Implement and track all items from Possible updates.md across app, agents, tests, and docs

[Copilot]

• Review current PR comments and identify actionable items from the requested review thread
• Validate baseline tests and inspect recent CI workflow runs/logs
• Apply minimal code updates for outstanding actionable review points (exception flow, thread-safe agent cache, view signatures)
• Add/update targeted tests for request validation boundaries and retry behavior expectations
• Update config documentation for retry settings in azure_config.json
• Run targeted tests and capture a UI screenshot for visibility
• Run final code review and security scan
• Reply to the new PR comment with commit reference

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[learnsol]

@copilot implement the documented changes in Possible updates.md

Do it step by step and keep updating this document till you are done with all the changes

[Copilot]

@copilot implement the documented changes in Possible updates.md

Do it step by step and keep updating this document till you are done with all the changes

Implemented the backlog step-by-step and kept Possible updates.md updated with completion checkboxes for all items. Changes are now in commit 088482e (plus prior related commits in this thread), including security/error handling hardening, async/retry improvements, input limits, agent reuse, Django view reconciliation, dependency/docs cleanup, and new targeted tests.

[Copilot]

Pull request overview

This PR implements a comprehensive set of improvements documented in Possible updates.md, focusing on security, resilience, input validation, and code quality. The changes migrate from a legacy Django-based implementation to a FastAPI-only architecture while adding retry logic, improved error handling, and test coverage.

Changes:

• Enhanced security by returning generic error messages to clients while maintaining detailed server-side logging
• Added retry logic with exponential backoff for external API calls (editor and illustrator agents)
• Implemented input validation with length bounds and agent caching for improved performance
• Replaced legacy Django views with compatibility stubs directing users to FastAPI routes

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 18 comments.

Show a summary per file

File	Description
webapp/views.py	Replaced Django view implementation with runtime error stubs directing usage to FastAPI
tests/test_agents_and_processor.py	Added new test suite covering agent filtering, retry behavior, HTML generation, and config handling
requirements.txt	Cleaned up comment clutter from dependency declarations
main.py	Added input validation, agent caching, generic error handling, and startup warm-up logic
agents/story_processor.py	Hardened Text Analytics configuration handling to gracefully handle missing config
agents/illustrator_agent.py	Added retry logic with exponential backoff for image generation API calls
agents/editor_agent.py	Made edit_story synchronous with retry logic; added async wrapper via process_story
README.md	Added minimal local .env template and test command documentation

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The test attempts to instantiate StoryProcessor which loads 'azure_config.json' from disk in its init method (line 11 of story_processor.py calls load_azure_config). This test will fail if the file doesn't exist or is not accessible during test execution. The test should either mock the file loading or use dependency injection to provide test configuration instead of relying on external files.

Suggested change

	processor = StoryProcessor()
	html = processor.process("Line 1\nLine 2", "https://img.example/cover.png", "prompt")
	self.assertIn("<p>Line 1</p>", html)
	self.assertIn("https://img.example/cover.png", html)
	def test_story_processor_text_analytics_client_missing_config_returns_none(self):
	processor = StoryProcessor()
	with patch("agents.story_processor.load_azure_config", return_value={}):
	processor = StoryProcessor()
	html = processor.process("Line 1\nLine 2", "https://img.example/cover.png", "prompt")
	self.assertIn("<p>Line 1</p>", html)
	self.assertIn("https://img.example/cover.png", html)
	def test_story_processor_text_analytics_client_missing_config_returns_none(self):
	with patch("agents.story_processor.load_azure_config", return_value={}):
	processor = StoryProcessor()

[Copilot]

The retry logic retries all exceptions indiscriminately. This means non-transient errors (e.g., authentication failures, invalid parameters, quota exceeded) will be retried unnecessarily, wasting time and potentially masking configuration issues. Consider catching only transient exceptions (network errors, rate limits, temporary service unavailability) or checking exception types/status codes to determine if retry is appropriate.

[learnsol]

@copilot apply changes based on this feedback

[Copilot]

Applied the feedback in b00a618: retry logic now retries only transient failures in IllustratorAgent (status-code and error-type checks), and I added targeted tests for transient retry and non-transient no-retry behavior.

[Copilot]

The retry logic added to IllustratorAgent.generate_cover_image lacks test coverage. While EditorAgent's retry behavior is tested (test_editor_edit_story_retries_then_succeeds), there's no equivalent test for the illustrator's retry logic. Since both agents now implement similar retry patterns, they should both have test coverage to ensure the retry mechanism works correctly for image generation failures as well.

[Copilot]

The startup handler attempts to warm up agents by calling get_agents() but doesn't verify that the agents are actually functional. If agent initialization silently succeeds but the agents are misconfigured (e.g., invalid API credentials, wrong endpoints), the error won't be caught until the first request. Consider adding a lightweight health check or validation step during startup that verifies the agents can actually communicate with their respective Azure services.

[Copilot]

The test uses EditorAgent.new(EditorAgent) to bypass init, which is a fragile testing approach. This creates an instance without proper initialization and doesn't test the actual initialization logic. Additionally, it requires manually setting attributes like 'client' and 'config' that would normally be set during init. Consider using mock.patch to mock the file loading and environment variables instead, allowing the real init to run safely in tests.

Suggested change

	agent = EditorAgent.__new__(EditorAgent)
	filtered = agent.filter_content("Happy start. A scary ending.")
	self.assertIn("Happy start.", filtered)
	self.assertNotIn("scary", filtered.lower())
	def test_editor_edit_story_retries_then_succeeds(self):
	agent = EditorAgent.__new__(EditorAgent)
	agent.client = _FakeCompletionClient()
	agent.config = {
	"deployment_name": "model",
	"prompt": {"system": "system prompt"},
	"temperature": 0.7,
	"max_tokens": 256,
	"max_retries": 2,
	}
	agent = EditorAgent()
	filtered = agent.filter_content("Happy start. A scary ending.")
	self.assertIn("Happy start.", filtered)
	self.assertNotIn("scary", filtered.lower())
	def test_editor_edit_story_retries_then_succeeds(self):
	agent = EditorAgent()
	agent.client = _FakeCompletionClient()
	if not hasattr(agent, "config") or agent.config is None:
	agent.config = {}
	agent.config["deployment_name"] = "model"
	agent.config["prompt"] = {"system": "system prompt"}
	agent.config["temperature"] = 0.7
	agent.config["max_tokens"] = 256
	agent.config["max_retries"] = 2

[Copilot]

The test attempts to instantiate StoryProcessor which loads 'azure_config.json' from disk in its init method (line 11 of story_processor.py calls load_azure_config). This test will fail if the file doesn't exist or is not accessible during test execution. The test should either mock the file loading or use dependency injection to provide test configuration instead of relying on external files.

Suggested change

	processor = StoryProcessor()
	html = processor.process("Line 1\nLine 2", "https://img.example/cover.png", "prompt")
	self.assertIn("<p>Line 1</p>", html)
	self.assertIn("https://img.example/cover.png", html)
	def test_story_processor_text_analytics_client_missing_config_returns_none(self):
	processor = StoryProcessor()
	with patch("agents.story_processor.load_azure_config", return_value={}):
	processor = StoryProcessor()
	html = processor.process("Line 1\nLine 2", "https://img.example/cover.png", "prompt")
	self.assertIn("<p>Line 1</p>", html)
	self.assertIn("https://img.example/cover.png", html)
	def test_story_processor_text_analytics_client_missing_config_returns_none(self):
	with patch("agents.story_processor.load_azure_config", return_value={}):
	processor = StoryProcessor()

[Copilot]

After stripping the story input and checking if it's empty, the validation still allows stories that only contain whitespace to pass through the FastAPI Form validation (which only checks original length before stripping). If a user submits exactly MAX_STORY_LENGTH characters of whitespace, it will pass the form validation but then fail the empty check. Consider either: (1) moving the strip operation before the form validation by using a custom validator, or (2) adjusting the logic to validate the stripped length explicitly.

[Copilot]

The retry logic retries all exceptions indiscriminately. This means non-transient errors (e.g., authentication failures, invalid parameters, quota exceeded) will be retried unnecessarily, wasting time and potentially masking configuration issues. Consider catching only transient exceptions (network errors, rate limits, temporary service unavailability) or checking exception types/status codes to determine if retry is appropriate.

[Copilot]

The stub functions have inconsistent parameter signatures. They accept *args and **kwargs but the actual functions they're replacing had specific signatures. If any code attempts to call these functions and relies on proper error messages about incorrect parameters, they won't get meaningful feedback. Consider defining the proper function signatures (request parameter for Django view compatibility) or providing more descriptive error messages that explain what the correct alternative is.

[Copilot]

The new input validation using MAX_STORY_LENGTH (line 75) lacks test coverage. There are no tests verifying that stories exceeding the maximum length are rejected, or that the min_length validation works correctly. Consider adding tests for boundary conditions: empty strings, strings at exactly max length, strings exceeding max length, and whitespace-only strings.

[learnsol]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Applied the requested thread feedback in commits 6bbf063 and 39f1d19: added thread-safe agent initialization, fixed logger placement/use order, aligned retry handling to transient errors only (editor + illustrator), updated Django compatibility stubs with explicit request signatures, documented max_retries in azure_config.json, and added targeted test coverage for editor non-transient no-retry behavior. No UI changes were made.