- Create Hono router in api.ts
- Convert 6 API endpoints to Hono format:
- GET /api/deposit/balance
- POST /api/deposit/deduct
- POST /api/test
- POST /api/chat
- POST /api/contact
- GET /api/metrics
- Use Hono CORS middleware for /contact
- Remove manual handleApiRequest and handleContactPreflight
- Integrate with main app via app.route('/api', apiRouter)
Benefits:
- Cleaner declarative routing (44 insertions, 48 deletions)
- Built-in CORS middleware
- Better code organization
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix USD price display: all prices now show in KRW (₩)
- Add Korea region auto-detection: extracts region preference from user messages
- Fix low-spec recommendation for high-performance requirements:
- Add extractTechStack() to detect PostgreSQL, Redis, MongoDB keywords
- Enhance inferExpectedUsers() to consider tech stack complexity
- SaaS/B2B services now recommend 4GB+ RAM servers
- Fix __DIRECT__ tag appearing in output:
- Reorder message concatenation in server-agent.ts
- Add stripping logic in conversation-service.ts and api.ts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add telegram-cli Worker with web chat UI for browser-based bot testing
- Add POST /api/chat authenticated endpoint (Bearer token, production enabled)
- Fix ENVIRONMENT to production in wrangler.toml (was blocking Service Binding)
- Add Service Binding (BOT_WORKER) for Worker-to-Worker communication
- Add cloud-db-schema.sql for local development
telegram-cli features:
- Web UI at GET / with dark theme
- JSON API at POST /api/chat
- Service Binding to telegram-summary-bot Worker
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)
Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)
Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Apply optimistic locking to deposit-matcher.ts (race condition fix)
- Add timing-safe comparison for API key validation
- Move admin IDs from wrangler.toml vars to secrets
- Add .env.example for secure credential management
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
DRY Improvements (api.ts):
- Extract requireApiKey() helper for API authentication
- Extract getCorsHeaders() helper for CORS header generation
- Eliminate ~20 lines of duplicated code
Type Safety (new utils/error.ts):
- Add toError() utility for safe error type conversion
- Replace all 6 `error as Error` assertions with toError()
- Proper handling of Error, string, and unknown types
Error Handling (api.ts):
- Add explicit JSON parsing error handling to all POST endpoints
- Return 400 Bad Request for malformed JSON
- Clearer error messages for API consumers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security (P1):
- Add optimistic locking to /api/deposit/deduct endpoint
- Prevent race conditions on concurrent balance deductions
- Return 409 Conflict on version mismatch with retry hint
Type Safety (P1):
- Add WttrResponse, WttrCurrentCondition, WttrWeatherDay types
- Remove `as any` from weather-tool.ts
- Add safety checks for malformed API responses
Both P1 issues from security review resolved.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
