peregrine

Author	SHA1	Message	Date
pyr0ball	a60cf9ea8c	fix: bootstrap resume_keywords.yaml on first cloud session New cloud users got a "resume_keywords.yaml not found" warning in Settings → Skills & Keywords because the file was never created during account provisioning. resolve_session() now writes an empty scaffold (skills/domains/keywords: []) to the user's config dir on first visit if the file doesn't exist, consistent with how config/ and data/ dirs are already created. Never overwrites an existing file.	2026-03-16 12:01:25 -07:00
pyr0ball	f3e547dcd7	fix: auto-provision free license on first cloud session, fix score button in Docker - cloud_session.py: add _ensure_provisioned() called in resolve_session() so new Google OAuth signups get a free Heimdall key created on first page load; previously resolve returned "free" tier but no key was ever written to Heimdall, leaving users in an untracked state - Home.py: replace conda run invocation in "Score All Unscored Jobs" with sys.executable so the button works inside Docker where conda is not present	2026-03-16 11:51:15 -07:00
pyr0ball	cd564c7abc	fix: get_config_dir had one extra .parent, resolved to /config not /app/config	2026-03-15 17:14:48 -07:00
pyr0ball	3e8b4cd654	fix(cloud): use per-user config dir for wizard gate; redirect on invalid session - app.py: wizard gate now reads get_config_dir()/user.yaml instead of hardcoded repo-level config/ — fixes perpetual onboarding loop in cloud mode where per-user wizard_complete was never seen - app.py: page title corrected to "Peregrine" - cloud_session.py: add get_config_dir() returning per-user config path in cloud mode, repo config/ locally - cloud_session.py: replace st.error() with JS redirect on missing/invalid session token so users land on login page instead of error screen - Home.py, 4_Apply.py, migrate.py: remove remaining AIHawk UI references	2026-03-13 11:24:42 -07:00
pyr0ball	d703bebb5e	feat(cloud): add Heimdall tier resolution to cloud_session Calls /admin/cloud/resolve after JWT validation to inject the user's current subscription tier (free/paid/premium/ultra) into session_state as cloud_tier. Cached 5 minutes via st.cache_data to avoid Heimdall spam on every Streamlit rerun. Degrades gracefully to free on timeout or missing token. New env vars: HEIMDALL_URL, HEIMDALL_ADMIN_TOKEN (added to .env.example and compose.cloud.yml). HEIMDALL_URL defaults to http://cf-license:8000 for internal Docker network access. New helper: get_cloud_tier() — returns tier string in cloud mode, "local" in local-first mode, so pages can distinguish self-hosted from cloud.	2026-03-10 12:31:14 -07:00
pyr0ball	04c4efd3e0	fix(cloud): extract cf_session cookie by name from X-CF-Session header	2026-03-10 09:22:08 -07:00
pyr0ball	96715bdeb6	feat(peregrine): add cloud_session middleware + SQLCipher get_connection() cloud_session.py: no-op in local mode; in cloud mode resolves Directus JWT from X-CF-Session header to per-user db_path in st.session_state. get_connection() in scripts/db.py: transparent SQLCipher/sqlite3 switch — uses encrypted driver when CLOUD_MODE=true and key provided, vanilla sqlite3 otherwise. libsqlcipher-dev added to Dockerfile for Docker builds. 6 new cloud_session tests + 1 new get_connection test — 34/34 db tests pass.	2026-03-09 19:43:42 -07:00

7 commits