Merge development into main #65
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update Next.js version to address security vulnerability
…velopment feat: fix security alerts on dev branch
… ReportingByComment (#45) * chore(fix): Removed Python custom error handler and replaced with HTTPException. Removed all files and instances related to custom Python error handler Fixed Python bug in ReportingByComment * Adding docstring * chore: corrected tests * (fix): implementing feedback changes & testing cli pipeline * (fix): increase wait time for integration tests * bug fix * bug fix - Devnull * Update run-python-tests.yml * Update run-python-tests.yml Remove tmate for debugging * Update run-python-tests.yml direction connection change * Update run-python-tests.yml Adding index creation * Update run-python-tests.yml * Update run-python-tests.yml * Update run-python-tests.yml * Update run-python-tests.yml
Dependabot Alert: Bump next to v16.0.10
- Add custom error classes (VoyageAuthError, VoyageAPIError) to distinguish error types - Update generateVoyageEmbedding to throw VoyageAuthError for 401 responses - Return 401 status for authentication errors, 503 for API errors - Improve client-side error handling with user-friendly messages - Update tests to verify proper error handling for different scenarios
- Python FastAPI backend: - Created custom exception classes (VoyageAuthError, VoyageAPIError) - Created error response utility function - Added global exception handlers in main.py - Updated vector search endpoint to use custom exceptions - Returns 400 for missing API key (SERVICE_UNAVAILABLE) - Returns 401 for invalid API key (VOYAGE_AUTH_ERROR) - Returns 503 for Voyage AI API errors (VOYAGE_API_ERROR) - Updated test to match new error handling behavior - Java Spring backend: - Created custom exception classes (VoyageAuthException, VoyageAPIException, ServiceUnavailableException) - Updated GlobalExceptionHandler with handlers for new exceptions - Updated MovieServiceImpl to throw custom exceptions - Returns 400 for missing API key (SERVICE_UNAVAILABLE) - Returns 401 for invalid API key (VOYAGE_AUTH_ERROR) - Returns 503 for Voyage AI API errors (VOYAGE_API_ERROR) - Updated tests to expect ServiceUnavailableException instead of ValidationException All three backends (Express, Python, Java) now have consistent Voyage AI error handling.
Replace datetime.utcnow() with datetime.now(timezone.utc) to fix deprecation warning in Python 3.12+.
- Remove accidentally added .python-version file - Update get_embedding() to catch specific voyageai.error exceptions: - AuthenticationError (401) -> VoyageAuthError - InvalidRequestError (400) -> VoyageAPIError - RateLimitError (429) -> VoyageAPIError - ServiceUnavailableError (503) -> VoyageAPIError - VoyageError (other) -> VoyageAPIError - Import VoyageAuthError and VoyageAPIError in tests for future use This fixes the issue where authentication errors were not being properly detected because the code was relying on string matching instead of catching the SDK's specific exception types.
The voyageai.Client() constructor can raise AuthenticationError if the API key is empty or invalid. Previously, this was happening outside the try/except block that catches Voyage AI exceptions, causing the error to be caught by the generic Exception handler and returned as a 500 error instead of a 401. This fix moves the client creation inside the try block so that AuthenticationError from the constructor is properly caught and converted to a VoyageAuthError with a 401 status code.
…ling DOCSP-55531: Add voyage api error handling
…eries Change directors, writers, and cast fields from text operator to phrase operator in the search endpoint across all three backend implementations. The text operator with fuzzy matching tokenizes multi-word queries into individual terms and matches using OR logic, causing searches like 'james cameron' to return ~240 results instead of ~10-15. The phrase operator performs exact phrase matching, ensuring that only documents where the full phrase appears are returned. Affected files: - Python FastAPI: mflix/server/python-fastapi/src/routers/movies.py - Express TypeScript: mflix/server/js-express/src/controllers/movieController.ts - Java Spring: mflix/server/java-spring/src/main/java/com/mongodb/samplemflix/service/MovieServiceImpl.java
…eries Use compound queries with AND logic for directors, writers, and cast fields to require ALL search terms to match, preventing 'james cameron' from matching any director with 'James' OR 'Cameron'. Changes: - Split multi-word queries into individual terms - Wrap terms in compound 'must' clause (AND logic) - Adjust fuzzy settings: maxEdits=1, prefixLength=2 for better typo tolerance without over-matching (e.g., prevents 'james' matching 'jane') Single-word queries continue to use simple text operator with fuzzy matching. Affected files: - Python FastAPI: mflix/server/python-fastapi/src/routers/movies.py - Express TypeScript: mflix/server/js-express/src/controllers/movieController.ts - Express types: mflix/server/js-express/src/types/index.ts - Java Spring: mflix/server/java-spring/src/main/java/com/mongodb/samplemflix/service/MovieServiceImpl.java
- Update placeholder text with example names (e.g. James Cameron) - Add helper text indicating fuzzy matching support for typo tolerance
- Group related fields into visual sections (Plot, People, Options) - Add section headers with uppercase styling - Use 3-column grid for directors/writers/cast fields - Consolidate fuzzy matching hint at section level - Improve spacing, padding, and border-radius - Add gradient styling to primary search button - Softer button styles (outline for Clear, subtle for Close) - Better input hover/focus states and placeholder colors - Improved responsive breakpoints for mobile - Cleaner vector search layout with dedicated section
Python: Upgrade filelock to v3.20.1
…ueries Simplify multi-word search logic by using the built-in matchCriteria option instead of manually splitting terms and wrapping in compound must clauses. - matchCriteria: 'all' requires ALL query terms to match (AND logic) - Maintains fuzzy matching support for typo tolerance - Significantly reduces code complexity - Same behavior, cleaner implementation Ref: https://www.mongodb.com/docs/atlas/atlas-search/operators-collectors/text/
Create a scoring hierarchy for directors, writers, and cast searches: 1. phrase match (highest score) - exact phrase in same array element 2. text match without fuzzy (high score) - all terms present, exact spelling 3. text match with fuzzy (lower score) - typo-tolerant fallback This ensures 'James Cameron' ranks higher than movies with separate 'James Mangold' + 'Cameron Crowe' directors, while still supporting typo tolerance via fuzzy matching. Also increased maxEdits to 2 for better typo tolerance on fuzzy fallback.
maxEdits=2 was too permissive, causing 'james cameron' to match 'jane campion' (james→jane=2 edits, cameron→campion=2 edits). maxEdits=1 provides typo tolerance for minor mistakes while preventing false positives from similar-but-different names.
Upgrade langchain-core to fix security alert
DOCSP-56383: Fix MongoDB Search returning too many results for multi-word queries
Bump aiohttp 3.13.3
Dependabot alert: Bump urllib3 2.6.3 dev
DOCSP-55532: Add vector scoring to search results
jordan-smith721
approved these changes
Jan 9, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR merges all changes from the development branch into main.
Changes included:
Security updates (urllib3 2.6.3, aiohttp 3.13.3, langchain-core, filelock 3.20.1)Already part ofmainvia separate PRsPull Request opened by Augment Code with guidance from the PR author