fix: resolve all critical runtime errors and bugs from audit

- Add COMPLETIONS_API_KEY to config.py (env var + auto-generated fallback) - Fix perplexity auto-search: upstream sends logprobs=true, parse_llama_stream_chunk extracts per-token logprobs, all_logprobs populated during streaming - Fix all /api/models endpoints to target LLAMA_SERVER_BASE (port 8081) not OLLAMA_BASE - Fix RAG embedding endpoint URL from port 11434 (Ollama) to 8081 (llama-server) - Correct misleading error messages: 'inference server' not 'Ollama' - Remove raw_results leak from SSE event stream in /api/search - Fix weather query extractor: pattern-match instead of unconditional suffix append - Escape FTS5 operator keywords (AND/OR/NOT/NEAR) in memory search - Move auth.py BODY_LIMIT_DEFAULT_BYTES imports to module level - Change RAG injection log level from warning to info - Fix all 8 test files after modular refactor (rewire imports from correct modules) - Update AGENTS.md and README.md to reflect v1.8.0 changes
2026-06-27 15:10:32 -07:00
parent 41a8708c0d
commit 193829b7ff
20 changed files with 457 additions and 896 deletions
--- a/tests/test_search_url_sanitization.py
+++ b/tests/test_search_url_sanitization.py
@@ -1,17 +1,17 @@
-import app as app_module
+from search import sanitize_outbound_url


 def test_sanitize_outbound_url_allows_http_https():
-    assert app_module.sanitize_outbound_url("https://example.com/path") == "https://example.com/path"
-    assert app_module.sanitize_outbound_url("http://example.com") == "http://example.com"
+    assert sanitize_outbound_url("https://example.com/path") == "https://example.com/path"
+    assert sanitize_outbound_url("http://example.com") == "http://example.com"


 def test_sanitize_outbound_url_blocks_unsafe_schemes():
-    assert app_module.sanitize_outbound_url("javascript:alert(1)") == ""
-    assert app_module.sanitize_outbound_url("data:text/html,evil") == ""
-    assert app_module.sanitize_outbound_url("file:///etc/passwd") == ""
+    assert sanitize_outbound_url("javascript:alert(1)") == ""
+    assert sanitize_outbound_url("data:text/html,evil") == ""
+    assert sanitize_outbound_url("file:///etc/passwd") == ""


 def test_sanitize_outbound_url_blocks_relative_and_empty():
-    assert app_module.sanitize_outbound_url("/relative/path") == ""
-    assert app_module.sanitize_outbound_url("") == ""
+    assert sanitize_outbound_url("/relative/path") == ""
+    assert sanitize_outbound_url("") == ""