Merged
Conversation
The plan_list handler existed in app.py but was never registered in http_server.py, so it was unreachable via the HTTP transport. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update all task_* references to plan_*, mark completed items (plan_list, signed tokens, rate limiting, tool rename), add new findings from code audit (dev-secret fallback, download rate limiting gap, missing plan_list tests, CORS default, no audit logging), and restructure the checklist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…raise Add section 4.10 documenting that internal variable names, request classes, helper functions, and backward-compat aliases still use the old task naming despite the external plan_* rename. Remove references to backward-compat aliases being a positive. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Break the 1843-line monolith into focused modules (db_setup, auth, db_queries, zip_utils, worker_fetchers, model_profiles, download_tokens, prompt_examples, schemas, handlers) and rewrite app.py as a thin re-export facade so all existing imports continue to work. Update test patch() paths to target the defining module (standard Python mocking practice). No behavioral changes; http_server.py unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The HTTP layer now auto-injects user_api_key from the X-API-Key header for plan_list, matching the existing plan_create pattern. The key is still required at runtime (handler returns USER_API_KEY_REQUIRED if absent) but callers no longer need to pass it explicitly in tool args. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mark app.py refactor and plan_list schema fix as done. Add new issue for test file naming (test_task_* → test_plan_*) and document the plan_list vs plan_create auth difference. Renumber open issues and update the quick-win checklist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The /tasks REST routes referenced in the evaluation do not exist in the codebase — http_server.py only exposes /mcp, /mcp/tools/call, and /download endpoints. Remove the stale proposal. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
plan_list now checks PLANEXE_MCP_REQUIRE_USER_KEY the same way plan_create does. When the key is not required and not provided, plan_list returns all tasks (no user scoping). _list_tasks_sync accepts user_id=None to support this. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… aliases Rename all internal Task* classes, _*_task_*_sync functions, and local task variables to use the plan prefix consistently. Remove all backward-compat aliases (Task*=Plan*, TASK_*_SCHEMA=PLAN_*_SCHEMA, handle_task_*=handle_plan_*) from mcp_cloud and mcp_local. Rename test files from test_task_* to test_plan_* and update patch targets. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a separate download rate limiter (_enforce_download_rate_limit) with its own bucket, configurable via PLANEXE_MCP_DOWNLOAD_RATE_LIMIT (default 10 req) and PLANEXE_MCP_DOWNLOAD_RATE_WINDOW_SECONDS (default 60s). Tighter than the MCP rate limit since responses are 700KB-6MB. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* main: docs: propose lobster museum stripe routing via PlanExe
Extend _enforce_body_size to check POST requests to /mcp/ in addition to /mcp/tools/call. Content-Length is only required on the REST endpoint since Streamable HTTP may use chunked encoding, but when present it is validated against MAX_BODY_BYTES on both paths. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
plan_file_info (cloud) and plan_download (local) now return an INVALID_ARGUMENT error instead of silently falling back to "report" when the caller passes an artifact value other than "report" or "zip". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cover: tool listed, returns tasks, empty result, limit clamping to [1,50], invalid API key, USER_API_KEY_REQUIRED when env requires key, no-key passthrough when not required, and default limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace magic number 100 with PROMPT_EXCERPT_MAX_LENGTH in db_queries.py. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Log every tool call at INFO level in handle_call_tool with tool name, result (ok/error/exception), and duration in milliseconds. Unknown tools are logged at WARNING level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
validate_api_key_secret() and validate_download_token_secret() now raise RuntimeError at startup when PLANEXE_MCP_REQUIRE_AUTH=true and the required environment variables are not set, preventing silent fallback to dev-mode secrets in production. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When AUTH_REQUIRED is true and PLANEXE_MCP_CORS_ORIGINS is unset, default to ["https://mcp.planexe.org", "https://home.planexe.org"] instead of ["*"]. Wildcard CORS is now only used in dev mode (PLANEXE_MCP_REQUIRE_AUTH=false). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ror codes Align external MCP field names with the plan_* tool naming convention. Renames response keys (task_id → plan_id, tasks → plans), error codes (TASK_NOT_FOUND → PLAN_NOT_FOUND, TASK_NOT_FAILED → PLAN_NOT_FAILED), event context (retry_of_task_id → retry_of_plan_id), and all user-facing description strings across mcp_cloud, mcp_local, tests, and docs. Internal function names, download URL paths, and legacy JSONB keys unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
HejEgonBot
added a commit
to VoynichLabs/PlanExe2026
that referenced
this pull request
Mar 8, 2026
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.