Make backend Vercel-safe (no import-time writes)

[gitgrahamdunn]

Motivation

• Prevent import-time filesystem writes so the FastAPI backend can import cleanly on Vercel where the deployed code is read-only and only /tmp is writable.
• Centralize and standardize writable-path resolution so runtime code and tests consistently use /tmp by default while still allowing env-var overrides.

Description

• Centralized writable-path helpers in backend/app/config.py by adding ensure_dir, _resolve_writable_dir, get_storage_dir, and get_working_storage_path, and defaulting non-overridden paths to /tmp/* while keeping env-var overrides (DATA_DIR, STORAGE_DIR, WORKING_STORAGE_DIR).
• Removed module-level mkdirs and repo-root write targets from the projects router by replacing WORKING_STORAGE_DIR = (BACKEND_ROOT / "storage" / "projects") and its ensure_working_storage_dir() with runtime resolution via get_working_storage_path() in upload handlers so directory creation only happens during request/startup.
• Refactored health checks to add a runtime writable-storage verification function run_runtime_storage_check() and a new endpoint GET /health/storage, and added storage_checks to GET /health/info; these checks are run at startup (not at import).
• Ensured the Vercel entrypoint exports app directly from backend/index.py for predictable serverless mounting.
• Tests: added backend/tests/test_import_safety.py to assert no Path.mkdir calls during import and to verify storage helpers default to /tmp; updated backend/tests/test_health.py to validate new storage endpoint and payload.

Fixed import-time write locations and changes made

• backend/app/config.py: removed import-time directory creation logic and centralized helper functions so no mkdir() or filesystem writes occur during module import; directory creation is done via ensure_dir() only when runtime helpers are called.
• backend/app/routers/projects.py: removed module-level WORKING_STORAGE_DIR and ensure_working_storage_dir() that performed repo-root writes at import time, and switched upload logic to write into get_working_storage_path() resolved at request time.
• Startup-level checks (health) were added so any required writable dirs are validated/created at startup instead of import time.

Testing

• Ran the full backend test suite with cd backend && pytest -q and all tests passed: 20 passed.
• Added and ran backend/tests/test_import_safety.py which asserts that importing app.main triggers no Path.mkdir calls (import-time writes); this test passed as part of the suite.
• Health tests updated to assert the new GET /health/storage endpoint and storage_checks in GET /health/info, and these assertions passed in CI tests.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gitplant	Ready	Preview, Comment	Feb 18, 2026 10:41pm
gitplant-backend	Ready	Preview, Comment	Feb 18, 2026 10:41pm
gitplant-oggy	Ready	Preview, Comment	Feb 18, 2026 10:41pm

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7950196d63

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Check actual write permission in storage health checks

run_runtime_storage_check() marks a directory as writable using path.is_dir(), which only confirms existence/type and will still be true for read-only mounts. In deployments that set DATA_DIR, STORAGE_DIR, or WORKING_STORAGE_DIR to an existing but non-writable directory, /health/storage and health_info can report healthy storage even though uploads will fail later with permission errors. This should validate real write access (for example via os.access(..., os.W_OK) or a temp-file probe) before reporting writable: true.

Useful? React with 👍 / 👎.