissions and environment packages.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Caution

Review failed

Failed to post review comments.

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5df48e6 and a00c7c5.

⛔ Files ignored due to path filters (3)

• .flox/env/manifest.lock is excluded by !**/*.lock
• infrastructure/uv.lock is excluded by !**/*.lock
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (22)

• .claude/commands/ci.md (1 hunks)
• .claude/commands/infrastructure.md (1 hunks)
• .claude/commands/lint.md (1 hunks)
• .claude/settings.local.json (1 hunks)
• .flox/env/manifest.toml (1 hunks)
• AGENTS.md (0 hunks)
• CLAUDE.md (0 hunks)
• CLAUDE.md (1 hunks)
• applications/datamanager/.claude/settings.local.json (1 hunks)
• applications/datamanager/Dockerfile (1 hunks)
• applications/datamanager/pyproject.toml (1 hunks)
• applications/datamanager/src/datamanager/main.py (1 hunks)
• applications/models/Dockerfile (1 hunks)
• applications/portfoliomanager/Dockerfile (1 hunks)
• applications/portfoliomanager/pyproject.toml (1 hunks)
• applications/portfoliomanager/src/portfoliomanager/main.py (1 hunks)
• applications/stack.yml (1 hunks)
• infrastructure/__main__.py (2 hunks)
• infrastructure/stack.yml (2 hunks)
• libraries/python/src/internal/mhsa_network.py (1 hunks)
• libraries/python/src/internal/tft_model.py (2 hunks)
• maskfile.md (1 hunks)

💤 Files with no reviewable changes (1)

• AGENTS.md

🧰 Additional context used

🧬 Code graph analysis (2)

applications/datamanager/src/datamanager/main.py (1)

applications/portfoliomanager/src/portfoliomanager/main.py (1)

• health_check (14-15)

applications/portfoliomanager/src/portfoliomanager/main.py (1)

applications/datamanager/src/datamanager/main.py (1)

• health_check (10-11)

🪛 LanguageTool

CLAUDE.md

[grammar] ~7-~7: There might be a mistake here.
Context: ...velopment Commands ### Core Development - Install dependencies: `mask developmen...

(QB_NEW_EN)

---

[grammar] ~8-~8: There might be a mistake here.
Context: ... python install(afterflox activate) - **Format code**: mask development python ...

(QB_NEW_EN)

---

[grammar] ~9-~9: There might be a mistake here.
Context: ...k development python format(uses ruff) - **Lint code**:mask development python li...

(QB_NEW_EN)

---

[grammar] ~10-~10: There might be a mistake here.
Context: ... lint(ruff with comprehensive ruleset) - **Run tests**:mask development python te...

(QB_NEW_EN)

---

[grammar] ~11-~11: There might be a mistake here.
Context: ...ment python test(pytest with coverage) - **Check for dead code**:mask development...

(QB_NEW_EN)

---

[grammar] ~12-~12: There might be a mistake here.
Context: ... development python dead-code(vulture) - **Run all quality checks**:mask developm...

(QB_NEW_EN)

---

[grammar] ~15-~15: There might be a mistake here.
Context: ... mask development quality ### Testing - Run tests with coverage: `uv run cover...

(QB_NEW_EN)

---

[grammar] ~16-~16: There might be a mistake here.
Context: ... Testing - Run tests with coverage: uv run coverage run --parallel-mode -m pytest && uv run coverage combine && uv run coverage report - Single test file: `uv run pytest appli...

(QB_NEW_EN)

---

[grammar] ~17-~17: There might be a mistake here.
Context: ...overage report- **Single test file**:uv run pytest applications/*/tests/test_.py- **Coverage output**: Available incoverag...

(QB_NEW_EN)

---

[grammar] ~20-~20: There might be a mistake here.
Context: ...ge.xml ### Infrastructure & Deployment - **Deploy infrastructure**:mask infrastru...

(QB_NEW_EN)

---

[grammar] ~21-~21: There might be a mistake here.
Context: ...Deployment - Deploy infrastructure: mask infrastructure base up - Teardown infrastructure: `mask infrast...

(QB_NEW_EN)

---

[grammar] ~22-~22: There might be a mistake here.
Context: ...base up- **Teardown infrastructure**:mask infrastructure base down - **Deploy applications**:mask application...

(QB_NEW_EN)

---

[grammar] ~23-~23: There might be a mistake here.
Context: ... base down - **Deploy applications**:mask applications up- **Test endpoints**:mask test` - **Check ...

(QB_NEW_EN)

---

[grammar] ~24-~24: There might be a mistake here.
Context: ... applications up- **Test endpoints**:mask test- **Check Docker contexts**:docker context...

(QB_NEW_EN)

---

[grammar] ~27-~27: There might be a mistake here.
Context: ...context ls ### Development Environment - **Environment manager**: Flox (flox activ...

(QB_NEW_EN)

---

[grammar] ~28-~28: There might be a mistake here.
Context: ...ox activateto enter development shell) - **Package manager**: uv (workspace witha...

(QB_NEW_EN)

---

[grammar] ~29-~29: There might be a mistake here.
Context: ...applications/* and libraries/python) - Python version: 3.12.10 (strict requir...

(QB_NEW_EN)

---

[grammar] ~34-~34: There might be a mistake here.
Context: ...ecture Overview ### Workspace Structure This is a UV workspace with multiple...

(QB_NEW_EN)

---

[grammar] ~37-~37: There might be a mistake here.
Context: ...ect configuration with workspace members - Applications (applications/*/): Micr...

(QB_NEW_EN)

---

[grammar] ~38-~38: There might be a mistake here.
Context: ...roservices deployed as Docker containers - datamanager: Data collection service (FastAPI on po...

(QB_NEW_EN)

---

[grammar] ~39-~39: There might be a mistake here.
Context: ...ollection service (FastAPI on port 8080) - portfoliomanager: Portfolio prediction service (FastAPI ...

(QB_NEW_EN)

---

[grammar] ~40-~40: There might be a mistake here.
Context: ...rediction service (FastAPI on port 8081) - models: ML model training and data processing ...

(QB_NEW_EN)

---

[grammar] ~41-~41: There might be a mistake here.
Context: ...l training and data processing workflows - Libraries (libraries/python/): Share...

(QB_NEW_EN)

---

[grammar] ~42-~42: There might be a mistake here.
Context: ...internal package with common utilities - Infrastructure (infrastructure/): Pu...

(QB_NEW_EN)

---

[grammar] ~45-~45: There might be a mistake here.
Context: ...brary (libraries/python/src/internal/) Core components used across applications...

(QB_NEW_EN)

---

[grammar] ~46-~46: There might be a mistake here.
Context: ...ore components used across applications: - ML Components: TFT models, LSTM/MHSA n...

(QB_NEW_EN)

---

[grammar] ~47-~47: There might be a mistake here.
Context: ...dels, LSTM/MHSA networks, loss functions - Data Types: Equity bars, datasets, clo...

(QB_NEW_EN)

---

[grammar] ~48-~48: There might be a mistake here.
Context: ...ars, datasets, cloud events, money types - Utilities: Date handling, data summari...

(QB_NEW_EN)

---

[grammar] ~51-~51: There might be a mistake here.
Context: ...a summaries ### Deployment Architecture - Local Development: Docker Swarm on loc...

(QB_NEW_EN)

---

[grammar] ~52-~52: There might be a mistake here.
Context: ...Development**: Docker Swarm on localhost - Production: Pulumi-managed cloud infra...

(QB_NEW_EN)

---

[grammar] ~53-~53: There might be a mistake here.
Context: ...d cloud infrastructure with Docker Swarm - Container Registry: DockerHub (`pocket...

(QB_NEW_EN)

---

[grammar] ~54-~54: There might be a mistake here.
Context: ...*: DockerHub (pocketsizefund/* images) - Monitoring: Grafana, Prometheus, Porta...

(QB_NEW_EN)

---

[grammar] ~55-~55: There might be a mistake here.
Context: ...toring**: Grafana, Prometheus, Portainer - Networking: Traefik reverse proxy with...

(QB_NEW_EN)

---

[grammar] ~58-~58: There might be a mistake here.
Context: ...s Encrypt TLS ### Service Communication - HTTP APIs: FastAPI applications with h...

(QB_NEW_EN)

---

[grammar] ~59-~59: There might be a mistake here.
Context: ...ations with health endpoints (/health) - Cloud Events: Standardized event forma...

(QB_NEW_EN)

---

[grammar] ~60-~60: There might be a mistake here.
Context: ...t format for inter-service communication - Docker Networks: Overlay networks (`pu...

(QB_NEW_EN)

---

[grammar] ~65-~65: There might be a mistake here.
Context: ...Code Standards ### Python Configuration - Formatter: Ruff (replaces black/isort)...

(QB_NEW_EN)

---

[grammar] ~66-~66: There might be a mistake here.
Context: ...Formatter**: Ruff (replaces black/isort) - Linter: Ruff with comprehensive rulese...

(QB_NEW_EN)

---

[grammar] ~67-~67: There might be a mistake here.
Context: ...ve ruleset (90+ rule categories enabled) - Type Checking: Pyright with relaxed im...

(QB_NEW_EN)

---

[grammar] ~68-~68: There might be a mistake here.
Context: ...: Pyright with relaxed import resolution - Testing: Pytest with strict configurat...

(QB_NEW_EN)

---

[grammar] ~69-~69: There might be a mistake here.
Context: ...ting**: Pytest with strict configuration - Coverage: Line coverage tracking with ...

(QB_NEW_EN)

---

[grammar] ~72-~72: There might be a mistake here.
Context: ...parallel execution ### Key Dependencies - Web Framework: FastAPI (consistent acr...

(QB_NEW_EN)

---

[grammar] ~73-~73: There might be a mistake here.
Context: ...**: FastAPI (consistent across services) - ML Stack: TinyGrad, NumPy, Polars - **...

(QB_NEW_EN)

---

[grammar] ~74-~74: There might be a mistake here.
Context: ... - ML Stack: TinyGrad, NumPy, Polars - Data: PyArrow, Polars for data process...

(QB_NEW_EN)

---

[grammar] ~75-~75: There might be a mistake here.
Context: ...a**: PyArrow, Polars for data processing - Cloud: Boto3, Azure libraries, Google ...

(QB_NEW_EN)

---

[grammar] ~76-~76: There might be a mistake here.
Context: ...Boto3, Azure libraries, Google Cloud SDK - Monitoring: Structlog for structured l...

(QB_NEW_EN)

---

[grammar] ~81-~81: There might be a mistake here.
Context: ...ADME, the team follows these principles: - Test in production - Always roll forward...

(QB_NEW_EN)

---

[grammar] ~93-~93: There might be a mistake here.
Context: ... ALPACA_API_KEY, ALPACA_API_SECRET, ALPACA_BASE_URL - EDGAR_USER_AGENT, DATA_BUCKET - POLYGON_API_KEY, `DU...

(QB_NEW_EN)

---

[grammar] ~94-~94: There might be a mistake here.
Context: ...ALPACA_BASE_URL - EDGAR_USER_AGENT, DATA_BUCKET - POLYGON_API_KEY, DUCKDB_ACCESS_KEY, DUCKDB_SECRET -...

(QB_NEW_EN)

---

[grammar] ~102-~102: There might be a mistake here.
Context: ...E - ## Common Workflow 1. **Setup**:flox activate && mise run python:install` 2. Develop: Make changes to application o...

(QB_NEW_EN)

---

[style] ~103-~103: Consider shortening or rephrasing this to strengthen your wording.
Context: ...ise run python:install` 2. Develop: Make changes to application or shared library code 3. *...

(MAKE_CHANGES)

---

[grammar] ~104-~104: There might be a mistake here.
Context: ...t(format, lint, test, dead code check) 4. **Local Deploy**:mask infrastructure bas...

(QB_NEW_EN)

---

[grammar] ~105-~105: There might be a mistake here.
Context: ...(deploys to both local and production) 5. **Test**:mask test` (validates service e...

(QB_NEW_EN)

---

[grammar] ~106-~106: There might be a mistake here.
Context: ...mask test` (validates service endpoints) 6. Monitor: Access Grafana, Portainer, or...

(QB_NEW_EN)

.claude/commands/ci.md

[style] ~13-~13: Consider using a different verb for a more formal wording.
Context: ...mask ci`) and automatically attempts to fix any issues that arise during: 1. **Qua...

(FIX_RESOLVE)

---

[grammar] ~15-~15: There might be a mistake here.
Context: ...* - Format, lint, and dead code analysis 2. Testing - Run complete test suite with...

(QB_NEW_EN)

---

[grammar] ~16-~16: There might be a mistake here.
Context: ... - Run complete test suite with coverage 3. Building - Build and validate applicat...

(QB_NEW_EN)

---

[grammar] ~19-~19: There might be a mistake here.
Context: ...tainers If any step fails, Claude will: - Analyze the error output - Identify the ...

(QB_NEW_EN)

---

[grammar] ~30-~30: There might be a mistake here.
Context: ...s. ## Implementation The command will: 1. Run mask ci to execute the full CI wor...

(QB_NEW_EN)

---

[grammar] ~33-~33: There might be a mistake here.
Context: ... 3. Automatically resolve common issues: - Code formatting violations - Linting ...

(QB_NEW_EN)

---

[grammar] ~34-~34: There might be a mistake here.
Context: ... issues: - Code formatting violations - Linting errors - Import/dependency pr...

(QB_NEW_EN)

---

[grammar] ~35-~35: There might be a mistake here.
Context: ...ormatting violations - Linting errors - Import/dependency problems - Test fai...

(QB_NEW_EN)

---

[grammar] ~36-~36: There might be a mistake here.
Context: ...g errors - Import/dependency problems - Test failures - Build/container issue...

(QB_NEW_EN)

---

[grammar] ~37-~37: There might be a mistake here.
Context: ...t/dependency problems - Test failures - Build/container issues 4. Re-run failed ...

(QB_NEW_EN)

---

[grammar] ~38-~38: There might be a mistake here.
Context: ...est failures - Build/container issues 4. Re-run failed steps after applying fixes...

(QB_NEW_EN)

.claude/commands/infrastructure.md

[grammar] ~12-~12: There might be a mistake here.
Context: ... action (up|down). Default to up. Then: - If up, run: `flox activate --mask infr...

(QB_NEW_EN)

---

[grammar] ~13-~13: There might be a mistake here.
Context: .... Default to up. Then: - If up, run: flox activate --mask infrastructure up - If down, run: `flox activate -- mask i...

(QB_NEW_EN)

maskfile.md

[grammar] ~127-~127: There might be a mistake here.
Context: ...ed successfully!" ``` ## infrastructure > Manage infrastructure deployments ### ba...

(QB_NEW_EN)

---

[grammar] ~129-~129: There might be a mistake here.
Context: ...nage infrastructure deployments ### base > Base infrastructure deployment #### up >...

(QB_NEW_EN)

---

[grammar] ~131-~131: There might be a mistake here.
Context: ...> Base infrastructure deployment #### up > Deploy complete infrastructure stack (Pu...

(QB_NEW_EN)

---

[grammar] ~351-~351: There might be a mistake here.
Context: ...SH config cleaned" ``` ### applications > Build and deploy application containers ...

(QB_NEW_EN)

---

[grammar] ~353-~353: There might be a mistake here.
Context: ...deploy application containers #### build > Build and push application Docker images...

(QB_NEW_EN)

---

[grammar] ~483-~483: There might be a mistake here.
Context: ...point testing completed" ``` ### health > Check Docker service health across all c...

(QB_NEW_EN)

---

[grammar] ~514-~514: There might be a mistake here.
Context: ...ult >/dev/null 2>&1 || true ``` ### all > Run complete test suite (endpoints + hea...

(QB_NEW_EN)

---

[grammar] ~529-~529: There might be a mistake here.
Context: ...lete test suite finished" ``` ## docker > Docker context and service management co...

(QB_NEW_EN)

---

[grammar] ~532-~532: There might be a mistake here.
Context: ...service management commands ### context > Switch Docker context between local and ...

(QB_NEW_EN)

---

[grammar] ~534-~534: There might be a mistake here.
Context: ...l and production environments #### local > Switch to local Docker swarm context ```...

(QB_NEW_EN)

---

[grammar] ~542-~542: There might be a mistake here.
Context: ...text ls | grep "*" ``` #### production > Switch to production Docker swarm contex...

(QB_NEW_EN)

---

[grammar] ~550-~550: There might be a mistake here.
Context: ...context ls | grep "*" ``` #### default > Switch back to default Docker context ``...

(QB_NEW_EN)

---

[grammar] ~557-~557: There might be a mistake here.
Context: ...ed to default context" ``` ### services > Docker swarm service management #### ls ...

(QB_NEW_EN)

---

[grammar] ~558-~558: There might be a mistake here.
Context: ...rvices > Docker swarm service management #### ls > List all Docker services with healt...

(QB_NEW_EN)

---

[grammar] ~559-~559: There might be a mistake here.
Context: ... Docker swarm service management #### ls > List all Docker services with health sta...

(QB_NEW_EN)

---

[grammar] ~624-~624: There might be a mistake here.
Context: ...ase try again." fi done ``` ### stack > Docker stack operations for infrastructu...

(QB_NEW_EN)

---

[grammar] ~625-~625: There might be a mistake here.
Context: ...ions for infrastructure and applications #### ls > List all deployed stacks ```bash ec...

(QB_NEW_EN)

---

[grammar] ~626-~626: There might be a mistake here.
Context: ... infrastructure and applications #### ls > List all deployed stacks ```bash echo "?...

(QB_NEW_EN)

---

[grammar] ~643-~643: There might be a mistake here.
Context: ...cations stack not deployed" ``` #### rm > Remove infrastructure and application st...

(QB_NEW_EN)

---

[grammar] ~702-~702: There might be a mistake here.
Context: ... Status check completed" ``` ## secrets > Manage Docker Swarm secrets for applicat...

(QB_NEW_EN)

---

[grammar] ~770-~770: There might be a mistake here.
Context: ... creation completed" ``` ## development > Python development tools and code qualit...

(QB_NEW_EN)

---

[grammar] ~775-~775: There might be a mistake here.
Context: ...velopment workflow commands #### install > Install Python dependencies using uv wit...

(QB_NEW_EN)

---

[grammar] ~803-~803: There might be a mistake here.
Context: ...matted successfully" ``` #### dead-code > Check for dead Python code using vulture...

(QB_NEW_EN)

---

[grammar] ~820-~820: There might be a mistake here.
Context: ...ead code check completed" ``` #### lint > Run comprehensive Python code quality ch...

(QB_NEW_EN)

---

[grammar] ~841-~841: There might be a mistake here.
Context: ...g completed successfully" ``` #### test > Run Python tests using Docker Compose wi...

(QB_NEW_EN)

---

[grammar] ~871-~871: There might be a mistake here.
Context: ...t/.python_coverage.xml" ``` ### quality > Run all code quality checks across the e...

(QB_NEW_EN)

---

[grammar] ~894-~894: There might be a mistake here.
Context: ... across environments ### infrastructure > View logs for infrastructure services (G...

(QB_NEW_EN)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Run Python tests
• GitHub Check: Run Python quality checks

Walkthrough

Adds Claude command docs (CI, infrastructure, lint), updates Claude permissions, introduces maskfile with end-to-end workflows, adds FastAPI services (datamanager, portfoliomanager) with Dockerfiles and a Swarm stack, adjusts Pulumi security groups and Grafana secret usage, tweaks flox env, and performs minor lint-only edits in libraries.

Changes

Cohort / File(s)	Summary
Claude Commands /.claude/commands/ci.md, /.claude/commands/infrastructure.md, /.claude/commands/lint.md	New docs defining /ci, /infrastructure (up
Claude Settings (Root) /.claude/settings.local.json	Reworked permissions allowlist: added broader Bash patterns (e.g., docker:, pulumi:, uv:*), removed several specific patterns and WebSearch; defaultMode unchanged.
Claude Settings (Datamanager app) /applications/datamanager/.claude/settings.local.json	New app-local permissions: allow Bash(cat:) and Bash(docker:); defaultMode acceptEdits.
Developer Docs /CLAUDE.md, /AGENTS.md	Added CLAUDE.md (developer workflow/architecture guide); removed AGENTS.md (Codex instructions).
Task Orchestration /maskfile.md	New maskfile with scripted flows for setup, dev, CI, infra up/down, app build/deploy, testing, logs, secrets, and status across local/production.
Env Manifest /.flox/env/manifest.toml	Added install entry: gum.pkg-path = "gum".
Datamanager Service /applications/datamanager/Dockerfile, /applications/datamanager/pyproject.toml, /applications/datamanager/src/datamanager/main.py	New FastAPI app with /health and /portfolio-check; Dockerfile using uv/uvicorn; pyproject switches to FastAPI stack (fastapi, structlog, uvicorn).
Portfoliomanager Service /applications/portfoliomanager/Dockerfile, /applications/portfoliomanager/pyproject.toml, /applications/portfoliomanager/src/portfoliomanager/main.py	New FastAPI app with /health and /datamanager/health (calls datamanager /portfolio-check via httpx); Dockerfile using uv/uvicorn; pyproject moves to explicit external deps.
Models Image /applications/models/Dockerfile	New base image placeholder: Python 3.12.10.
Applications Swarm Stack /applications/stack.yml	New Compose v3.8 stack: datamanager (8080) and portfoliomanager (8081), replicas, healthchecks, overlay network, envs, dependency.
Infrastructure: Pulumi /infrastructure/__main__.py	Added config-driven CIDR lists; applied to Swarm ports (2377/tcp, 7946/tcp+udp, 4789/udp).
Infrastructure: Stack /infrastructure/stack.yml	Moved Grafana admin password to external secret; updated env to use password file and declared secret.
Library Lint Cleanups /libraries/python/src/internal/mhsa_network.py, /libraries/python/src/internal/tft_model.py	Removed noqa/lint suppressions in comments; no functional changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User/Client
  participant PM as Portfoliomanager (FastAPI)
  participant DM as Datamanager (FastAPI)

  U->>PM: GET /datamanager/health
  PM->>DM: GET {DATAMANAGER_URL}/portfolio-check (timeout 5s)
  alt DM returns 200
    DM-->>PM: 200 OK
    PM-->>U: 200 OK {"datamanager_status":"healthy","status_code":200}
  else Non-200
    DM-->>PM: Non-200
    PM-->>U: 200 OK {"datamanager_status":"unhealthy","status_code":<code>}
  end
  opt Network/Error
    PM--xU: 503 Service Unavailable (HTTPException)
  end

Loading

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant C as Claude /ci Command
  participant M as mask ci
  participant Steps as Format/Lint/Test/Build

  Dev->>C: /ci
  C->>M: Run CI pipeline
  loop CI Steps
    M->>Steps: Execute next step
    alt Step fails
      Steps-->>M: Error output
      M-->>C: Failure details
      C->>C: Analyze root cause
      C->>M: Apply fix + retry step
      M->>Steps: Re-run failed step
    else Step passes
      Steps-->>M: Success
    end
  end
  M-->>C: All steps passed
  C-->>Dev: Report final CI status

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• converge to AGENTS.md for all agents #612 — Overlaps on Claude docs/settings changes and file renames between CLAUDE.md and AGENTS.md.
• Injected the Grafana admin password from a Pulumi secret and created … #557 — Also migrates Grafana admin password handling to secrets; aligns with stack.yml secret changes.
• Rebuild full application #485 — Touches datamanager FastAPI service and related Docker/pyproject setup similar to this PR.

Suggested labels

application, infrastructure, feature

Suggested reviewers

• forstmeier

Poem

Hop-hop! I wired two pods to chat,
One checks the other: “you good with that?”
Secrets tucked, the swarm’s in tune,
Mask casts spells from morn to noon.
CI fixes, retries—no slack!
(\/) Approved!
(••) Ship the stack!
/>🍃

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch simple-services

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[chrisaddy]

• fetch data back from s3 #624
• data manager port to rust #623
• got 2 services talking to each other #622 👈 (View in Graphite)
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

[Copilot]

Pull Request Overview

This pull request implements a complete infrastructure and application deployment overhaul, transitioning from Kubernetes/EKS to Docker Swarm with simplified local/production deployment through a unified task runner interface.

• Replaces complex Kubernetes infrastructure with lightweight Docker Swarm deployment
• Introduces task-based development workflow using maskfile commands
• Establishes two-service communication between DataManager (port 8080) and PortfolioManager (port 8081)

Reviewed Changes

Copilot reviewed 43 out of 48 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
pyproject.toml	Adds S105 exception for infrastructure secrets
maskfile.md	Comprehensive task runner with infrastructure deployment, testing, and management commands
libraries/python/src/internal/*.py	Code cleanup removing commented lines and obsolete TODOs
infrastructure/__main__.py	Complete rewrite from EKS-based to Lightsail/Docker Swarm infrastructure
infrastructure/*.py (deleted)	Removes complex Kubernetes, VPC, and API Gateway configurations
infrastructure/stack.yml	Docker Swarm infrastructure services (Traefik, Prometheus, Grafana)
applications/*/	New FastAPI-based microservices with Dockerfiles and inter-service communication

Comments suppressed due to low confidence (1)

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[graphite-app]

Graphite Automations

"Assign author to pull request" took an action on this PR • (08/27/25)

1 assignee was added to this PR based on John Forstmeier's automation.

[forstmeier]

Mostly a couple minor requests/double-checks on stuff. Plus let me know what your plan for Mask is.

[forstmeier]

I wasn't able to get unit tests to run on applications/ stuff without these.

[forstmeier]

Is this going to replace Mise? Only nitpicks are I'm not a fan of the emojis and I think there's some unnecessary stuff (e.g. "ACME") in there. I didn't do a deep review of this but I know we looked at Mask a while ago.

[forstmeier]

Also, if we’re replacing Mise all of those resources should be gutted. I’m fine swapping a tool so long as it doesn’t slow me down if you’re offline for a while.

[chrisaddy]

removed emojis and ACME stuff

difference between mise and mask should be minimal, everything is under mask --help