Integrated health monitoring for all services

Dockerfile

@@ -4,32 +4,39 @@ FROM python:3.12-slim
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
-ENV PORT=8080
+ENV PORT=8000
 
 # Set working directory
 WORKDIR /app
 
-# Install system dependencies (needed for OpenCV, various tools)
+# Install system dependencies
+# libgl1 and libglib2.0-0 are for OpenCV/Computer Vision
+# curl is for health checks
 RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
+    curl \
     libgl1-mesa-glx \
     libglib2.0-0 \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Python dependencies
-# Copy requirements first to leverage Docker cache
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
+# Install Playwright browser and its dependencies
+RUN playwright install chromium
+RUN playwright install-deps chromium
+
 # Copy the rest of the application
 COPY . .
 
 # Create a non-root user and switch to it for security
+# Ensure the user has access to playwright browsers
 RUN useradd -m appuser && chown -R appuser /app
 USER appuser
 
-# Expose the port
-EXPOSE 8080
+# Expose the port (API usually on 8000)
+EXPOSE 8000
 
-# Command to run the application using Gunicorn with Uvicorn workers
+# Default command for the API (can be overridden in docker-compose for the worker)
 CMD exec gunicorn --bind :$PORT --workers 1 --worker-class uvicorn.workers.UvicornWorker --timeout 0 app.api.main:app

app/agents/adk_mathminds.py

@@ -266,4 +266,9 @@ class MathMindsADKAgent:
             logger.error(f"Streaming execution failed: {e}")
             yield {"type": "error", "content": str(e)}
         finally:
-            current_image_ctx.reset(token)
+            try:
+                current_image_ctx.reset(token)
+            except ValueError:
+                # This can happen if the generator is closed (GeneratorExit) 
+                # in a different task context than where it was started.
+                pass

app/api/main.py

@@ -15,6 +15,7 @@ import json
 
 from fastapi import FastAPI, HTTPException, status, Depends, Request
 from fastapi.responses import JSONResponse, StreamingResponse
+from fastapi.middleware.cors import CORSMiddleware
 from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
 from app.core.limiter import limiter
@@ -72,6 +73,15 @@ app = FastAPI(
     lifespan=lifespan
 )
 
+# CORS Configuration
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"], # In production, replace with specific domains
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 # Global Exception Handler (Catch-All)
 @app.exception_handler(Exception)
 async def global_exception_handler(request: Request, exc: Exception):
@@ -385,64 +395,20 @@ async def update_profile(
 if __name__ == "__main__":
     import uvicorn
     uvicorn.run(app, host="0.0.0.0", port=8000)
-# ── Auth Endpoints ─────────────────────────────────────────────────────────
-
-@app.post("/auth/signup", response_model=TokenResponse)
-async def signup(
-    user_in: UserSignup,
-    db_manager = Depends(get_db_manager)
-):
-    """Register a new user."""
-    # Check if user already exists
-    existing_user = db_manager.get_user_by_email(user_in.email)
-    if existing_user:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="User with this email already exists"
-        )
-    
-    user_id = str(uuid.uuid4())
-    hashed_pw = hash_password(user_in.password)
-    
-    user_dict = {
-        "user_id": user_id,
-        "email": user_in.email,
-        "hashed_password": hashed_pw,
-        "full_name": user_in.full_name,
-        "created_at": datetime.now(timezone.utc)
-    }
-    
-    if db_manager.create_user(user_dict):
-        token = create_access_token(data={"sub": user_id, "email": user_in.email})
-        return {
-            "access_token": token,
-            "token_type": "bearer",
-            "user_id": user_id,
-            "email": user_in.email
-        }
-    
-    raise HTTPException(status_code=500, detail="Failed to create user")
+# ── Auth Endpoints (DECOMMISSIONED - Use Firebase) ──────────────────────────
+
+@app.post("/auth/signup")
+async def signup():
+    """Signups are now handled by Firebase on the frontend."""
+    raise HTTPException(
+        status_code=status.HTTP_410_GONE,
+        detail="Local signup is decommissioned. Please use Firebase Auth."
+    )
 
-@app.post("/auth/login", response_model=TokenResponse)
-async def login(
-    login_in: UserLogin,
-    db_manager = Depends(get_db_manager)
-):
-    """Login and get access token."""
-    user = db_manager.get_user_by_email(login_in.email)
-    if not user or not verify_password(login_in.password, user["hashed_password"]):
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect email or password",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-    
-    user_id = user["user_id"]
-    token = create_access_token(data={"sub": user_id, "email": user["email"]})
-    
-    return {
-        "access_token": token,
-        "token_type": "bearer",
-        "user_id": user_id,
-        "email": user["email"]
-    }
+@app.post("/auth/login")
+async def login():
+    """Login is now handled by Firebase on the frontend."""
+    raise HTTPException(
+        status_code=status.HTTP_410_GONE,
+        detail="Local login is decommissioned. Please use Firebase Auth."
+    )

app/core/orchestrator.py

@@ -61,7 +61,12 @@ class Orchestrator:
             "status":     "success",
             "source":     "agent",
             "answer":     "",
-            "metadata":   {"latency_ms": 0, "model": "gemini-2.5-flash", "tools_used": []},
+            "metadata":   {
+                "latency_ms": 0, 
+                "model": "gemini-2.5-flash", 
+                "tools_used": [],
+                "logic_trace": []
+            },
         }
 
         try:

app/core/security.py

@@ -1,16 +1,33 @@
 import logging
+import firebase_admin
+from firebase_admin import auth, credentials as firebase_credentials
 from fastapi import HTTPException, status, Security
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from app.core.settings import settings
-from app.core.auth_utils import decode_access_token
 
 logger = logging.getLogger(__name__)
 
+# Initialize Firebase Admin
+_firebase_initialized = False
+try:
+    if settings.FIREBASE_CREDENTIALS_PATH:
+        cred = firebase_credentials.Certificate(settings.FIREBASE_CREDENTIALS_PATH)
+        firebase_admin.initialize_app(cred)
+        _firebase_initialized = True
+        logger.info("Firebase Admin initialized successfully.")
+    else:
+        # Try default/env initialization
+        firebase_admin.initialize_app()
+        _firebase_initialized = True
+        logger.info("Firebase Admin initialized using default credentials.")
+except Exception as e:
+    logger.warning(f"Firebase Admin initialization skipped or failed: {e}")
+
 security = HTTPBearer()
 
 def verify_token(credentials: HTTPAuthorizationCredentials = Security(security)):
     """
-    Verifies the Local JWT access token.
+    Verifies the Firebase ID Token.
     Returns the decoded token dict if valid.
     """
     token = credentials.credentials
@@ -24,21 +41,27 @@ def verify_token(credentials: HTTPAuthorizationCredentials = Security(security))
         logger.info(f"Using MOCK AUTH for token: {token}")
         return {"uid": "dev_user_123", "email": "dev@mathminds.ai"}
 
-    # Use local JWT verification
-    payload = decode_access_token(token)
-    if payload:
-        # Map 'sub' from JWT to 'uid' to maintain compatibility with existing code
+    if not _firebase_initialized:
+        logger.error("Attempted to verify token but Firebase is not initialized.")
+        raise HTTPException(
+            status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+            detail="Authentication service unavailable",
+        )
+
+    try:
+        # Verify the ID token from Firebase
+        decoded_token = auth.verify_id_token(token)
         return {
-            "uid": payload.get("sub"),
-            "email": payload.get("email")
+            "uid": decoded_token.get("uid"),
+            "email": decoded_token.get("email")
         }
-    
-    logger.warning(f"Invalid or expired token provided.")
-    raise HTTPException(
-        status_code=status.HTTP_401_UNAUTHORIZED,
-        detail="Invalid or expired authentication credentials",
-        headers={"WWW-Authenticate": "Bearer"},
-    )
+    except Exception as e:
+        logger.warning(f"Firebase token verification failed: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid or expired authentication credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
 
 def get_current_user(token: dict = Security(verify_token)):
     """

app/core/settings.py

@@ -60,8 +60,7 @@ class Settings(BaseSettings):
             if not self.REDIS_URL:
                 raise ValueError("REDIS_URL must be set in production environment")
             if not self.FIREBASE_CREDENTIALS_PATH:
-                 # Warning for now, might be critical depending on usage
-                 pass 
+                raise ValueError("FIREBASE_CREDENTIALS_PATH must be set in production environment")
 
         # Set Defaults for Development
         else:

app/tools/web_scraper.py

@@ -18,6 +18,18 @@ def run_playwright_sync(query: str, headless: bool, extraction_focus: Optional[s
     user_agent = ua.random
     
     try:
+        # Check if an event loop is already running in this thread
+        import asyncio
+        try:
+            loop = asyncio.get_running_loop()
+            if loop.is_running():
+                 # We are in an asyncio loop! We must use a thread or process.
+                 # For Celery tasks, this shouldn't happen with solo/prefork,
+                 # but for local testing it does.
+                 pass
+        except RuntimeError:
+            pass
+
         with sync_playwright() as p:
             browser = p.chromium.launch(headless=headless)
             context = browser.new_context(
@@ -92,41 +104,45 @@ def run_playwright_sync(query: str, headless: bool, extraction_focus: Optional[s
 
 class WebScraper:
     """
-    Tool for fetching live data from websites using Playwright.
-    Useful for queries requiring real-time context (e.g., stock prices, weather, news).
+    Tool for fetching live data from websites using a Celery task queue.
+    Offloads heavy browser automation to dedicated workers.
     """
 
     def __init__(self, headless: bool = True):
         self.headless = headless
-        # We use a ProcessPoolExecutor to run Playwright in a separate process.
-        # This is CRITICAL on Windows if the main process uses SelectorEventLoopPolicy,
-        # as Playwright requires ProactorEventLoopPolicy.
-        self.executor = ProcessPoolExecutor(max_workers=1)
 
     async def scrape(self, query: str, extraction_focus: Optional[str] = None) -> Dict[str, Any]:
         """
-        Scrapes data relevant to the query.
-        runs the scraping logic in a separate process.
-        
-        Args:
-            query: The search query or URL.
-            extraction_focus: Optional keyword to focus extraction on.
+        Dispatches a scraping task to Celery and waits for the result.
         """
-        logger.info(f"WebScraper triggered for query: {query}, focus: {extraction_focus}")
-        
-        loop = asyncio.get_running_loop()
+        logger.info(f"WebScraper: Dispatching Celery task for query: {query}")
         
-        # Run in separate process
         try:
-            result = await loop.run_in_executor(
-                self.executor, 
-                functools.partial(run_playwright_sync, query, self.headless, extraction_focus)
-            )
-            return result
+            from app.worker.tasks import scrape_task
+            
+            # Dispatch to worker
+            task = scrape_task.delay(query, self.headless, extraction_focus)
+            
+            # Wait for result (blocking the coroutine, but not the event loop)
+            # We use a loop/sleep or better, run_in_executor to not block the event loop if .get() is blocking.
+            # Celery's AsyncResult.get() is blocking.
+            
+            import asyncio
+            for _ in range(30): # 30 seconds timeout
+                if task.ready():
+                    return task.result
+                await asyncio.sleep(1)
+            
+            return {
+                "source": "web_scraper",
+                "error": "Scraping task timed out in worker queue.",
+                "status": "error"
+            }
+            
         except Exception as e:
-            logger.error(f"Process execution failed: {e}")
+            logger.error(f"Celery dispatch failed: {e}")
             return {
                 "source": "web_scraper",
-                "error": f"Process execution failed: {str(e)}",
+                "error": f"Celery dispatch failed: {str(e)}",
                 "status": "error"
             }

app/worker.py

@@ -1,59 +0,0 @@
-import os
-import asyncio
-from celery import Celery
-from app.core.settings import settings
-from app.tools.web_scraper import WebScraper
-import logging
-
-# Configure Logging
-logger = logging.getLogger(__name__)
-
-# Initialize Celery
-celery_app = Celery(
-    "mathminds_worker",
-    broker=settings.REDIS_URL,
-    backend=settings.REDIS_URL
-)
-
-celery_app.conf.update(
-    task_serializer="json",
-    accept_content=["json"],
-    result_serializer="json",
-    timezone="UTC",
-    enable_utc=True,
-)
-
-@celery_app.task(name="scrape_web_task", bind=True)
-def scrape_web_task(self, query: str, focus: str = ""):
-    """
-    Celery task to run web scraping in a background worker.
-    Since Playwright is async/sync hybrid, we run the sync version here
-    or manage the loop carefully.
-    """
-    logger.info(f"Worker: Starting scrape for '{query}'")
-    
-    # We use the sync logic of the scraper tools or run the async one via asyncio.run
-    # For simplicity/stability in Celery, we'll instantiate the scraper and run.
-    
-    # Note: WebScraper class uses ProcessPoolExecutor internally for safety on Windows
-    # Here we are already in a worker process, so we can just run it.
-    
-    scraper = WebScraper(headless=True)
-    
-    # Run async scrape in this sync task
-    try:
-        loop = asyncio.new_event_loop()
-        asyncio.set_event_loop(loop)
-        result = loop.run_until_complete(scraper.scrape(query, extraction_focus=focus))
-        loop.close()
-        return result
-    except Exception as e:
-        logger.error(f"Worker Scrape Failed: {e}")
-        return {"error": str(e), "status": "error"}
-
-@celery_app.task(name="solve_heavy_math_task")
-def solve_heavy_math_task(problem_text: str):
-    """
-    Placeholder for really heavy symbolic computation if needed.
-    """
-    pass

docker-compose.yml

@@ -11,43 +11,64 @@ services:
     environment:
       - REDIS_URL=redis://redis:6379/0
       - MONGO_URI=mongodb://mongo:27017/mathminds
+      - ENV=production
     depends_on:
-      - redis
-      - mongo
+      redis:
+        condition: service_healthy
+      mongo:
+        condition: service_healthy
     networks:
       - mathminds_net
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
 
   worker:
     build: .
     container_name: mathminds_worker
-    command: celery -A app.worker.celery_app worker --loglevel=info
+    command: celery -A app.worker.celery_app worker --loglevel=info --pool=solo
     env_file:
       - .env
     environment:
       - REDIS_URL=redis://redis:6379/0
       - MONGO_URI=mongodb://mongo:27017/mathminds
+      - ENV=production
     depends_on:
-      - redis
-      - mongo
+      redis:
+        condition: service_healthy
+      mongo:
+        condition: service_healthy
     networks:
       - mathminds_net
     restart: unless-stopped
 
-  n8n:
-    image: n8nio/n8n
-    container_name: mathminds_n8n
+  frontend:
+    build: 
+      context: .
+      dockerfile: frontend/Dockerfile
+    container_name: mathminds_frontend
     ports:
-      - "5678:5678"
+      - "8501:8501"
+    env_file:
+      - .env
     environment:
-      - N8N_BASIC_AUTH_ACTIVE=true
-      - N8N_BASIC_AUTH_USER=admin
-      - N8N_BASIC_AUTH_PASSWORD=admin
-    volumes:
-      - n8n_data:/home/node/.n8n
+      - BACKEND_URL=http://api:8000
+    depends_on:
+      api:
+        condition: service_healthy
     networks:
       - mathminds_net
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8501/_stcore/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
 
   redis:
     image: redis:alpine
@@ -59,6 +80,11 @@ services:
     networks:
       - mathminds_net
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
 
   mongo:
     image: mongo:latest
@@ -70,6 +96,11 @@ services:
     networks:
       - mathminds_net
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
 
 networks:
   mathminds_net:
@@ -78,4 +109,3 @@ networks:
 volumes:
   redis_data:
   mongo_data:
-  n8n_data:

frontend/app.py

@@ -8,6 +8,7 @@ import uuid
 import time
 from streamlit_drawable_canvas import st_canvas
 from dotenv import load_dotenv
+from firebase_utils import sign_in_with_email, sign_up_with_email
 
 load_dotenv()
 
@@ -300,26 +301,20 @@ def login_screen():
                 if st.form_submit_button("Sign In", use_container_width=True):
                     if email and password:
                         try:
-                            r = requests.post(
-                                f"{BASE_API_URL}/auth/login",
-                                json={"email": email, "password": password},
-                                timeout=30
-                            )
-                            if r.status_code == 200:
-                                d = r.json()
+                            token, uid, user_email, error = sign_in_with_email(email, password)
+                            if token:
                                 # ✅ MULTIUSER FIX: Clear ALL previous user data
-                                # BEFORE setting the new user identity.
                                 _clear_user_state()
                                 st.session_state.user = {
-                                    "email": d["email"],
-                                    "token": d["access_token"],
-                                    "uid":   d["user_id"]
+                                    "email": user_email,
+                                    "token": token,
+                                    "uid":   uid
                                 }
-                                st.success(f"Welcome back, {d['email']}!")
+                                st.success(f"Welcome back, {user_email}!")
                                 time.sleep(0.5)
                                 st.rerun()
                             else:
-                                st.error(f"Login Failed: {r.json().get('detail', 'Unknown error')}")
+                                st.error(f"Login Failed: {error}")
                         except Exception as e:
                             st.error(f"Connection Error: {e}")
                     else:
@@ -337,29 +332,20 @@ def login_screen():
                             st.error("Passwords do not match!")
                         else:
                             try:
-                                r = requests.post(
-                                    f"{BASE_API_URL}/auth/signup",
-                                    json={
-                                        "email":     new_email,
-                                        "password":  new_password,
-                                        "full_name": full_name
-                                    },
-                                    timeout=30
-                                )
-                                if r.status_code == 200:
-                                    d = r.json()
+                                token, uid, user_email, error = sign_up_with_email(new_email, new_password)
+                                if token:
                                     # ✅ MULTIUSER FIX: Same as login — clear first
                                     _clear_user_state()
                                     st.session_state.user = {
-                                        "email": d["email"],
-                                        "token": d["access_token"],
-                                        "uid":   d["user_id"]
+                                        "email": user_email,
+                                        "token": token,
+                                        "uid":   uid
                                     }
-                                    st.success(f"Account Created! Welcome, {d['email']}!")
+                                    st.success(f"Account Created! Welcome, {user_email}!")
                                     time.sleep(0.5)
                                     st.rerun()
                                 else:
-                                    st.error(f"Sign Up Failed: {r.json().get('detail', 'Unknown error')}")
+                                    st.error(f"Sign Up Failed: {error}")
                             except Exception as e:
                                 st.error(f"Connection Error: {e}")
                     else: