chore(release): v0.5.0 hardening pass — DEBT-018/020 + security

[fvadicamo]

Summary

Pre-release hardening pass on v0.5.0 that bundles into the release everything we'd otherwise have shipped as v0.5.1 within 24h, avoiding the back-to-back release ceremony.

• 2 critical CVEs in litellm (auth bypass via OIDC userinfo cache key collision) closed via dependency bump
• DEBT-018 (widget --vektra-primary no longer leaks to host page :root)
• DEBT-020 (audit log no longer silently skips on sensitive endpoints when request-id middleware misbehaves) — now covering admin + learn + ingest
• 4 LOW style nitpicks from code-quality bot (test fakes self_inner -> self)

Why

When PR #71 (release develop -> main) was reviewed, Gemini and code-quality bots posted feedback that we initially deferred to v0.5.1 per a "zero new commits on release PR" policy. Reading the actual content, almost all of it had moderate-to-high value (litellm critical CVEs, NFR-007 audit gaps, widget host-page leak), and shipping v0.5.0 followed by v0.5.1 within a day projects "release-then-fix" rather than "release-and-ready".

Per discussion this PR closes the gap: ship a single, tighter v0.5.0 with the deferred fixes inside, drop the parallel v0.5.1 plan. Same approach is being mirrored on vektra-moodle for consistency.

What's included

Security (deps)

• litellm >=1.40,<1.82.7 -> >=1.83.10,<1.83.11 — closes 2 critical CVEs (auth bypass via OIDC userinfo cache key collision) and several high-severity findings (authenticated command execution via MCP stdio test endpoints, SSTI in /prompts/test).
• pytest >=8.0 -> >=9.0.3 (full suite green on the new major version).
• Widget esbuild ^0.24 -> ^0.25.

Cherry-picks of #68 (uv group, 11 updates) and #40 (esbuild widget). Other open Dependabot PRs (#39, #61) intentionally deferred.

Application fixes

• DEBT-018 widget --vektra-primary scoping: the override is now applied to widget roots (.vektra-chat-btn, .vektra-chat-panel) instead of :root, so it no longer clobbers any unrelated --vektra-primary declarations on the host page. Repeated initialization reuses a single <style id="vektra-primary-override"> element instead of accumulating duplicates.
• DEBT-020 audit log fallback (NFR-007): each of vektra-admin/api.py, vektra-learn/api.py, and vektra-ingest/api.py now declares a private _resolve_request_id(request) -> UUID helper that synthesizes uuid4() when request.state.request_id is missing and emits a request_id_middleware_missing_fallback structlog warning. Applied to all sensitive endpoints discovered during sweep:
  • admin: POST /api-keys, DELETE /api-keys/{id}, PATCH /admin/namespaces/{id}/config, GET /admin/conversations/{id}/turns
  • learn: GET /api/v1/learn/conversations/{id}/turns
  • ingest: _write_audit_log and _write_audit_log_direct writers used by POST /api/v1/ingest, batch ingest, deletion

Style

• vektra-core/tests/test_pipeline.py: renamed self_inner -> self in nested _FakeResult / _FakeSession test helpers (4 LOW nitpicks from code-quality bot on PR release: v0.5.0 - Widget production-ready & instructor configuration #71).

Tests

• Helper unit tests + read-endpoint integration test in vektra-admin/tests/test_admin_turns.py. The existing vektra-learn/tests/test_api.py already validates UUID synthesis on the learn path (preserved).

Docs

• CHANGELOG [0.5.0] updated with ### Fixed and ### Security sections; date moved to 2026-04-27 (actual ship date).
• BACKLOG: DEBT-018 and DEBT-020 marked completed with resolution notes; DEBT-021 (_fetch_document_names JOIN) remains planned (deferred — low priority, no measurable latency impact).

Test plan

• make lint green (8/8 import-linter contracts kept)
• make test — 632 passed locally (4 pre-existing vektra-shared/test_config.py failures from local .env leakage, verified green on CI in clean env)
• CI green on push (real validation)
• After merge: PR release: v0.5.0 - Widget production-ready & instructor configuration #71 (release develop -> main) auto-updates with these commits and ships them as v0.5.0

Refs

• BACKLOG entries: DEBT-018, DEBT-020 (now completed); DEBT-021 (still planned)
• Cherry-picked PRs: chore(deps): bump the uv group across 1 directory with 11 updates #68 (uv group), chore(deps-dev): Bump esbuild from 0.24.2 to 0.25.0 in /vektra-learn/widget in the npm_and_yarn group across 1 directory #40 (esbuild widget)
• Reviewed PR: release: v0.5.0 - Widget production-ready & instructor configuration #71 (release v0.5.0)
• Coordinated with: vektralabs/vektra-moodle (same single-release strategy)

Summary by CodeRabbit

• Bug Fixes

  • Audit logging now consistently records for admin, learn, and ingest operations by generating fallback request IDs when middleware fails to populate them.

• New Features

  • Widget CSS custom property overrides now scoped to widget elements, preventing interference with host-page styles.

• Chores

  • Updated development and runtime dependencies: pytest (9.0.3), litellm (1.83.10), and esbuild (0.25).

[coderabbitai]

Warning

Rate limit exceeded

@fvadicamo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 55 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 63688c9f-c9bd-4d47-a7aa-2ff5e733cc59

📥 Commits

Reviewing files that changed from the base of the PR and between 8fa101c and 9ec7577.

⛔ Files ignored due to path filters (2)

• .s2s/BACKLOG.md is excluded by !.s2s/**
• uv.lock is excluded by !**/*.lock, !**/*.lock

📒 Files selected for processing (3)

• vektra-admin/src/vektra_admin/api.py
• vektra-core/pyproject.toml
• vektra-learn/widget/src/chat-ui.js

📝 Walkthrough

Walkthrough

This PR introduces consistent request-ID fallback handling across admin, ingest, and learn modules by adding _resolve_request_id helpers that generate UUID fallbacks when middleware fails to populate request.state.request_id. It also updates the widget's CSS override to scope to widget elements and reuse style nodes, bumps development and runtime dependencies, and renames a test parameter.

Changes

Cohort / File(s)	Summary
Dependency Version Bumps CHANGELOG.md, pyproject.toml, vektra-core/pyproject.toml, vektra-learn/widget/package.json	Updated pytest from 8.0 to 9.0.3, litellm range adjusted to <1.83.11, esbuild upgraded from ^0.24 to ^0.25. Documented all changes in CHANGELOG including audit logging and widget CSS behavior adjustments.
Audit Logging Request-ID Resolution vektra-admin/src/vektra_admin/api.py, vektra-ingest/src/vektra_ingest/api.py, vektra-learn/src/vektra_learn/api.py	Introduced centralized _resolve_request_id helper functions that return request.state.request_id or fallback to uuid4() with structlog warning. Updated endpoints to always enqueue audit logging with resolved UUIDs instead of skipping when request_id is absent.
Audit Logging Test Coverage vektra-admin/tests/test_admin_turns.py	Added tests validating request-ID resolution behavior and audit logging when middleware fails to populate request.state.request_id. Tests confirm synthesized UUIDs are generated per call and audit tasks are properly enqueued.
Widget CSS Style Behavior vektra-learn/widget/src/chat-ui.js	Changed style injection to reuse a single id-based <style id="vektra-primary-override"> node across repeated initialization instead of appending new elements. Scoped --vektra-primary CSS custom property to .vektra-chat-btn, .vektra-chat-panel instead of global :root to prevent host-page override conflicts.
Test Parameter Cleanup vektra-core/tests/test_pipeline.py	Renamed parameter from self_inner to standard self in test fake helper method signatures for consistency with Python conventions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A hop and a skip through audit's domain,
Request IDs falling like springtime rain,
With fallback UUIDs born from the blue,
And widgets that style just for me and you,
Dependency bumps march—onward we go! 🌿✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 76.19% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies this as a v0.5.0 release hardening pass addressing specific technical debt items (DEBT-018/020) and security concerns, which aligns with the pull request's main objectives of bundling pre-release fixes and security updates.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/v0.5.0-finalize

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request implements technical debt resolutions and security updates for the v0.5.0 release. Key improvements include scoping the widget's primary color CSS variable to prevent host-page style leakage and introducing a robust audit logging fallback mechanism across the admin, learn, and ingest modules to ensure sensitive actions are always recorded. Dependencies such as litellm and pytest were bumped to address security vulnerabilities and modernize the test environment. Feedback was provided regarding the widget's style injection logic, noting that the current use of a global style ID may cause conflicts in multi-instance scenarios where different primary colors are required.

[coderabbitai]

🧹 Nitpick comments (4)

vektra-learn/src/vektra_learn/api.py (1)

60-76: Consider hoisting _resolve_request_id into vektra_shared.

This helper is duplicated almost verbatim across vektra-learn/src/vektra_learn/api.py, vektra-ingest/src/vektra_ingest/api.py, and vektra-admin/src/vektra_admin/api.py. Since the import-linter contracts allow each component to import from vektra_shared, a single vektra_shared.audit.resolve_request_id(request) -> UUID (or similar) would remove the triplication and ensure the three audit-fallback paths can never drift in behavior or log key. Acceptable to defer, but worth a follow-up.

Also note this copy calls structlog.get_logger(__name__).warning(...) on every fallback invocation while the other two copies use a module-level log — minor consistency nit if you keep the per-module copies.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vektra-learn/src/vektra_learn/api.py` around lines 60 - 76, The helper
function _resolve_request_id in vektra_learn.api is duplicated across services;
extract it into a shared helper (e.g.,
vektra_shared.audit.resolve_request_id(request) -> UUID) and replace the local
_resolve_request_id with an import call to that shared function so all services
share one implementation and audit-fallback behavior; when moving it, preserve
the current logic (return request.state.request_id or uuid4(), emit a warning on
fallback) and standardize the logger usage (use a module-level log variable or
identical logging call/signature as the other services) to keep log keys
consistent.

vektra-admin/src/vektra_admin/api.py (1)

374-385: Minor: is_bootstrap_key(token) is recomputed.

_bootstrap.is_bootstrap_key(token) is already evaluated at line 279; re-calling it at line 375 is harmless but easy to avoid by caching the result once near the top of the function. Optional cleanup.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vektra-admin/src/vektra_admin/api.py` around lines 374 - 385, The code calls
_bootstrap.is_bootstrap_key(token) twice; compute it once near the start of the
function and reuse that boolean variable (e.g., is_bootstrap) when scheduling
the background task instead of calling _bootstrap.is_bootstrap_key(token) again;
update the invocation passed to _audit.log_event (in the
background_tasks.add_task call) to use the cached is_bootstrap value.

vektra-learn/widget/src/chat-ui.js (1)

136-154: Override is deduped, but the main <style> block still accumulates.

The DEBT-018 fix correctly scopes --vektra-primary to .vektra-chat-btn / .vektra-chat-panel and reuses a single #vektra-primary-override node. However, the comment ("repeated construction (hot reload, multi-instance, host-page re-init) doesn't accumulate style elements") reads as if it applies to both blocks, while in practice the main style at lines 137–139 still appends a fresh <style> on every ChatUI construction. If hot-reload/multi-instance accumulation is a real concern, the same dedup pattern should be applied to the main block too; otherwise consider tightening the comment to scope it to the override only.

♻️ Possible follow-up to dedupe the main style node as well

   _injectStyles() {
-    const style = document.createElement("style");
-    style.textContent = buildStyles(this._theme);
-    document.head.appendChild(style);
+    let style = document.getElementById("vektra-base-styles");
+    if (!style) {
+      style = document.createElement("style");
+      style.id = "vektra-base-styles";
+      document.head.appendChild(style);
+    }
+    style.textContent = buildStyles(this._theme);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vektra-learn/widget/src/chat-ui.js` around lines 136 - 154, The main style
block in _injectStyles() always appends a new <style>, causing accumulation;
change it to reuse/dedupe a single style node (e.g., look up
document.getElementById("vektra-chat-ui-styles") and if missing create/appended
it, otherwise update its textContent = buildStyles(this._theme)) instead of
always creating a fresh element, referencing the _injectStyles method,
buildStyles(this._theme) and this._theme; alternatively, if you prefer not to
dedupe, update the existing comment to explicitly state it only refers to the
primary-override node.

vektra-core/pyproject.toml (1)

11-11: Relax the overly restrictive litellm version pin.

litellm>=1.83.10,<1.83.11 locks to exactly 1.83.10, but the OIDC userinfo cache key collision CVE (CVE-2026-35030) was patched in v1.83.0, not v1.83.10. Versions 1.83.10 and later all include the fix. Consider relaxing the constraint to >=1.83.0 (or >=1.83.10 if other constraints apply) without the <1.83.11 upper bound, allowing patch releases to flow downstream without requiring a new PR.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vektra-core/pyproject.toml` at line 11, The pinned dependency
"litellm>=1.83.10,<1.83.11" is too restrictive; update the pyproject.toml
dependency line for litellm (the existing string literal) to relax the
constraint to a broader range such as "litellm>=1.83.0" (or at minimum remove
the upper bound to "litellm>=1.83.10") so downstream patch releases can flow
without PRs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@vektra-admin/src/vektra_admin/api.py`:
- Around line 374-385: The code calls _bootstrap.is_bootstrap_key(token) twice;
compute it once near the start of the function and reuse that boolean variable
(e.g., is_bootstrap) when scheduling the background task instead of calling
_bootstrap.is_bootstrap_key(token) again; update the invocation passed to
_audit.log_event (in the background_tasks.add_task call) to use the cached
is_bootstrap value.

In `@vektra-core/pyproject.toml`:
- Line 11: The pinned dependency "litellm>=1.83.10,<1.83.11" is too restrictive;
update the pyproject.toml dependency line for litellm (the existing string
literal) to relax the constraint to a broader range such as "litellm>=1.83.0"
(or at minimum remove the upper bound to "litellm>=1.83.10") so downstream patch
releases can flow without PRs.

In `@vektra-learn/src/vektra_learn/api.py`:
- Around line 60-76: The helper function _resolve_request_id in vektra_learn.api
is duplicated across services; extract it into a shared helper (e.g.,
vektra_shared.audit.resolve_request_id(request) -> UUID) and replace the local
_resolve_request_id with an import call to that shared function so all services
share one implementation and audit-fallback behavior; when moving it, preserve
the current logic (return request.state.request_id or uuid4(), emit a warning on
fallback) and standardize the logger usage (use a module-level log variable or
identical logging call/signature as the other services) to keep log keys
consistent.

In `@vektra-learn/widget/src/chat-ui.js`:
- Around line 136-154: The main style block in _injectStyles() always appends a
new <style>, causing accumulation; change it to reuse/dedupe a single style node
(e.g., look up document.getElementById("vektra-chat-ui-styles") and if missing
create/appended it, otherwise update its textContent = buildStyles(this._theme))
instead of always creating a fresh element, referencing the _injectStyles
method, buildStyles(this._theme) and this._theme; alternatively, if you prefer
not to dedupe, update the existing comment to explicitly state it only refers to
the primary-override node.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f6dbc953-79b8-4125-b6a3-7498773e69ee

📥 Commits

Reviewing files that changed from the base of the PR and between 1ddcd7d and 8fa101c.

⛔ Files ignored due to path filters (3)

• .s2s/BACKLOG.md is excluded by !.s2s/**
• uv.lock is excluded by !**/*.lock, !**/*.lock
• vektra-learn/widget/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (10)

• CHANGELOG.md
• pyproject.toml
• vektra-admin/src/vektra_admin/api.py
• vektra-admin/tests/test_admin_turns.py
• vektra-core/pyproject.toml
• vektra-core/tests/test_pipeline.py
• vektra-ingest/src/vektra_ingest/api.py
• vektra-learn/src/vektra_learn/api.py
• vektra-learn/widget/package.json
• vektra-learn/widget/src/chat-ui.js

[fvadicamo]

Addressed CodeRabbit's 4 nitpicks in ff2a745:

• Fix vektra-admin/api.py:374-385 (is_bootstrap_key recomputed): cached the call once at the top of create_api_key and reused the boolean in the audit metadata.
• Fix vektra-learn/widget/src/chat-ui.js:136-154 (comment scope): tightened the _injectStyles comment to clarify only the primary-color override is deduped; main style block intentionally still appends. Pointed to DEBT-022 for the multi-instance follow-up.
• Fix vektra-core/pyproject.toml:11 (litellm pin too restrictive): relaxed litellm>=1.83.10,<1.83.11 to litellm>=1.83.10. Lockfile regenerated; resolved version unchanged at 1.83.10. Future patch releases now flow without a new PR.
• Defer vektra-learn/api.py:60-76 (hoist _resolve_request_id to vektra_shared): tracked as DEBT-023 in BACKLOG (ff2a745). Three near-identical copies across admin/learn/ingest is the threshold where extraction starts paying off; deferred from v0.5.0 to keep this hardening pass scope-contained.

Plus deferred from the inline thread:

• chat-ui.js:152 (Gemini medium, multi-instance): tracked as DEBT-022 in BACKLOG. Per-instance style.setProperty is the right path when multi-instance widget embedding lands; single-widget-per-page is the only mode today.

[fvadicamo]

Review feedback addressed in ff2a745:

• 1 Gemini medium (multi-instance widget): deferred → DEBT-022
• 4 CodeRabbit nitpicks: 3 fixed inline (is_bootstrap_key dedup, comment scope, litellm pin relax), 1 deferred → DEBT-023 (hoist helper to vektra_shared)

Both deferred items now tracked in BACKLOG with full context, acceptance criteria, and proposed approach.