- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass
Made-with: Cursor
- Modified the health endpoint to return "None" for AI availability when inference is not initialized, improving clarity on system status.
- Enhanced the test documentation to include handling of skipped tests, emphasizing the need for investigation before proceeding.
- Updated test assertions to ensure proper execution order and prevent premature engine initialization.
- Refactored test cases to streamline performance testing and improve readability, removing unnecessary complexity.
These changes aim to enhance the robustness of the health check and improve the overall testing framework.
Oleksandr Bezdieniezhnykh