ulysses/src
Sheikh Rahat Mahmud 9180847c0e
feat(diagnostics): add consolidated service health endpoint for degraded-state reporting (#964)
* Add consolidated service health endpoint for degraded-state reporting

ROADMAP (High Priority) asks for "Better degraded-state reporting for
ChromaDB, SearXNG, email, ntfy, and provider probes." Until now there was no
single readout of which subsystems are actually working: /api/health is only a
liveness ping and each subsystem's signal lives in a different module, so a
misconfigured self-host install gives no consolidated picture.

This adds an admin-only GET /api/diagnostics/services endpoint backed by a new
src/service_health.py aggregator. Each subsystem reports a uniform
{name, status, detail, meta} where status is ok | degraded | down | disabled,
and the response rolls up an overall verdict (worst non-disabled status).

Probes are deliberately non-intrusive and safe to poll:
- ChromaDB: reads the .healthy flags on the RAG and memory vector stores.
- SearXNG: GET /healthz (2xx), falling back to the instance root (<500). No
  search query is run.
- ntfy: GET the server's built-in /v1/health. No test notification is sent.
- email: short IMAP connect+logout per configured account (no credentials in
  meta).
- providers: probe each enabled ModelEndpoint's model list (no api_key in meta).

Probe functions take their inputs as parameters and isolate the network call to
injectable callables, so they unit-test without touching the network (same
pattern as the merged provider-endpoint tests). Network probes run concurrently
off the event loop via asyncio.to_thread with bounded per-probe timeouts.

memory_vector is now passed into setup_diagnostics_routes (new optional param,
backward-compatible) so ChromaDB's vector-memory store can be reported too.

Tests: tests/test_service_health.py — 29 tests covering every status mapping
per subsystem, the overall rollup, and that no secrets leak into meta.

Verification:
  python -m pytest tests/test_service_health.py -q          # 29 passed
  python -m py_compile src/service_health.py routes/diagnostics_routes.py app.py
  python -m pytest tests/test_endpoint_resolver.py tests/test_provider_endpoints.py -q

Backend + tests only; an Admin/Settings UI badge that renders this endpoint is
a natural follow-up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(diagnostics): bound service-health wall-clock and redact secrets

Addresses review on #964.

Blocker 1 — genuinely bounded wall-clock:
- providers_health and email_health now fan out per-item probes across a
  bounded thread pool (_bounded_map) with a hard total budget (_FANOUT_BUDGET),
  instead of probing endpoints/accounts sequentially. Stragglers are reported
  as a controlled `timeout` and never block; the pool is shut down with
  wait=False so the response returns on time regardless of endpoint/account
  count.
- The IMAP connect path now honors the service-health budget: _imap_connect
  gained a pass-through `timeout` param and the probe calls it with
  _PROBE_TIMEOUT instead of the default 15s.
- collect_service_health runs the four network subsystems concurrently, each
  under a per-subsystem deadline (_SUBSYSTEM_DEADLINE), with an overall
  wait_for ceiling (_AGGREGATE_DEADLINE) as a backstop.

Blocker 2 — no secret/raw-error leakage in the response:
- _safe_url strips userinfo, query, and fragment from every URL surfaced in
  meta (searxng instance, ntfy base, provider name fallback), keeping only
  scheme/host/port/path.
- _classify_error maps every probe failure to a controlled category token
  (timeout, connection_refused, dns_error, tls_error, network_error,
  http_error, auth_or_protocol_error, …) — raw str(exception), which can embed
  credentialed URLs or server text, is never returned.

Tests (tests/test_service_health.py, +tests/test_diagnostics_service_route.py):
- URL userinfo/query redaction for searxng/ntfy/providers.
- secret-bearing exception strings map to categories and don't leak.
- multiple slow providers/accounts stay bounded (single + 25-endpoint cases).
- subsystems run concurrently; aggregate deadline yields a controlled result.
- route-level unauthenticated (401) / non-admin (403) / admin (200) coverage.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(diagnostics): isolate route tests so they don't leak module globals

The new route tests replaced src.service_health.collect_service_health and
routes.diagnostics_routes.require_admin via direct assignment, which persisted
for the rest of the pytest session. In CI's full alphabetical run that fake
collector (returning services=[]) leaked into the later collect_service_health
tests and failed them. Switch to monkeypatch.setattr so both are restored after
each test. No production code change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Alexandre Teixeira <111787685+alteixeira20@users.noreply.github.com>
2026-06-09 16:00:24 +01:00
..
agent_tools refactor(tools): migrate execution logic to src/agent_tools/ package with handler registry (#3435) 2026-06-09 14:35:36 +01:00
search refactor(search): make src analytics a service shim (#2264) 2026-06-04 18:57:24 +02:00
action_intents.py fix(calendar): route read requests to agent (#2452) 2026-06-05 09:24:04 +01:00
agent_loop.py fix(agent): scope skill index to owner (#2404) 2026-06-09 09:51:29 +02:00
agent_runs.py Handle incomplete detached agent streams 2026-06-01 16:54:11 +09:00
ai_interaction.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00
api_key_manager.py Stop API key save() from writing other providers' keys as plaintext (#1944) 2026-06-04 04:47:13 +01:00
app_helpers.py fix: inside_base_dir raises TypeError on a non-string path instead of failing closed (#1619) 2026-06-03 09:00:04 +09:00
app_initializer.py feat(memory): add provider interface (#72) 2026-06-04 16:26:11 +01:00
assistant_log.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
auth_helpers.py fix(auth): gate api tokens from user routes (#2992) 2026-06-07 12:55:01 +02:00
bg_jobs.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
bg_monitor.py Ignore non-string background stream deltas (#1549) 2026-06-03 14:11:45 +09:00
builtin_actions.py fix(memory): only delete memories the model explicitly drops in tidy (#3455) 2026-06-08 18:54:45 +02:00
builtin_mcp.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
caldav_sync.py fix(caldav): skip the prune when any object fails to parse (#3454) 2026-06-08 18:59:14 +02:00
caldav_writeback.py fix(caldav): disable redirects on the sync/write-back DAVClient (SSRF) (#2663) 2026-06-07 05:05:24 +01:00
chat_handler.py Scope vision model resolution by owner (#3009) 2026-06-07 12:39:02 +02:00
chat_helpers.py fix(chat): keep balanced trailing ')' when extracting URLs (#3406) 2026-06-08 21:33:29 +02:00
chat_processor.py Fix calendar routing and user-local time context (#408) 2026-06-04 13:20:04 +01:00
chatgpt_subscription.py Fix model endpoint route test regressions 2026-06-09 10:16:38 +09:00
chroma_client.py fix: ChromaDB unreachable blocks app startup for 30-60s (#326) (#476) 2026-06-01 22:22:41 +09:00
cleanup_service.py Replace cleanup service datetime.utcnow calls (#1494) 2026-06-03 14:14:27 +09:00
config.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
constants.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
context_budget.py feat: adapt agent_input_token_budget to the model context window (#1170) (#1230) 2026-06-03 00:13:53 +09:00
context_compactor.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00
cookbook_serve_lifecycle.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
copilot.py feat(provider): add GitHub Copilot provider with device-flow auth (#1480) 2026-06-04 21:13:14 +02:00
database.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
deep_research.py fix(research): avoid double split() call and potential IndexError (#2229) 2026-06-07 16:46:21 +02:00
document_actions.py fix: document tidy crashes on a duplicate with NULL timestamps (#1772) 2026-06-03 13:23:01 +09:00
document_processor.py fix(documents): restore PDF library metadata and preview (#2483) 2026-06-07 23:23:27 +02:00
email_thread_parser.py Ignore non-string email thread bodies (#1654) 2026-06-03 14:06:31 +09:00
embedding_lanes.py fix(embeddings): survive numpy embeddings when restoring a reset lane (#3410) 2026-06-09 10:40:17 +02:00
embeddings.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
endpoint_resolver.py fix(models): query v1 models for llama-server endpoints (#3380) 2026-06-09 01:09:02 +02:00
event_bus.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
exceptions.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
generated_images.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
goal_based_extractor.py fix(deep-research): wrap fetched webpage content in untrusted-context sandbox 2026-06-06 03:37:10 -06:00
integrations.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
llm_core.py feat(providers): add NVIDIA AI provider endpoint support (#3456) 2026-06-09 11:06:12 +02:00
markitdown_runtime.py fix: is_markitdown_format crashes on a non-string path (#1618) 2026-06-03 09:00:10 +09:00
mcp_manager.py feat: Add plan mode to the chat agent (#638) 2026-06-05 16:32:25 +02:00
mcp_oauth.py feat(mcp): add Streamable HTTP transport with OAuth 2.0 (#1033) 2026-06-05 02:40:52 +02:00
memory.py refactor(memory): canonicalize memory imports (#50) 2026-06-04 05:31:15 +01:00
memory_provider.py feat(memory): add provider interface (#72) 2026-06-04 16:26:11 +01:00
memory_vector.py fix: split Chroma embedding lanes (#3046) 2026-06-06 03:17:19 -06:00
model_context.py fix(models): query v1 models for llama-server endpoints (#3380) 2026-06-09 01:09:02 +02:00
model_discovery.py feat(platform): Add support for APFEL as part of the dependencies and models for the Cookbook. (#2657) 2026-06-07 17:28:02 +02:00
pdf_form_doc.py fix(forms): keep PDF-form export from dropping values when the label has '*' (#1407) 2026-06-03 14:24:07 +09:00
pdf_forms.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
pdf_runtime.py Show a clear message when PyMuPDF is missing 2026-06-01 18:27:17 +09:00
personal_docs.py Skip malformed personal keyword index rows 2026-06-03 13:42:05 +09:00
preset_manager.py fix(presets): persist presets atomically to avoid corruption on crash (#2169) 2026-06-08 19:16:37 +02:00
prompt_security.py fix(security): harden untrusted_context_message against delimiter spoofing (#3086) 2026-06-07 22:15:50 +01:00
rag_manager.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
rag_singleton.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
rag_vector.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
rate_limiter.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
readiness.py feat: add /api/ready readiness probe (DB, data dir, local-first) (#1200) 2026-06-02 23:33:22 +09:00
request_models.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
research_handler.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
research_utils.py Treat non-string research summaries as low quality 2026-06-03 13:42:24 +09:00
secret_storage.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
service_health.py feat(diagnostics): add consolidated service health endpoint for degraded-state reporting (#964) 2026-06-09 16:00:24 +01:00
session_actions.py fix(sessions): keep fresh chats during auto tidy (#1871) 2026-06-09 01:06:20 +01:00
session_search.py feat(search): unify session transcript search (#2877) 2026-06-05 18:08:31 -06:00
settings.py feat(reminders): add generic webhook as a fourth reminder channel (#2952) 2026-06-05 22:47:57 +02:00
settings_scrub.py Harden note reminder dispatch ownership (#2999) 2026-06-07 12:52:27 +02:00
task_endpoint.py Harden session endpoint owner scope (#1308) 2026-06-03 02:40:22 +09:00
task_scheduler.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00
teacher_escalation.py fix(presets): scope expand-prompt model resolution to owner (#3477) 2026-06-08 21:12:02 +02:00
text_helpers.py fix: normalize Gemma 4 thought-channel output (#2224) 2026-06-04 19:26:58 +02:00
tls_overrides.py Support extra CA bundle for private-CA LLM providers (#769) 2026-06-04 13:18:50 +01:00
tool_execution.py refactor(tools): migrate execution logic to src/agent_tools/ package with handler registry (#3435) 2026-06-09 14:35:36 +01:00
tool_implementations.py Cookbook UI: Ollama browser, advanced serve fold, API tokens form, diagnosis toolbar, polish 2026-06-09 09:46:19 +09:00
tool_index.py Fix remaining CI regressions 2026-06-09 10:21:56 +09:00
tool_parsing.py fix(agent): stop treating illustrative Markdown fences as tool calls for native function-calling models (#3356) 2026-06-08 22:25:28 +02:00
tool_policy.py fix(agent): enforce guide-only tool policy (#3088) 2026-06-06 18:48:24 -06:00
tool_schemas.py Prepare tested main sync cleanup 2026-06-09 09:34:42 +09:00
tool_security.py feat: Add plan mode to the chat agent (#638) 2026-06-05 16:32:25 +02:00
tool_utils.py refactor(tools): consolidate duplicated _truncate and get_mcp_manager into src/tool_utils (#3478) 2026-06-09 01:05:30 +02:00
topic_analyzer.py Topics: hydrate session history before analysis 2026-06-02 20:44:27 +09:00
upload_handler.py fix(upload): configure chat attachment size limit (#2439) 2026-06-07 22:42:24 +02:00
upload_limits.py refactor(uploads): centralize upload byte-limits in upload_limits.py (#3364) (#3518) 2026-06-09 01:24:30 +02:00
url_safety.py fix: check_outbound_url crashes on a truthy non-string URL (#1623) 2026-06-03 08:59:49 +09:00
url_security.py Reapply "Merge branch 'main' of github.com:pewdiepie-archdaemon/odysseus" 2026-06-03 22:47:00 +09:00
user_time.py Fix calendar routing and user-local time context (#408) 2026-06-04 13:20:04 +01:00
visual_report.py security: sanitize rendered research-report HTML (#364) 2026-06-04 13:42:49 +01:00
webhook_manager.py fix(webhooks): redact IPv6 addresses in sanitized error messages (#3038) 2026-06-07 04:55:33 +01:00
youtube_handler.py fix: youtube transcript formatter crashes on a non-dict segment (#1745) 2026-06-03 13:29:08 +09:00