fix: resolve all critical runtime errors and bugs from audit

- Add COMPLETIONS_API_KEY to config.py (env var + auto-generated fallback)
- Fix perplexity auto-search: upstream sends logprobs=true, parse_llama_stream_chunk
  extracts per-token logprobs, all_logprobs populated during streaming
- Fix all /api/models endpoints to target LLAMA_SERVER_BASE (port 8081) not OLLAMA_BASE
- Fix RAG embedding endpoint URL from port 11434 (Ollama) to 8081 (llama-server)
- Correct misleading error messages: 'inference server' not 'Ollama'
- Remove raw_results leak from SSE event stream in /api/search
- Fix weather query extractor: pattern-match instead of unconditional suffix append
- Escape FTS5 operator keywords (AND/OR/NOT/NEAR) in memory search
- Move auth.py BODY_LIMIT_DEFAULT_BYTES imports to module level
- Change RAG injection log level from warning to info
- Fix all 8 test files after modular refactor (rewire imports from correct modules)
- Update AGENTS.md and README.md to reflect v1.8.0 changes

tests/test_ip_allowlist.py

@@ -3,48 +3,42 @@ from pathlib import Path
 
 from fastapi.testclient import TestClient
 
-import app as app_module
+import app
+import db
+from security import SESSIONS, PIN_ATTEMPTS, RATE_EVENTS, is_ip_allowed
 
 
 def make_client(tmp_path: Path) -> TestClient:
     os.environ["JARVISCHAT_ADMIN_PIN"] = "1234"
-    app_module.DB_PATH = tmp_path / "jarvischat-ip.db"
-    app_module.SESSIONS.clear()
-    app_module.PIN_ATTEMPTS.clear()
-    app_module.RATE_EVENTS.clear()
-    app_module.init_db()
-    return TestClient(app_module.app)
+    db.DB_PATH = tmp_path / "jarvischat-ip.db"
+    SESSIONS.clear()
+    PIN_ATTEMPTS.clear()
+    RATE_EVENTS.clear()
+    db.init_db()
+    return TestClient(app.app)
 
 
 def test_ip_helper_allows_local_defaults():
-    assert app_module.is_ip_allowed("127.0.0.1")
-    assert app_module.is_ip_allowed("192.168.1.10")
-    assert app_module.is_ip_allowed("10.0.0.42")
-    assert app_module.is_ip_allowed("172.16.1.2")
-    assert app_module.is_ip_allowed("testclient")
+    assert is_ip_allowed("127.0.0.1")
+    assert is_ip_allowed("192.168.1.10")
+    assert is_ip_allowed("10.0.0.42")
+    assert is_ip_allowed("172.16.1.2")
+    assert is_ip_allowed("testclient")
 
 
 def test_ip_helper_blocks_public_ip():
-    assert not app_module.is_ip_allowed("8.8.8.8")
+    assert not is_ip_allowed("8.8.8.8")
 
 
-def test_middleware_blocks_disallowed_ip(tmp_path: Path):
+def test_middleware_blocks_disallowed_ip(tmp_path: Path, monkeypatch):
+    monkeypatch.setattr(app, "get_client_ip", lambda _req: "8.8.8.8")
     with make_client(tmp_path) as client:
-        original_get_client_ip = app_module.get_client_ip
-        try:
-            app_module.get_client_ip = lambda _req: "8.8.8.8"
-            resp = client.post("/api/auth/guest")
-            assert resp.status_code == 403
-        finally:
-            app_module.get_client_ip = original_get_client_ip
+        resp = client.post("/api/auth/guest")
+        assert resp.status_code == 403
 
 
-def test_middleware_allows_local_ip(tmp_path: Path):
+def test_middleware_allows_local_ip(tmp_path: Path, monkeypatch):
+    monkeypatch.setattr(app, "get_client_ip", lambda _req: "192.168.50.109")
     with make_client(tmp_path) as client:
-        original_get_client_ip = app_module.get_client_ip
-        try:
-            app_module.get_client_ip = lambda _req: "192.168.50.109"
-            resp = client.post("/api/auth/guest")
-            assert resp.status_code == 200
-        finally:
-            app_module.get_client_ip = original_get_client_ip
+        resp = client.post("/api/auth/guest")
+        assert resp.status_code == 200