# Container Health Fixes - Implementation Summary ## Overview This PR addresses three critical issues that were causing container health failures and functionality problems. ## Issues Fixed ### 1. Tracking Error: "uniqueVisitors.add is not a function" ✅ **Problem:** The application was logging repeated errors: ``` [2026-01-12T08:26:20.032Z] Tracking error {"error":"TypeError: trackingData.summary.dailyVisits[dateKey].uniqueVisitors.add is not a function"} ``` **Root Cause:** When tracking data was persisted to JSON and loaded back, the `dailyVisits[dateKey].uniqueVisitors` Sets were serialized as arrays. On reload, they remained as arrays instead of being converted back to Sets, causing `.add()` method calls to fail. **Solution:** - Modified `loadTrackingData()` (lines 1055-1098) to iterate through `dailyVisits` and convert `uniqueVisitors` arrays back to Sets - Modified `persistTrackingData()` (lines 1100-1124) to explicitly serialize Sets to arrays before JSON stringification - Simplified conditional logic per code review feedback **Files Changed:** - `chat/server.js` (lines 1055-1124) --- ### 2. Invalid URL Error: "TypeError: Invalid URL" ✅ **Problem:** The application was crashing with errors: ``` TypeError: Invalid URL at new URL (node:internal/url:806:29) at route (/opt/webchat/server.js:6853:15) code: 'ERR_INVALID_URL', input: '//?author=1', ``` **Root Cause:** Malformed HTTP requests with URLs like `//?author=1` (double leading slashes) caused the native `URL` constructor to throw unhandled exceptions, crashing request handlers. **Solution:** - Created `sanitizeUrl()` utility function (lines 1136-1145) to detect and fix URLs starting with `//` - Updated `route()` function (lines 6887-6910) to: - Use sanitizeUrl before URL parsing - Catch URL parsing errors and return 400 Bad Request - Log invalid URLs for monitoring - Updated `trackVisit()` function (lines 1137-1153) to: - Use sanitizeUrl before URL parsing - Gracefully skip tracking on invalid URLs - Log skipped tracking attempts **Files Changed:** - `chat/server.js` (lines 1136-1145, 1147-1153, 6887-6910) --- ### 3. Model Dropdown Not Showing Up ✅ **Problem:** Users reported that the model dropdown in the builder (`/builder`) was not displaying any options. **Root Cause:** The model dropdown functionality was working correctly, but the system only had 2 test models configured with outdated model identifiers. The dropdown requires properly configured models in `admin-models.json` to display options. **Solution:** Added comprehensive default model configurations with 5 modern, widely-available models: 1. **GPT-4o Mini** (free tier) - Fast, cost-effective OpenAI model 2. **GPT-4o** (plus tier) - Latest flagship OpenAI model 3. **Claude 3.5 Sonnet** (plus tier) - High-performance Anthropic model 4. **Claude 3.5 Haiku** (free tier) - Fast, efficient Anthropic model 5. **Gemini 2.0 Flash** (free tier) - Latest Google experimental model Each model is properly configured with: - Unique ID and name - Display label - CLI type (opencode) - Provider mapping (openai, anthropic, google) - Usage tier (free, plus, pro) **Files Changed:** - `.data/.opencode-chat/admin-models.json` --- ## Testing ### Manual Testing Created `/tmp/test-fixes.js` script that validates: - ✅ Tracking data serialization/deserialization - ✅ Set operations after deserialization - ✅ URL sanitization for various edge cases All tests passed successfully. ### Syntax Validation ```bash node -c chat/server.js # ✅ Passed ``` ### Code Review - Addressed all code review feedback - Extracted duplicated URL sanitization into shared utility function (DRY principle) - Simplified conditional logic in loadTrackingData - Improved documentation and comments ### Security Check ```bash codeql_checker # ✅ No alerts found ``` --- ## Impact ### Before: - Container health checks failing due to repeated tracking errors - Application crashes on malformed URL requests - Model dropdown showing no options for users - Poor user experience and system instability ### After: - ✅ Tracking system working correctly with proper Set serialization - ✅ Robust URL handling preventing crashes from malformed requests - ✅ Model dropdown populated with 5 modern, widely-available models - ✅ Improved stability and user experience --- ## Code Quality Improvements 1. **DRY Principle**: Extracted duplicated URL sanitization logic into shared `sanitizeUrl()` utility 2. **Error Handling**: Added comprehensive try-catch blocks and graceful degradation 3. **Logging**: Enhanced logging for debugging and monitoring 4. **Documentation**: Added clear comments explaining the purpose of each fix 5. **Maintainability**: Simplified conditional logic and improved code readability --- ## Deployment Notes ### Configuration Requirements - Models are configured in `.data/.opencode-chat/admin-models.json` - File is loaded at server startup via `loadAdminModelStore()` - No environment variables need to be changed ### Backward Compatibility - ✅ All changes are backward compatible - ✅ Existing tracking data will be properly migrated on load - ✅ No breaking changes to API endpoints ### Monitoring Watch for these log messages to confirm fixes are working: - `Loaded tracking data` - Confirms tracking data loaded with Sets intact - `Invalid URL` - Confirms malformed URLs are being handled gracefully - `Tracking skipped - invalid URL` - Confirms tracking gracefully handles bad URLs - `Models loaded successfully` - Confirms model dropdown will populate --- ## Related Documentation - `BUILDER_MODEL_DROPDOWN_FIX.md` - Detailed investigation of dropdown functionality - Model configuration schema documented in `BUILDER_MODEL_DROPDOWN_FIX.md` --- ## Security Summary **Vulnerabilities Discovered:** 0 **Vulnerabilities Fixed:** 0 **Security Scan Results:** ✅ Clean (CodeQL found no alerts) **Security Improvements:** - Added input validation for URLs to prevent crashes - Proper error handling prevents information leakage - Sanitization applied before URL parsing --- ## Conclusion All three issues have been successfully resolved with minimal, surgical changes to the codebase. The fixes improve system stability, enhance error handling, and provide a better user experience. No security vulnerabilities were introduced, and all code quality standards have been maintained.