release: promote deletion cleanup

[jon-devlapaz]

Context & Intent

• Promote the audited deletion cleanup from dev to production trunk.
• This stems from the supergoal ponytail cleanup track and PR refactor: delete stale app surfaces #262.

Implementation Details

• Includes the merged cleanup commit 0fcef05e: dead dependencies, disabled magic-auth endpoints, duplicate source attachment UI, legacy extract text payload support, stale frontend migration, and the one-provider LLM adapter seam were removed.
• Keeps documented compatibility where deleting now would risk graph truth or drill/repair behavior.
• Includes the repo push-wrapper fix for first-pushing new feat/* branches.

MVP / Deployment Risk Check

• Does this logic rely on local behavior that might fail in Vercel serverless? No new local-only runtime dependency added.
• Are there SSRF or error leakage risks in new external calls? No new external calls added.
• If dealing with ingestion (e.g., YouTube), is the manual fallback preserved? Manual source path preserved; unused dependency declaration removed.

UX Framework Alignment (For UI/Drill changes)

• Does this strictly enforce "Generation Before Recognition"? No learner-evidence shortcut added.
• Does the graph still tell the truth (no faking mastery)? Yes; compatibility fallbacks retained where needed.
• Is the active cognitive target explicitly clear to the user? Source attachment path remains intact and unified.

Verification already passed on PR #262:

• bash scripts/doctor.sh
• .venv/bin/pyrefly check
• .venv/bin/mypy .
• .venv/bin/pytest -q --ignore=tests/e2e
• bash scripts/check-coverage.sh — 100% diff coverage
• tests/test_agent_push.py -q — 27 passed

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
learn-ops-tamagachi	Ready	Preview, Comment	Jun 17, 2026 5:46am

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• Breaking Changes

  • Removed magic authentication endpoints
  • Updated /api/extract request payload structure (now requires name, learner_goal, and starting_sketch fields with optional source)
  • Application now uses Gemini exclusively; multi-provider support removed

• Removed Features

  • Discontinued YouTube transcript integration

• Improvements

  • Refactored source input interface for streamlined content attachment

Walkthrough

This PR consolidates the LLM subsystem to Gemini-only by removing the LLMAdapter protocol and simplifying factory.py; removes the legacy {text} payload from /api/extract and enforces structured source routing; replaces source-input-ui.js with source-panel.js across app.js and tests; and removes disabled magic-auth endpoints, unused dependencies, and a legacy localStorage migration.

Changes

LLM Gemini-only consolidation

Layer / File(s)	Summary
Remove LLMAdapter protocol and update LLMClient llm/adapter.py, llm/client.py, llm/__init__.py, tests/test_llm_client.py	Deletes llm/adapter.py entirely; widens LLMClient.adapter from LLMAdapter to Any with an explicit cast() call; updates llm/__init__.py docstring to reference client instead of adapter.
Collapse factory to Gemini-only with _DEFAULT_MODEL llm/factory.py, tests/test_llm_factory.py	Removes _DEFAULT_PROVIDER/_DEFAULT_MODELS constants and all LLM_PROVIDER selection logic; adds _DEFAULT_MODEL = "gemini-2.5-flash"; build_llm_client now only validates LLM_MODEL is non-empty; tests reorganized to cover Gemini construction, explicit API key propagation, and ValueError on empty model.
Update LLM README and ADR llm/README.md, docs/adr/0002-llm-seam.md	Rewrites llm/README.md to document LLMClient owning retry/telemetry around Gemini call-once, restricts env contract to GEMINI_API_KEY + LLM_MODEL; ADR-0002 updated to reject provider-switching speculation.

/api/extract legacy payload removal

Layer / File(s)	Summary
ExtractRequest model and _resolve_extract_path() refactor main.py	Removes legacy text field from ExtractRequest; _resolve_extract_path() validates name, routes source.text to extract, rejects source.url with 422, and routes source-less requests to from_threshold with learner_goal context.
Update extract route tests tests/test_extract_route.py, tests/test_extract_route_error_mapping.py, tests/test_extract_route_source_optional.py, tests/test_characterization.py, tests/test_concept_create_telemetry.py	Adds _source_payload() helper; updates all test payloads to structured source shape; removes legacy text-only regression test; adds source-less LC enrichment path test.

Frontend source panel migration

Layer / File(s)	Summary
Add isBlockedVideoUrl and opts.readFile to source-panel.js public/js/source-panel.js	Exports isBlockedVideoUrl detecting blocked YouTube hostnames; updates isValidHttpUrl to reject blocked URLs; adds opts.readFile resolution chain.
Delete source-input-ui.js and rewire app.js public/js/source-input-ui.js, public/js/app.js, public/css/components.css	Removes entire source-input-ui.js; app.js imports mountSourcePanel and replaces _bindDoorSourceAttach and showContentOverlay wiring; removes legacy learnops-state localStorage migration; CSS comments updated to reference source-panel.
Update frontend and E2E tests tests/e2e/test_app_helper_modules.py, tests/test_frontend_app_helper_modules.py, tests/e2e/README.md	E2E test switches to source-panel.js?v=3, updates hero/overlay source submission flows and cancel assertions; unit test replaces source-input-ui.js contract checks with source-panel.js tab/id and isBlockedVideoUrl assertions.
Cache-busting version bumps public/styles.css, public/css/index.css, public/index.html	Increments version strings: components.css v96→v97, styles.css v147→v148, index.css v149→v150, app.js v153→v155.

Auth cleanup, dependency removal, agent-push fix

Layer / File(s)	Summary
Remove disabled magic-auth endpoints auth/router.py, tests/test_auth_router_supabase.py	Removes Field import, MagicAuthSendRequest/MagicAuthVerifyRequest models, and both HTTP 503 route handlers; removes the corresponding disabled-endpoint test.
Remove unused dependencies requirements.txt, requirements-dev.txt	Removes aiofiles, youtube-transcript-api, and pyyaml==6.0.3.
Non-fatal git fetch for feat/ branches scripts/agent-push.py, tests/test_agent_push.py	ensure_destination_ref_current sets check=False when refspec starts with feat/; test asserts the fetch call includes check=False.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• jon-devlapaz/socratink-app#257: Directly intersects on the /api/extract request contract — that PR updates frontend call sites to the same endpoint whose backend payload shape this PR changes.
• jon-devlapaz/socratink-app#66: Introduced the source-intake facade and from_text/from_url routing behavior that this PR's _resolve_extract_path() refactor builds on.
• jon-devlapaz/socratink-app#80: Both PRs modify the concept-creation frontend flow in public/js/app.js.

Poem

🐇 Hop! I swept the old adapters away,
The Gemini path is the only highway.
The text field is gone, source leads the dance,
Source-panel mounts where old UI had its chance.
The magic-auth ghosts? Erased without trace—
A cleaner warren, a tidier base! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.58% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'release: promote deletion cleanup' accurately describes the main objective—promoting a deletion cleanup from dev to production—and is specific enough to convey the primary change.
Description check	✅ Passed	The description provides comprehensive context about the PR's intent, implementation details, risk assessment, and verification results, all directly related to the changeset of deletions and cleanup.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.43.0)

public/js/app.js

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0fcef05ed9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore feedback for blocked video URLs

When a learner enters a YouTube or youtube-nocookie URL, this new predicate keeps the Attach button disabled, but the URL input handler only calls refreshAttachEnabled() and never writes to .overlay-url-feedback. The previous UI showed explicit copy telling users video links are unsupported and to paste notes/transcript text instead; now the control just stays disabled with no explanation, which makes the manual fallback hard to discover.

Useful? React with 👍 / 👎.