- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass
Made-with: Cursor
- Add tests/test_az178_realvideo_streaming.py: integration test that validates
frame decoding begins while upload is still in progress using a real video fixture
- Add conftest.py: pytest plugin for per-test duration reporting
- Update e2e tests (async_sse, performance, security, streaming_video_upload, video)
and run-tests.sh for updated test suite
- Move AZ-178 task to done/; add data/ to .gitignore (StreamingBuffer temp files)
- Update autopilot state to step 12 (Security Audit) for new feature cycle
Made-with: Cursor
- Added `/detect/video` endpoint for true streaming video detection, allowing inference to start as upload bytes arrive.
- Introduced `run_detect_video_stream` method in the inference module to handle video processing from a file-like object.
- Updated media hashing to include a new function for computing hashes directly from files with minimal I/O.
- Enhanced documentation to reflect changes in video processing and API behavior.
Made-with: Cursor
- Introduced `AIAvailabilityStatus` class to manage the availability status of AI models, including methods for setting status and logging messages.
- Added `AIRecognitionConfig` class to encapsulate configuration parameters for AI recognition, with a static method for creating instances from dictionaries.
- Implemented enums for AI availability states to enhance clarity and maintainability.
- Updated related Cython files to support the new classes and ensure proper type handling.
These changes aim to improve the structure and functionality of the AI model management system, facilitating better status tracking and configuration handling.
- Updated various Cython files to explicitly cast types, enhancing type safety and readability.
- Adjusted the `engine_name` property in `InferenceEngine` and its subclasses to be set directly in the constructor.
- Modified the `request` method in `_SessionWithBase` to accept `*args` for better flexibility.
- Ensured proper type casting for return values in methods across multiple classes, including `Inference`, `CoreMLEngine`, and `TensorRTEngine`.
These changes aim to streamline the codebase and improve maintainability by enforcing consistent type usage.
- Modified the health endpoint to return "None" for AI availability when inference is not initialized, improving clarity on system status.
- Enhanced the test documentation to include handling of skipped tests, emphasizing the need for investigation before proceeding.
- Updated test assertions to ensure proper execution order and prevent premature engine initialization.
- Refactored test cases to streamline performance testing and improve readability, removing unnecessary complexity.
These changes aim to enhance the robustness of the health check and improve the overall testing framework.