Update session management in FastAPI app, modify OAuth scopes in environment configuration, and enhance .env.example with session security details.

.env.example

@@ -91,3 +91,6 @@ PYTHONPATH=/app
 # If deploying to Hugging Face Spaces, these are automatically set:
 # SPACE_ID=your-username/space-name
 # SPACE_HOST=https://your-username-space-name.hf.space
+
+# Session Security (Optional - auto-generated if not set)
+# SESSION_SECRET_KEY=your-secure-random-string-here

README.md

@@ -9,8 +9,7 @@ license: mit
 app_port: 7860
 hf_oauth: true
 hf_oauth_scopes:
-  - openid
-  - profile
+  - read-repos
 hf_oauth_expiration_minutes: 480
 ---
 

backend/app.py

@@ -5,6 +5,7 @@ This module defines the FastAPI application and routes for the agent monitoring
 
 import logging
 import os
+import secrets
 from pathlib import Path
 import sys
 from fastapi import FastAPI, Request, status
@@ -43,9 +44,10 @@ logger = logging.getLogger("agent_monitoring_server")
 app = FastAPI(title="Agent Monitoring System", version="1.0.0")
 
 # Add session middleware (required for OAuth)
+session_secret = os.getenv("SESSION_SECRET_KEY") or secrets.token_urlsafe(32)
 app.add_middleware(
     SessionMiddleware, 
-    secret_key=os.getenv("SESSION_SECRET_KEY", "your-secret-key-change-in-production"),
+    secret_key=session_secret,
     max_age=86400,  # 24 hours
 )
 

utils/environment.py

@@ -81,7 +81,7 @@ def get_oauth_config() -> Optional[Dict[str, str]]:
     oauth_config = {
         "client_id": os.getenv("OAUTH_CLIENT_ID"),
         "client_secret": os.getenv("OAUTH_CLIENT_SECRET"),
-        "scopes": os.getenv("OAUTH_SCOPES", "openid profile"),
+        "scopes": os.getenv("OAUTH_SCOPES", "read-repos"),
         "provider_url": os.getenv("OPENID_PROVIDER_URL", "https://huggingface.co"),
     }