feat: Implement initial setup for Django data processing server and Express API server with data computation scheduler.

[GURUDAS-DEV]

Summary by CodeRabbit

• New Features

  • Batch scoring now runs automatically on server startup.
  • Added CORS support for cross-origin requests.

• Improvements

  • Extended scheduler interval from 15 to 30 minutes.
  • Streamlined error handling and logging.
  • Enhanced production security settings (SSL redirect, secure cookies, HSTS).

• Configuration

  • Python runtime pinned to 3.11.9.
  • Django updated to 5.2.11; gunicorn production server added.

[vercel]

@GURUDAS-DEV is attempting to deploy a commit to the kaihere14's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

Django configuration enhanced with CORS support, production security hardening, and environment-based host normalization. Dependencies updated to pin Django 5.2.11, add django-cors-headers and pathway packages, and include gunicorn. Python runtime specified as 3.11.9. Scheduler behavior modified to initialize unconditionally on startup and extend execution interval from 15 to 30 minutes with simplified error handling.

Changes

Cohort / File(s)	Summary
Django Configuration data-processing/dataProcessingServer/settings.py, data-processing/dataProcessingServer/requirements.txt, data-processing/dataProcessingServer/runtime.txt	Added CORS configuration (origin allowlist, credentials, headers, methods), production security settings (SSL redirect, cookie security, HSTS, frame options, content-type sniffing prevention), enhanced SECRET_KEY and ALLOWED_HOSTS handling with environment variables and normalization. Dependencies updated: Django pinned to 5.2.11, added django-cors-headers, pathway, and gunicorn. Python runtime set to 3.11.9.
Scheduler Implementation server/src/index.ts, server/src/utils/scheduler/computeData.scheduler.ts	Scheduler initialization no longer gated behind ENABLE_SCHEDULER flag; batch scoring now invokes on startup. Cron interval extended from 15 to 30 minutes. Error handling simplified with removal of batch-level summary logging. Route travelMode extraction refactored with "driving" as default fallback.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 With CORS and certs now standing tall,
And schedules stretched to answer the call,
The settings evolve with production's might,
While Django serves both day and night!
Thirty minutes feels just right! 🚀

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main changes: implementation of Django data processing server setup and Express API server with scheduler. It covers the primary objectives across multiple file modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

data-processing/dataProcessingServer/dataProcessingServer/settings.py (1)

1-11: ⚠️ Potential issue | 🟡 Minor

Stale Django version in module docstring.

The docstring and documentation URLs reference Django 6.0.2 / 6.0, but the project is pinned to Django 5.2.11 per requirements.txt. Update to avoid confusion:

📝 Proposed fix

-Generated by 'django-admin startproject' using Django 6.0.2.
+Generated by 'django-admin startproject' using Django 5.2.11.
 
 For more information on this file, see
-https://docs.djangoproject.com/en/6.0/topics/settings/
+https://docs.djangoproject.com/en/5.2/topics/settings/
 
 For the full list of settings and their values, see
-https://docs.djangoproject.com/en/6.0/ref/settings/
+https://docs.djangoproject.com/en/5.2/ref/settings/

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/dataProcessingServer/settings.py` around
lines 1 - 11, The module docstring in settings.py currently references Django
6.0.2/6.0 and docs URLs for Django 6.x; update that top-of-file docstring to
reflect Django 5.2 (or 5.2.11 as pinned in requirements.txt) and change the
documentation links to the corresponding 5.2 docs URLs (e.g.,
https://docs.djangoproject.com/en/5.2/ and the matching topics/ref pages) so the
settings.py docstring accurately matches the project's pinned Django version.

server/src/index.ts (1)

52-58: ⚠️ Potential issue | 🟠 Major

Missing error handling on the Pathway health-check endpoint.

If checkPathwayHealth throws (e.g., network error, DNS failure), the error is unhandled and Express will respond with a 500 and potentially leak stack traces in development. Wrap in try/catch like the adjacent endpoint.

📝 Proposed fix

 app.get("/api/v1/scheduler/pathway-health", tokenVerify, async (_req, res) => {
-  const pathwayUrl = process.env.PATHWAY_URL || "http://localhost:8001";
-  const isHealthy = await checkPathwayHealth(pathwayUrl);
-  res.json({
-    pathway: isHealthy ? "healthy" : "unhealthy",
-  });
+  try {
+    const pathwayUrl = process.env.PATHWAY_URL || "http://localhost:8001";
+    const isHealthy = await checkPathwayHealth(pathwayUrl);
+    res.json({ pathway: isHealthy ? "healthy" : "unhealthy" });
+  } catch (error) {
+    console.error("Pathway health check failed:", error);
+    res.status(503).json({ pathway: "unhealthy", error: "Health check failed" });
+  }
 });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/index.ts` around lines 52 - 58, The pathway-health route handler
(app.get("/api/v1/scheduler/pathway-health", tokenVerify, ...)) does not catch
exceptions from checkPathwayHealth; wrap the handler body in a try/catch, call
await checkPathwayHealth(pathwayUrl) inside the try, and in the catch log the
error (use existing logger or console.error) and return a non-2xx response
(e.g., res.status(503).json({ pathway: "unhealthy", error: "Pathway health check
failed" })) so errors are handled consistently with the adjacent endpoint.

server/src/utils/scheduler/computeData.scheduler.ts (1)

251-267: ⚠️ Potential issue | 🟠 Major

Race condition: _isRunning guard does not protect runManualBatchScoring.

_isRunning only gates the cron callback (line 255), but runManualBatchScoring (line 272) calls runBatchScoring directly without checking or setting _isRunning. This means:

1. The startup run fired from index.ts can overlap with the first cron tick.
2. An admin hitting POST /api/v1/scheduler/run can overlap with an in-progress cron run.

Both scenarios cause concurrent Route.updateOne calls for the same documents.

📝 Proposed fix — share the guard

 export async function runManualBatchScoring(): Promise<void> {
+  if (_isRunning) {
+    console.warn("[Scheduler] Batch already in progress — skipping manual trigger");
+    return;
+  }
+  _isRunning = true;
+  try {
     await runBatchScoring();
+  } finally {
+    _isRunning = false;
+  }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/utils/scheduler/computeData.scheduler.ts` around lines 251 - 267,
The _isRunning flag currently only guards the cron callback in initScheduler,
allowing runManualBatchScoring and other callers to call runBatchScoring
concurrently; update the code so the running guard is shared and enforced by
runBatchScoring (or a small wrapper) instead of being local to the cron
callback: move the _isRunning check/set/reset into a single place (e.g., at the
top and finally of runBatchScoring or create a guardedRunBatch helper) and have
initScheduler and runManualBatchScoring call that guarded entry (referencing
_isRunning, initScheduler, runBatchScoring, runManualBatchScoring) so manual
HTTP triggers and startup runs will respect the same in-flight guard and prevent
overlapping Route.updateOne operations.

🧹 Nitpick comments (7)

server/src/utils/scheduler/computeData.scheduler.ts (2)

113-129: trafficValue is hardcoded to 0 — document or parameterize.

If traffic data integration is planned, a // TODO or constant with a comment would clarify intent. As-is, every route always sends trafficValue: 0 which could silently skew scores if the Pathway model weights traffic.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/utils/scheduler/computeData.scheduler.ts` around lines 113 - 129,
The pathwayInput object currently sets trafficValue: 0 unconditionally which can
misrepresent missing vs actual zero traffic; update the construction of
PathwayRouteInput (variable pathwayInput) to either accept a trafficValue
parameter or replace the literal with a named constant (e.g.,
TRAFFIC_UNAVAILABLE) and add a clear TODO comment explaining it's a placeholder
until traffic integration is added, or compute it from routeOption (e.g.,
routeOption.trafficValue) if available; ensure PathwayRouteInput consumers
understand the sentinel vs real value by documenting the change in the same
block.

---

218-242: results array is accumulated but never consumed.

The results array (line 219) collects every batch result but is never returned, logged, or inspected. This is dead code that allocates memory for no purpose. Either remove it or return it from runBatchScoring so callers (e.g., the manual endpoint) can report outcomes.

♻️ Option A — remove dead accumulation

-    const results: Array<{
-      success: boolean;
-      routeId: string;
-      routeOptionIndex: number;
-      newScore?: number;
-      error?: string;
-    }> = [];
-
     for (let i = 0; i < tasks.length; i += BATCH_SIZE) {
       const batch = tasks.slice(i, i + BATCH_SIZE);
 
-      const batchResults = await Promise.all(
+      await Promise.all(
         batch.map((task) =>
           processRoute(task.routeId, task.routeOptionIndex, task.routeOption)
         )
       );
 
-      results.push(...batchResults);
-
       // Rate-limit friendly delay between batches

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/utils/scheduler/computeData.scheduler.ts` around lines 218 - 242,
The results array being accumulated in runBatchScoring (collecting outputs from
processRoute in BATCH_SIZE batches) is never used; either remove the
accumulation or (preferred) change runBatchScoring to return the results array
(typed as
Array<{success:boolean;routeId:string;routeOptionIndex:number;newScore?:number;error?:string}>)
so callers can inspect/log outcomes (e.g., the manual endpoint should await
runBatchScoring and handle the returned results); update any callers to receive
and use the returned results or remove the results push logic entirely if you
choose to discard per-batch outcomes.

data-processing/dataProcessingServer/dataProcessingServer/settings.py (2)

76-85: Use iterable unpacking instead of list concatenation (RUF005).

Per the static analysis hint, prefer unpacking for clarity and a minor performance benefit:

♻️ Proposed fix

 if _allowed_hosts_from_env:
     ALLOWED_HOSTS = _allowed_hosts_from_env
 else:
-    # Local dev: allow all localhost variants + Render hosts for production
-    ALLOWED_HOSTS = _render_hosts + [
+    ALLOWED_HOSTS = [
+        *_render_hosts,
         'localhost',
         '127.0.0.1',
         '[::1]',           # IPv6 localhost
         '.onrender.com',   # Render.com deployments
     ]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/dataProcessingServer/settings.py` around
lines 76 - 85, The ALLOWED_HOSTS assignment uses list concatenation; change it
to iterable unpacking to follow RUF005: when _allowed_hosts_from_env is falsy,
set ALLOWED_HOSTS by unpacking _render_hosts and the explicit host strings
('.onrender.com', 'localhost', '127.0.0.1', '[::1]') into a single list/iterable
instead of using _render_hosts + [...], ensuring the result remains a list
assigned to ALLOWED_HOSTS.

---

144-158: Dev fallback CORS origins include port 8001 (Pathway server) — is this intentional?

Ports 3000 (Next.js) and 8000 (Node API) make sense as browser-facing origins. Port 8001 is the Pathway data-processing server, which is typically a backend-to-backend service that wouldn't make browser-originated cross-origin requests. Including it won't cause harm but may be unnecessary.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/dataProcessingServer/settings.py` around
lines 144 - 158, The dev fallback currently sets CORS_ALLOWED_ORIGINS using
_cors_env/_cors_from_env and includes localhost ports 8000, 3000 and 8001;
remove the backend-only Pathway entries by deleting 'http://localhost:8001' and
'http://127.0.0.1:8001' from the fallback list (or replace them with a comment
explaining they were intentionally omitted) so CORS_ALLOWED_ORIGINS only
contains browser-facing origins; update the block that defines
CORS_ALLOWED_ORIGINS and optionally add a clarifying inline comment near
_cors_env/_cors_from_env to explain why 8001 is excluded.

server/src/index.ts (1)

20-25: Hardcoded CORS origins — consider reading from environment.

The allowed origins are hardcoded to localhost:3000 and breathe.daemondoc.online. This is workable for now, but moving them to an environment variable (like done in the Django settings) would make deployments more flexible without code changes.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/index.ts` around lines 20 - 25, Replace the hardcoded origin list
in the CORS middleware registration with a value read from an environment
variable (e.g. process.env.CORS_ALLOWED_ORIGINS) and parse it into the array
used by app.use(cors(...)); keep credentials: true and provide a sensible
default fallback (e.g. ["http://localhost:3000"]) if the env var is missing or
empty, and ensure the code that configures CORS (the app.use call and the
cors(...) options) uses this parsed value so deployments can change allowed
origins via env configuration.

data-processing/dataProcessingServer/requirements.txt (2)

6-7: Consider adding an upper-bound pin for django-cors-headers.

Using >=4.3.0 without an upper bound risks pulling in a future major version with breaking changes. A constraint like >=4.3.0,<5.0 would be safer for reproducible builds while still allowing patch updates.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/requirements.txt` around lines 6 - 7,
Update the django-cors-headers constraint in requirements.txt to add an
upper-bound to avoid accidentally pulling a breaking major release; replace the
open-ended spec "django-cors-headers>=4.3.0" with a bounded spec such as
"django-cors-headers>=4.3.0,<5.0" so patch and minor updates are allowed but
major version bumps are prevented.

---

20-21: Consider adding an upper-bound pin for gunicorn.

Same concern as django-cors-headers — >=21.0.0 with no ceiling could introduce breaking changes on a future major release. Consider >=21.0.0,<23.0 or similar.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/requirements.txt` around lines 20 - 21,
Replace the open-ended dependency pin for gunicorn with a bounded range to avoid
unexpected breaking changes; update the requirements entry for the package named
"gunicorn" from "gunicorn>=21.0.0" to a range like "gunicorn>=21.0.0,<23.0" (or
another appropriate upper bound) so newer major releases are excluded while
allowing patch/minor updates.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@data-processing/dataProcessingServer/requirements.txt`:
- Around line 3-4: Update the stale Django version references: in
requirements.txt remove the hardcoded comment "Django (must match version
referenced in settings.py — Django 6.0.2)" and ensure the pinned dependency line
is exactly "Django==5.2.11"; in settings.py update the docstring occurrences
that mention "Django 6.0.2" to "Django 5.2.11" so docstrings and the
requirements pin match, and avoid embedding a specific version in the comment to
prevent future drift.

In `@server/src/utils/scheduler/computeData.scheduler.ts`:
- Around line 243-245: The top-level catch is swallowing infrastructure errors;
change it to catch the error object (e.g., catch (err)) and log a clear message
including the error/stack so failures from Route.find({}).lean() or other infra
issues are observable; update the catch in the same scope that calls
Route.find({}).lean() and wraps calls to processRoute to call your logger (e.g.,
processLogger.error or the module logger) with context like "computeData
scheduler: failed processing routes" plus the error details.

---

Outside diff comments:
In `@data-processing/dataProcessingServer/dataProcessingServer/settings.py`:
- Around line 1-11: The module docstring in settings.py currently references
Django 6.0.2/6.0 and docs URLs for Django 6.x; update that top-of-file docstring
to reflect Django 5.2 (or 5.2.11 as pinned in requirements.txt) and change the
documentation links to the corresponding 5.2 docs URLs (e.g.,
https://docs.djangoproject.com/en/5.2/ and the matching topics/ref pages) so the
settings.py docstring accurately matches the project's pinned Django version.

In `@server/src/index.ts`:
- Around line 52-58: The pathway-health route handler
(app.get("/api/v1/scheduler/pathway-health", tokenVerify, ...)) does not catch
exceptions from checkPathwayHealth; wrap the handler body in a try/catch, call
await checkPathwayHealth(pathwayUrl) inside the try, and in the catch log the
error (use existing logger or console.error) and return a non-2xx response
(e.g., res.status(503).json({ pathway: "unhealthy", error: "Pathway health check
failed" })) so errors are handled consistently with the adjacent endpoint.

In `@server/src/utils/scheduler/computeData.scheduler.ts`:
- Around line 251-267: The _isRunning flag currently only guards the cron
callback in initScheduler, allowing runManualBatchScoring and other callers to
call runBatchScoring concurrently; update the code so the running guard is
shared and enforced by runBatchScoring (or a small wrapper) instead of being
local to the cron callback: move the _isRunning check/set/reset into a single
place (e.g., at the top and finally of runBatchScoring or create a
guardedRunBatch helper) and have initScheduler and runManualBatchScoring call
that guarded entry (referencing _isRunning, initScheduler, runBatchScoring,
runManualBatchScoring) so manual HTTP triggers and startup runs will respect the
same in-flight guard and prevent overlapping Route.updateOne operations.

---

Nitpick comments:
In `@data-processing/dataProcessingServer/dataProcessingServer/settings.py`:
- Around line 76-85: The ALLOWED_HOSTS assignment uses list concatenation;
change it to iterable unpacking to follow RUF005: when _allowed_hosts_from_env
is falsy, set ALLOWED_HOSTS by unpacking _render_hosts and the explicit host
strings ('.onrender.com', 'localhost', '127.0.0.1', '[::1]') into a single
list/iterable instead of using _render_hosts + [...], ensuring the result
remains a list assigned to ALLOWED_HOSTS.
- Around line 144-158: The dev fallback currently sets CORS_ALLOWED_ORIGINS
using _cors_env/_cors_from_env and includes localhost ports 8000, 3000 and 8001;
remove the backend-only Pathway entries by deleting 'http://localhost:8001' and
'http://127.0.0.1:8001' from the fallback list (or replace them with a comment
explaining they were intentionally omitted) so CORS_ALLOWED_ORIGINS only
contains browser-facing origins; update the block that defines
CORS_ALLOWED_ORIGINS and optionally add a clarifying inline comment near
_cors_env/_cors_from_env to explain why 8001 is excluded.

In `@data-processing/dataProcessingServer/requirements.txt`:
- Around line 6-7: Update the django-cors-headers constraint in requirements.txt
to add an upper-bound to avoid accidentally pulling a breaking major release;
replace the open-ended spec "django-cors-headers>=4.3.0" with a bounded spec
such as "django-cors-headers>=4.3.0,<5.0" so patch and minor updates are allowed
but major version bumps are prevented.
- Around line 20-21: Replace the open-ended dependency pin for gunicorn with a
bounded range to avoid unexpected breaking changes; update the requirements
entry for the package named "gunicorn" from "gunicorn>=21.0.0" to a range like
"gunicorn>=21.0.0,<23.0" (or another appropriate upper bound) so newer major
releases are excluded while allowing patch/minor updates.

In `@server/src/index.ts`:
- Around line 20-25: Replace the hardcoded origin list in the CORS middleware
registration with a value read from an environment variable (e.g.
process.env.CORS_ALLOWED_ORIGINS) and parse it into the array used by
app.use(cors(...)); keep credentials: true and provide a sensible default
fallback (e.g. ["http://localhost:3000"]) if the env var is missing or empty,
and ensure the code that configures CORS (the app.use call and the cors(...)
options) uses this parsed value so deployments can change allowed origins via
env configuration.

In `@server/src/utils/scheduler/computeData.scheduler.ts`:
- Around line 113-129: The pathwayInput object currently sets trafficValue: 0
unconditionally which can misrepresent missing vs actual zero traffic; update
the construction of PathwayRouteInput (variable pathwayInput) to either accept a
trafficValue parameter or replace the literal with a named constant (e.g.,
TRAFFIC_UNAVAILABLE) and add a clear TODO comment explaining it's a placeholder
until traffic integration is added, or compute it from routeOption (e.g.,
routeOption.trafficValue) if available; ensure PathwayRouteInput consumers
understand the sentinel vs real value by documenting the change in the same
block.
- Around line 218-242: The results array being accumulated in runBatchScoring
(collecting outputs from processRoute in BATCH_SIZE batches) is never used;
either remove the accumulation or (preferred) change runBatchScoring to return
the results array (typed as
Array<{success:boolean;routeId:string;routeOptionIndex:number;newScore?:number;error?:string}>)
so callers can inspect/log outcomes (e.g., the manual endpoint should await
runBatchScoring and handle the returned results); update any callers to receive
and use the returned results or remove the results push logic entirely if you
choose to discard per-batch outcomes.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "requirements.txt" -o -name "settings.py" | head -20

Repository: kaihere14/BreathClean

Length of output: 192

---

🏁 Script executed:

# Read the requirements.txt file to verify the actual content
cat -n data-processing/dataProcessingServer/requirements.txt

Repository: kaihere14/BreathClean

Length of output: 1268

---

🌐 Web query:

Django 5.2.11 release

💡 Result:

Django 5.2.11 was released on February 3, 2026 (Django 5.2 LTS) as a security release. It fixes 6 security issues in 5.2.10: 3 “high”, 2 “moderate”, and 1 “low” severity. Key fixes include a PostGIS RasterField SQL injection (CVE-2026-1207), SQL injection vectors involving FilteredRelation/aliases (CVE-2026-1287, CVE-2026-1312), ASGI repeated-headers DoS (CVE-2025-14550), Truncator HTML DoS (CVE-2026-1285), and mod_wsgi auth timing-based username enumeration (CVE-2025-13473). [1][2]

Upgrade/install with pip:

pip install --upgrade "Django==5.2.11"

The release is available via the official Django download page and on PyPI. [3][4]

Sources: Django 5.2.11 release notes [1], Django security announcement [2], Django downloads page [3], PyPI release history [4].

---

🏁 Script executed:

cat -n data-processing/dataProcessingServer/dataProcessingServer/settings.py | head -50

Repository: kaihere14/BreathClean

Length of output: 2000

---

Update stale Django version references in requirements.txt and settings.py.

Line 3 of requirements.txt states Django 6.0.2 but the actual pin is Django==5.2.11 (LTS). The same stale version appears in settings.py's docstring (lines 4, 7, 10). Update both files to reflect Django 5.2.11 and remove the hardcoded version number from the requirements.txt comment to avoid future drift.

📝 Suggested changes

requirements.txt:

-# Django (must match version referenced in settings.py — Django 6.0.2)
+# Django LTS (must match version referenced in settings.py)
 Django==5.2.11

settings.py (lines 4, 7, 10):

-Generated by 'django-admin startproject' using Django 6.0.2.
+Generated by 'django-admin startproject' using Django 5.2.11.

-https://docs.djangoproject.com/en/6.0/topics/settings/
+https://docs.djangoproject.com/en/5.2/topics/settings/

-https://docs.djangoproject.com/en/6.0/ref/settings/
+https://docs.djangoproject.com/en/5.2/ref/settings/

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@data-processing/dataProcessingServer/requirements.txt` around lines 3 - 4,
Update the stale Django version references: in requirements.txt remove the
hardcoded comment "Django (must match version referenced in settings.py — Django
6.0.2)" and ensure the pinned dependency line is exactly "Django==5.2.11"; in
settings.py update the docstring occurrences that mention "Django 6.0.2" to
"Django 5.2.11" so docstrings and the requirements pin match, and avoid
embedding a specific version in the comment to prevent future drift.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Silent catch swallows infrastructure-level errors.

The comment says "errors are captured per-route," but a failure in Route.find({}).lean() (line 178) — e.g., a MongoDB connection drop — would be silently discarded here. Per-route error handling only covers errors inside processRoute. At minimum, log the top-level error so infrastructure failures are observable.

📝 Proposed fix

-  } catch {
-    // silent — errors are captured per-route
+  } catch (error) {
+    console.error("[BatchScoring] Top-level error:", error);
   }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	} catch {
	// silent — errors are captured per-route
	}
	} catch (error) {
	console.error("[BatchScoring] Top-level error:", error);
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/src/utils/scheduler/computeData.scheduler.ts` around lines 243 - 245,
The top-level catch is swallowing infrastructure errors; change it to catch the
error object (e.g., catch (err)) and log a clear message including the
error/stack so failures from Route.find({}).lean() or other infra issues are
observable; update the catch in the same scope that calls Route.find({}).lean()
and wraps calls to processRoute to call your logger (e.g., processLogger.error
or the module logger) with context like "computeData scheduler: failed
processing routes" plus the error details.