- Create Hono router in api.ts
- Convert 6 API endpoints to Hono format:
- GET /api/deposit/balance
- POST /api/deposit/deduct
- POST /api/test
- POST /api/chat
- POST /api/contact
- GET /api/metrics
- Use Hono CORS middleware for /contact
- Remove manual handleApiRequest and handleContactPreflight
- Integrate with main app via app.route('/api', apiRouter)
Benefits:
- Cleaner declarative routing (44 insertions, 48 deletions)
- Built-in CORS middleware
- Better code organization
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace stub implementations with actual API calls
- POST /api/provision/orders/{order_id}/start
- POST /api/provision/orders/{order_id}/stop
- Add proper validation, logging, and error handling
- Follow existing code patterns (callProvisionAPI, __DIRECT__)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
P2-1: Tool selection fallback optimization
- Return only utility tools when no patterns match
- Reduces token usage by ~80% in fallback cases
P2-2: Minimum deposit amount validation
- Add MIN_DEPOSIT_AMOUNT = 1,000원
- Prevents spam with tiny deposits
P2-3: Standardize logging
- Replace console.log/error with structured logger
- bank-sms-parser.ts and security.ts
P2-4: Nameserver format validation
- Add validateNameservers() function
- Check minimum 2 NS, valid hostname format
- Clear error messages in Korean
P2-5: Optimistic lock error context
- Return specific error for version conflicts
- User-friendly message: "동시 요청으로 처리가 지연됨"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
P1-1: Callback query error handling
- Add try-catch around domain registration and server order
- Send user-friendly error messages on failure
- Use answerCallbackQuery to acknowledge button clicks
- Add structured logging with createLogger
P1-2: Queue DLQ monitoring
- Add admin notification when server provisioning fails
- Update order status to 'failed' in database
- Include detailed context in notifications
- Apply rate limiting (1 notification per hour)
P1-3: Email handler error recovery
- Add admin notification when SMS parsing fails
- Include email preview in notifications
- Mask email addresses for privacy
- Add structured logging with emailLogger
Also add 'failed' status to ServerOrder type.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enhance OpenAI message types with tool_calls support
- Improve security validation and rate limiting
- Update utility tools and weather tool
- Minor fixes in deposit-agent and domain-register
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add server-provision.ts for async server creation
- Add SERVER_PROVISION_QUEUE with DLQ for reliability
- Add cron job for auto-cleanup of pending orders (5min)
- Add server delete confirmation with inline keyboard
- Update types for server orders, images, and provisioning
- Add server tables to schema (server_orders, server_instances)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix USD price display: all prices now show in KRW (₩)
- Add Korea region auto-detection: extracts region preference from user messages
- Fix low-spec recommendation for high-performance requirements:
- Add extractTechStack() to detect PostgreSQL, Redis, MongoDB keywords
- Enhance inferExpectedUsers() to consider tech stack complexity
- SaaS/B2B services now recommend 4GB+ RAM servers
- Fix __DIRECT__ tag appearing in output:
- Reorder message concatenation in server-agent.ts
- Add stripping logic in conversation-service.ts and api.ts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When user requests server recommendation while in an existing session
(e.g., selecting state), reset the session and start fresh instead of
continuing the old session context.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add response_format: { type: 'json_object' } for review mode to force JSON response
- Convert expectedDau and expectedConcurrent from string to number before API call
- Add enhanced KV session debugging with key names in logs
Fixes:
- AI returning plain text instead of JSON in review mode
- 400 error from recommend API due to string values in expected_users
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously cancellation only worked in 'selecting' or 'ordering' states.
Now users can cancel server consultation at any stage using keywords:
취소, 다시, 처음, 리셋, 초기화, 다시 시작, 처음부터
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add expectedDau and expectedConcurrent fields to ServerSession
- Update system prompts to explain DAU vs concurrent users concept
- AI now asks for clarification when users mention visitor counts
- Use concurrent users (5-10% of DAU) for server recommendations
- Update inference rules: personal=10, business=50 concurrent users
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Server Expert AI now reviews recommendation results before showing to user
- Changed flow: get recommendations first → AI reviews → show with comments
- AI provides specific advice based on actual recommended specs
- Reviews include: spec adequacy, bandwidth warnings, CDN suggestions
Before: AI gave generic advice without seeing recommendations
After: AI reviews actual results and gives contextual feedback
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add cancel logic for selecting/ordering states
- Keywords: 취소, 다시, 처음
- Delete session and return to normal conversation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 'selecting' and 'ordering' status to ServerSession
- Add lastRecommendation field to store recommendation results
- Keep session alive after recommendation (don't delete immediately)
- Add selection pattern matching (1번, 첫번째, 1번 선택 등)
- Add order confirmation message with inline buttons
- Add server_order/server_cancel callback handlers
- Add ServerOrderKeyboardData type for button data
Flow: recommend → select number → confirm with buttons → order/cancel
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add server-agent.ts with 30-year senior architect persona
- Implement KV-based session management for multi-turn conversations
- Add search_trends (Brave Search) and lookup_framework_docs (Context7) tools
- Function Calling support with max 3 tool calls per request
- Auto-infer tech stack and expected users from use case/scale
- Prohibit competitor provider mentions (AWS, GCP, Azure, etc.)
- Simplify main AI system prompt, delegate complex logic to expert AI
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove Queue-based server provisioning (moved to cloud-orchestrator)
- Add manage_server tool with Service Binding to Cloud Orchestrator
- Add CDN cache hit rate estimation based on tech_stack
- Always display bandwidth info (show "포함 범위 내" when no overage)
- Add language auto-detection (ko, ja, zh, en)
- Update system prompt to always call tools fresh
- Add Server System documentation to CLAUDE.md
BREAKING: Server provisioning now requires cloud-orchestrator service
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add telegram-cli Worker with web chat UI for browser-based bot testing
- Add POST /api/chat authenticated endpoint (Bearer token, production enabled)
- Fix ENVIRONMENT to production in wrangler.toml (was blocking Service Binding)
- Add Service Binding (BOT_WORKER) for Worker-to-Worker communication
- Add cloud-db-schema.sql for local development
telegram-cli features:
- Web UI at GET / with dark theme
- JSON API at POST /api/chat
- Service Binding to telegram-summary-bot Worker
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Queue creation commands to CLAUDE.md
- Document server-provision-queue and provision-dlq
- Add Server System section with async flow diagram
- Document security improvements (password hashing, retryable flag)
- Update README.md with Queue setup in deployment guide
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update CLAUDE.md with server provisioning docs
- Add server tables to schema.sql (cloud_providers, instance_specs, etc.)
- Register manage_server tool in tools/index.ts
- Minor fixes to conversation-service and summary-service
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add server recommendation integration (SERVER_RECOMMEND worker)
- Implement KV-based session management for multi-step ordering
- Add Linode/Vultr API clients for server provisioning
- Add server-tool for Function Calling support
refactor: major code reorganization (Phase 1-3)
- Remove 443 lines of deprecated callback handlers
- Extract handlers to separate files (message-handler, callback-handler)
- Extract cloud-spec-service, server-recommend-service
- Centralize constants (OS_IMAGES, REGION_FLAGS, NUM_EMOJIS)
- webhook.ts reduced from 1,951 to 30 lines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)
Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)
Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Apply optimistic locking to deposit-matcher.ts (race condition fix)
- Add timing-safe comparison for API key validation
- Move admin IDs from wrangler.toml vars to secrets
- Add .env.example for secure credential management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Delete web/index.html (moved to hosting.anvil.it.com)
- Remove "Web Page (Cloudflare Pages)" section from CLAUDE.md
- API endpoints (/api/contact) and CORS config remain unchanged
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
DRY Improvements (api.ts):
- Extract requireApiKey() helper for API authentication
- Extract getCorsHeaders() helper for CORS header generation
- Eliminate ~20 lines of duplicated code
Type Safety (new utils/error.ts):
- Add toError() utility for safe error type conversion
- Replace all 6 `error as Error` assertions with toError()
- Proper handling of Error, string, and unknown types
Error Handling (api.ts):
- Add explicit JSON parsing error handling to all POST endpoints
- Return 400 Bad Request for malformed JSON
- Clearer error messages for API consumers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security (P1):
- Add optimistic locking to /api/deposit/deduct endpoint
- Prevent race conditions on concurrent balance deductions
- Return 409 Conflict on version mismatch with retry hint
Type Safety (P1):
- Add WttrResponse, WttrCurrentCondition, WttrWeatherDay types
- Remove `as any` from weather-tool.ts
- Add safety checks for malformed API responses
Both P1 issues from security review resolved.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add WorkersAIModel, WorkersAITextGenerationInput/Output types
- Remove `as any` from summary-service.ts (4 instances)
- Remove `as any` from bank-sms-parser.ts (3 instances)
- Remove `as any` from n8n-service.ts (2 instances)
- Add OpenAIResponse interface for API responses
Type-safe Workers AI calls with full IntelliSense support.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Type Safety Improvements:
- Add isErrorResult() type guard for API responses (domain-tool.ts)
- Replace `any` with `unknown` in executeTool args (tools/index.ts)
- Add JSON.parse error handling in function calling (openai-service.ts)
- Fix nullable price handling with nullish coalescing
- Add array type guard for nameservers validation
Code Quality Improvements:
- Extract convertNamecheapDate() to eliminate duplicate functions
- Move hardcoded bank account info to environment variables
- Add JSDoc documentation to executeDepositFunction
- Fix unused variables in optimistic-lock.ts
- Handle Error.captureStackTrace for Workers environment
All TypeScript strict mode checks now pass.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implement optimistic locking for deposit balance updates
- Prevent race conditions in concurrent deposit requests
- Add automatic retry with exponential backoff (max 3 attempts)
- Add version column to user_deposits table
- Improve type safety across codebase
- Add explicit types for Namecheap API responses
- Add typed function arguments (ManageDepositArgs, etc.)
- Remove `any` types from deposit-agent and tool files
- Add reconciliation job for balance integrity verification
- Compare user_deposits.balance vs SUM(confirmed transactions)
- Alert admin on discrepancy detection
- Set up test environment with Vitest + Miniflare
- Add 50+ test cases for deposit system
- Add helper functions for test data creation
- Update documentation
- Add migration guide for version columns
- Document optimistic locking patterns
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
