Merge pull request #152 from rostilos/1.5.3-rc

1.5.3 rc

Author: rostilos

deployment/build/development-build.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+
+MCP_SERVERS_JAR_PATH="java-ecosystem/mcp-servers/vcs-mcp/target/codecrow-vcs-mcp-1.0.jar"
+PLATFORM_MCP_JAR_PATH="java-ecosystem/mcp-servers/platform-mcp/target/codecrow-platform-mcp-1.0.jar"
+FRONTEND_DIR="frontend"
+FRONTEND_BRANCH="${FRONTEND_BRANCH:-main}"
+JAVA_DIR="java-ecosystem"
+DOCKER_PATH="deployment"
+CONFIG_PATH="deployment/config"
+
+cd "$(dirname "$0")/../../"
+
+echo "--- 1. Ensuring frontend submodule is synchronized ---"
+# if [ -d "$FRONTEND_DIR" ] && [ ! -f "$FRONTEND_DIR/.git" ]; then
+#    echo "Stale frontend directory detected (not a submodule). Removing and re-initializing..."
+#    rm -rf "$FRONTEND_DIR"
+#    git submodule update --init -- "$FRONTEND_DIR"
+# elif [ ! -d "$FRONTEND_DIR" ]; then
+#    echo "Initializing frontend submodule..."
+#    git submodule update --init -- "$FRONTEND_DIR"
+# else
+#    echo "Frontend submodule exists."
+# fi
+# echo "Fetching latest from origin and resetting to origin/$FRONTEND_BRANCH..."
+# (cd "$FRONTEND_DIR" && git fetch origin "$FRONTEND_BRANCH" && git reset --hard "origin/$FRONTEND_BRANCH")
+# echo "Frontend at: $(cd "$FRONTEND_DIR" && git log --oneline -1)"
+
+echo "--- 2. Injecting Environment Configurations ---"
+
+echo "Copying inference-orchestrator .env..."
+cp "$CONFIG_PATH/inference-orchestrator/.env" "python-ecosystem/inference-orchestrator/.env"
+
+echo "Copying rag-pipeline .env..."
+cp "$CONFIG_PATH/rag-pipeline/.env" "python-ecosystem/rag-pipeline/.env"
+
+echo "Copying web-frontend .env..."
+# Using the variable ensures we target the folder defined at the top
+cp "$CONFIG_PATH/web-frontend/.env" "$FRONTEND_DIR/.env"
+
+
+echo "--- 3. Building Java Artifacts (mvn clean package) ---"
+(cd "$JAVA_DIR" && mvn clean package -DskipTests)
+
+echo "--- 4. MCP Servers jar update ---"
+cp "$MCP_SERVERS_JAR_PATH" python-ecosystem/inference-orchestrator/codecrow-vcs-mcp-1.0.jar
+
+echo "--- 4.1. Platform MCP jar update ---"
+if [ -f "$PLATFORM_MCP_JAR_PATH" ]; then
+    cp "$PLATFORM_MCP_JAR_PATH" python-ecosystem/inference-orchestrator/codecrow-platform-mcp-1.0.jar
+    echo "Platform MCP JAR copied successfully."
+else
+    echo "Warning: Platform MCP JAR not found at $PLATFORM_MCP_JAR_PATH"
+fi
+
+echo "--- 5. Shutting down existing services cleanly ---"
+cd "$DOCKER_PATH"
+docker compose down --remove-orphans
+
+echo "--- 6. Building Docker images and starting services ---"
+docker compose up -d --build --wait
+
+echo "--- Deployment Complete! Services are up and healthy. ---"
+docker compose ps

deployment/build/production-build.sh

@@ -11,20 +11,20 @@ CONFIG_PATH="deployment/config"
 
 cd "$(dirname "$0")/../../"
 
-echo "--- 1. Ensuring frontend submodule is synchronized ---"
-if [ -d "$FRONTEND_DIR" ] && [ ! -f "$FRONTEND_DIR/.git" ]; then
-   echo "Stale frontend directory detected (not a submodule). Removing and re-initializing..."
-   rm -rf "$FRONTEND_DIR"
-   git submodule update --init -- "$FRONTEND_DIR"
-elif [ ! -d "$FRONTEND_DIR" ]; then
-   echo "Initializing frontend submodule..."
-   git submodule update --init -- "$FRONTEND_DIR"
-else
-   echo "Frontend submodule exists."
-fi
-echo "Fetching latest from origin and resetting to origin/$FRONTEND_BRANCH..."
-(cd "$FRONTEND_DIR" && git fetch origin "$FRONTEND_BRANCH" && git reset --hard "origin/$FRONTEND_BRANCH")
-echo "Frontend at: $(cd "$FRONTEND_DIR" && git log --oneline -1)"
+# echo "--- 1. Ensuring frontend submodule is synchronized ---"
+# if [ -d "$FRONTEND_DIR" ] && [ ! -f "$FRONTEND_DIR/.git" ]; then
+#    echo "Stale frontend directory detected (not a submodule). Removing and re-initializing..."
+#    rm -rf "$FRONTEND_DIR"
+#    git submodule update --init -- "$FRONTEND_DIR"
+# elif [ ! -d "$FRONTEND_DIR" ]; then
+#    echo "Initializing frontend submodule..."
+#    git submodule update --init -- "$FRONTEND_DIR"
+# else
+#    echo "Frontend submodule exists."
+# fi
+# echo "Fetching latest from origin and resetting to origin/$FRONTEND_BRANCH..."
+# (cd "$FRONTEND_DIR" && git fetch origin "$FRONTEND_BRANCH" && git reset --hard "origin/$FRONTEND_BRANCH")
+# echo "Frontend at: $(cd "$FRONTEND_DIR" && git log --oneline -1)"
 
 echo "--- 2. Injecting Environment Configurations ---"
 
@@ -40,7 +40,7 @@ cp "$CONFIG_PATH/web-frontend/.env" "$FRONTEND_DIR/.env"
 
 
 echo "--- 3. Building Java Artifacts (mvn clean package) ---"
-(cd "$JAVA_DIR" && mvn clean package -DskipTests)
+(cd "$JAVA_DIR" && mvn clean package)
 
 echo "--- 4. MCP Servers jar update ---"
 cp "$MCP_SERVERS_JAR_PATH" python-ecosystem/inference-orchestrator/codecrow-vcs-mcp-1.0.jar

deployment/config/inference-orchestrator/.env.sample

@@ -28,6 +28,12 @@ SERVICE_SECRET=change-me-to-a-random-secret
 # Temperature for code review (0.0 = deterministic, 0.1-0.3 = more creative)
 # LLM_TEMPERATURE=0.0
 
+# === Gemini Thinking Level ===
+# Controls depth of reasoning for Gemini 3+ models
+# Options: minimal | low | medium | high
+# Recommended: "low" for code review (balanced speed/quality)
+# GEMINI_THINKING_LEVEL=low
+
 
 # === Direct Review Mode ===
 # When rawDiff is provided in request, bypasses MCP agent for faster review
@@ -38,11 +44,11 @@ SERVICE_SECRET=change-me-to-a-random-secret
 # Maximum file size in bytes (default: 25KB - same as LargeContentFilter.DEFAULT_SIZE_THRESHOLD_BYTES)
 # DIFF_MAX_FILE_SIZE=25600
 # Maximum files to include in review (default: 100)
-# DIFF_MAX_FILES=100
-# Maximum total diff size in bytes (default: 500KB)
-# DIFF_MAX_TOTAL_SIZE=500000
+# DIFF_MAX_FILES=400
+# Maximum total diff size in bytes (default: 1MB)
+# DIFF_MAX_TOTAL_SIZE=1000000
 # Maximum lines per file (default: 1000)
-# DIFF_MAX_LINES_PER_FILE=1000
+# DIFF_MAX_LINES_PER_FILE=3000
 
 # === LLM Reranking (for large PRs) ===
 # Enable LLM-based reranking for large PRs

deployment/config/java-shared/application.properties.sample

@@ -20,6 +20,17 @@ codecrow.internal.api.secret=codecrow-internal-secret-change-me
 codecrow.rag.api.secret=change-me-to-a-random-secret
 
 
+# ============================================================================
+# CORS Configuration
+# ============================================================================
+# Comma-separated list of allowed origin patterns for CORS requests.
+# IMPORTANT: Set this to your actual frontend URL(s) in production.
+# Default (when not set): http://localhost:8080
+# Example for single domain:   https://app.example.com
+# Example for multiple domains: https://app.example.com,https://staging.example.com
+#codecrow.security.cors.allowed-origins=http://localhost:8080
+
+
 # ============================================================================
 # Spring MVC and Multipart Configuration
 # ============================================================================
@@ -282,4 +293,17 @@ logging.level.org.hibernate.orm.jdbc.bind=OFF
 # ============================================================================
 # Maximum number of custom review rules per project (default: 20)
 #codecrow.project.rules.max-count=20
-#llm.sync.anthropic.api-key
+#llm.sync.anthropic.api-key
+
+
+# ============================================================================
+# Flyway Database Migration Configuration
+# ============================================================================
+# Flyway manages schema changes via versioned SQL scripts.
+# web-server is the migration owner; pipeline-agent has Flyway disabled.
+# These settings are overridden by docker-compose.yml environment variables.
+#
+# spring.flyway.enabled=true
+# spring.flyway.baseline-on-migrate=true
+# spring.flyway.baseline-version=0
+# spring.flyway.locations=classpath:db/migration/managed

deployment/config/rag-pipeline/.env.sample

@@ -30,6 +30,8 @@ OPENROUTER_MODEL=qwen/qwen3-embedding-8b
 #================================================================================================
 #================================================================================================
 
+REDIS_URL=redis://redis:6379/1
+
 # QDRANT_VECTORS_ON_DISK=true
 
 ## === Path Traversal Guard ===

deployment/docker-compose.prod.yml

@@ -42,6 +42,8 @@ services:
   qdrant:
     image: qdrant/qdrant:latest
     container_name: codecrow-qdrant
+    environment:
+      QDRANT__SERVICE__API_KEY: ${QDRANT_API_KEY:?QDRANT_API_KEY must be set in .env}
     ports:
       - "127.0.0.1:6333:6333"
       - "127.0.0.1:6334:6334"
@@ -65,12 +67,18 @@ services:
       SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-codecrow_user}
       SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set in .env}
 
-      SPRING_JPA_HIBERNATE_DDL_AUTO: update
+      SPRING_JPA_HIBERNATE_DDL_AUTO: validate
       SPRING_JPA_SHOW_SQL: "false"
       SPRING_JPA_PROPERTIES_HIBERNATE_FORMAT_SQL: "false"
       SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
       SPRING_CONFIG_LOCATION: file:/app/config/application.properties
 
+      # Flyway database migrations (web-server is the migration owner)
+      SPRING_FLYWAY_ENABLED: "true"
+      SPRING_FLYWAY_BASELINE_ON_MIGRATE: "true"
+      SPRING_FLYWAY_BASELINE_VERSION: "0"
+      SPRING_FLYWAY_LOCATIONS: classpath:db/migration/managed
+
       SERVER_PORT: 8081
 
       SPRING_SESSION_STORE_TYPE: redis
@@ -91,6 +99,7 @@ services:
     networks:
       - codecrow-network
     volumes:
+      - source_code_tmp:/tmp
       - web_logs:/app/logs
       - ./config/java-shared/application.properties:/app/config/application.properties
       - ./config/java-shared/github-private-key/github-app-private-key.pem:/app/config/github-app-private-key.pem
@@ -111,12 +120,15 @@ services:
       SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-codecrow_user}
       SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set in .env}
 
-      SPRING_JPA_HIBERNATE_DDL_AUTO: update
+      SPRING_JPA_HIBERNATE_DDL_AUTO: validate
       SPRING_JPA_SHOW_SQL: "false"
       SPRING_JPA_PROPERTIES_HIBERNATE_FORMAT_SQL: "false"
       SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
       SPRING_CONFIG_LOCATION: file:/app/config/application.properties
 
+      # Flyway disabled — web-server is the migration owner
+      SPRING_FLYWAY_ENABLED: "false"
+
       SERVER_PORT: 8082
 
       SPRING_SESSION_STORE_TYPE: redis
@@ -160,12 +172,15 @@ services:
     depends_on:
       - rag-pipeline
       - web-server
+      - redis
     environment:
       # API access for Platform MCP (internal network only)
       CODECROW_API_URL: http://codecrow-web-application:8081
       PLATFORM_MCP_JAR: /app/codecrow-platform-mcp-1.0.jar
       # Internal API secret for service-to-service communication
       INTERNAL_API_SECRET: ${INTERNAL_API_SECRET:?INTERNAL_API_SECRET must be set in .env}
+      # Redis connection for async analysis queue (DB 1 to isolate from session storage on DB 0)
+      REDIS_URL: redis://redis:6379/1
     networks:
       - codecrow-network
     volumes:
@@ -188,9 +203,13 @@ services:
     environment:
       CODECROW_WEB_SERVER_URL: http://web-server:8081
       CODECROW_INTERNAL_SECRET: ${INTERNAL_API_SECRET:?INTERNAL_API_SECRET must be set in .env}
+      QDRANT_API_KEY: ${QDRANT_API_KEY:?QDRANT_API_KEY must be set in .env}
+      REDIS_URL: redis://redis:6379/1
     ports:
       - "127.0.0.1:8001:8001"
     depends_on:
+      redis:
+        condition: service_healthy
       fix-permissions:
         condition: service_completed_successfully
       qdrant:

deployment/docker-compose.yml

@@ -42,6 +42,8 @@ services:
   qdrant:
     image: qdrant/qdrant:latest
     container_name: codecrow-qdrant
+    environment:
+      QDRANT__SERVICE__API_KEY: ${QDRANT_API_KEY:?QDRANT_API_KEY must be set in .env}
     ports:
       - "127.0.0.1:6333:6333"
       - "127.0.0.1:6334:6334"
@@ -72,6 +74,12 @@ services:
       SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
       SPRING_CONFIG_LOCATION: file:/app/config/application.properties
 
+      # Flyway database migrations (web-server is the migration owner)
+      SPRING_FLYWAY_ENABLED: "true"
+      SPRING_FLYWAY_BASELINE_ON_MIGRATE: "true"
+      SPRING_FLYWAY_BASELINE_VERSION: "0"
+      SPRING_FLYWAY_LOCATIONS: classpath:db/migration/managed
+
       SERVER_PORT: 8081
 
       SPRING_SESSION_STORE_TYPE: redis
@@ -92,6 +100,7 @@ services:
     networks:
       - codecrow-network
     volumes:
+      - source_code_tmp:/tmp
       - web_logs:/app/logs
       - ./config/java-shared/application.properties:/app/config/application.properties
       - ./config/java-shared/github-private-key/github-app-private-key.pem:/app/config/github-app-private-key.pem
@@ -118,6 +127,9 @@ services:
       SPRING_JPA_DATABASE_PLATFORM: org.hibernate.dialect.PostgreSQLDialect
       SPRING_CONFIG_LOCATION: file:/app/config/application.properties
 
+      # Flyway disabled — web-server is the migration owner
+      SPRING_FLYWAY_ENABLED: "false"
+
       SERVER_PORT: 8082
 
       SPRING_SESSION_STORE_TYPE: redis
@@ -163,10 +175,13 @@ services:
     depends_on:
       - rag-pipeline
       - web-server
+      - redis
     environment:
       CODECROW_API_URL: http://codecrow-web-application:8081
       PLATFORM_MCP_JAR: /app/codecrow-platform-mcp-1.0.jar
       INTERNAL_API_SECRET: ${INTERNAL_API_SECRET:?INTERNAL_API_SECRET must be set in .env}
+      # Redis connection for async analysis queue (DB 1 to isolate from session storage on DB 0)
+      REDIS_URL: redis://redis:6379/1
     networks:
       - codecrow-network
     volumes:
@@ -190,9 +205,13 @@ services:
     environment:
       CODECROW_WEB_SERVER_URL: http://web-server:8081
       CODECROW_INTERNAL_SECRET: ${INTERNAL_API_SECRET:?INTERNAL_API_SECRET must be set in .env}
+      QDRANT_API_KEY: ${QDRANT_API_KEY:?QDRANT_API_KEY must be set in .env}
+      REDIS_URL: redis://redis:6379/1
     ports:
       - "127.0.0.1:8001:8001"
     depends_on:
+      redis:
+        condition: service_healthy
       fix-permissions:
         condition: service_completed_successfully
       qdrant:

deployment/setup.sh

@@ -178,6 +178,14 @@ EOF
   set_value "$RAG_ENV"    "SERVICE_SECRET"          "$SERVICE_SECRET"
   success "Service secret       (synced: application.properties + inference-orchestrator/.env + rag-pipeline/.env)"
 
+  # Qdrant API key — lives only in deployment/.env
+  # Docker Compose injects it as QDRANT__SERVICE__API_KEY into the Qdrant container
+  # and as QDRANT_API_KEY into the rag-pipeline container.
+  local QDRANT_API_KEY
+  QDRANT_API_KEY=$(generate_hex)
+  echo "QDRANT_API_KEY=${QDRANT_API_KEY}" >> "$ROOT_ENV"
+  success "Qdrant API key       (written to .env — injected into containers by docker-compose)"
+
   # ─── Step 3: Configure embedding provider ─────────────────────────
 
   header "Step 3/3 — Embedding LLM configuration"
@@ -245,7 +253,7 @@ EOF
   echo -e "${BOLD}${GREEN}╚══════════════════════════════════════════════════╝${NC}\n"
 
   echo -e "Generated files:"
-  echo -e "  ${DIM}.env${NC}                                        (DB credentials + INTERNAL_API_SECRET)"
+  echo -e "  ${DIM}.env${NC}                                        (DB credentials + INTERNAL_API_SECRET + QDRANT_API_KEY)"
   echo -e "  ${DIM}config/java-shared/application.properties${NC}"
   echo -e "  ${DIM}config/inference-orchestrator/.env${NC}"
   echo -e "  ${DIM}config/rag-pipeline/.env${NC}                    (embedding provider configured)"

frontend

@@ -56,6 +56,11 @@
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.rostilos.codecrow</groupId>
+            <artifactId>codecrow-queue</artifactId>
+        </dependency>
+
         <!-- Jackson for JSON processing -->
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>