Oliver/ai_qc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: Oliver:feature/axa-document-mode
Branches Tags
Oliver:main
Oliver:feature/reporting-cost-and-hp-doc
Oliver:develop
Oliver:feature/axa-formatting-diff
Oliver:feature/hp-cycle-1-onboarding
Oliver:feature/untrack-tracked-env-files
Oliver:feature/boots-ppack-page-parallelism
Oliver:fix/deploy-sigpipe-when-many-commits
Oliver:docs/box-client-onboarding-runbook
Oliver:feature/default-profile-ui
Oliver:feature/box-processed-folder-move
Oliver:fix/comprehensive-report-status-filter
Oliver:feature/loreal-box-folders
Oliver:feature/box-jwt-integration
Oliver:fix/tech-section-in-html-content
Oliver:chore/untrack-env-files
Oliver:feature/technical-preflight
Oliver:chore/claude-md-after-phases-1-2
Oliver:feature/add-demo-clients
Oliver:feature/remove-dow-jones
Oliver:feature/axa-accessibility-profile-split
Oliver:feature/axa-verapdf-integration
Oliver:feature/docs-restructure
Oliver:feature/dow-jones-tuning
Oliver:feature/boots-ppack
Oliver:feature/axa-document-mode
Oliver:feature/box-oauth
Oliver:feature/access-request-and-ux-cleanup
Oliver:feature/user-access-control
Oliver:v1.4.0
Oliver:v1.3.2
Oliver:v1.3.1
Oliver:v1.3.0
Oliver:v1.2.0
Oliver:v1.1.2
Oliver:v1.1.1
Oliver:v1.1.0
Oliver:v1.0.2
Oliver:v1.0.1
Oliver:v1.0.0
...
pull from: Oliver:main
Branches Tags
Oliver:feature/reporting-cost-and-hp-doc
Oliver:develop
Oliver:feature/axa-formatting-diff
Oliver:main
Oliver:feature/hp-cycle-1-onboarding
Oliver:feature/untrack-tracked-env-files
Oliver:feature/boots-ppack-page-parallelism
Oliver:fix/deploy-sigpipe-when-many-commits
Oliver:docs/box-client-onboarding-runbook
Oliver:feature/default-profile-ui
Oliver:feature/box-processed-folder-move
Oliver:fix/comprehensive-report-status-filter
Oliver:feature/loreal-box-folders
Oliver:feature/box-jwt-integration
Oliver:fix/tech-section-in-html-content
Oliver:chore/untrack-env-files
Oliver:feature/technical-preflight
Oliver:chore/claude-md-after-phases-1-2
Oliver:feature/add-demo-clients
Oliver:feature/remove-dow-jones
Oliver:feature/axa-accessibility-profile-split
Oliver:feature/axa-verapdf-integration
Oliver:feature/docs-restructure
Oliver:feature/dow-jones-tuning
Oliver:feature/boots-ppack
Oliver:feature/axa-document-mode
Oliver:feature/box-oauth
Oliver:feature/access-request-and-ux-cleanup
Oliver:feature/user-access-control
Oliver:v1.4.0
Oliver:v1.3.2
Oliver:v1.3.1
Oliver:v1.3.0
Oliver:v1.2.0
Oliver:v1.1.2
Oliver:v1.1.1
Oliver:v1.1.0
Oliver:v1.0.2
Oliver:v1.0.1
Oliver:v1.0.0
Sign in to create a new pull request.

74 commits
feature/ax ... main

Author SHA1 Message Date
Nick Viljoen
7b0e22060e Merged in develop (pull request #23) 
Develop
 2026-05-17 20:18:23 +00:00
Nick Viljoen
77276f2a7c Merged in feature/hp-cycle-1-onboarding (pull request #22) 
fix(hp_copy_review): correct llm casing + route HP reports to /hp/ folder
 2026-05-17 20:10:50 +00:00
nickviljoen
71bb9a6295 fix(hp_copy_review): correct llm casing + route HP reports to /hp/ folder 
Two bugs surfaced by the first dev smoke test:

1. Profile JSON declared "llm": "gemini" (lowercase). llm_config's
   dispatcher compares model_name == "Gemini" case-sensitively
   (matches the rest of the codebase), so the check fell through to
   "Invalid model selected" and never reached the API. Every other
   profile uses "Gemini" with capital G. Spec mistake — fixed.

2. get_client_from_profile() resolves the per-report output folder
   from the profile_id via hardcoded prefix matches. No 'hp_' branch
   existed, so hp_copy_review reports landed under output-dev/general/
   instead of output-dev/hp/ — the UI then couldn't find them. Added
   'hp_' → 'hp' alongside the existing mappings.

The check itself works correctly otherwise: profile_source was
user_selected, brand resolved to 'hp', and the reference asset was
successfully attached. Bug 1 just prevented Gemini from being called.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 22:07:25 +02:00
Nick Viljoen
03410cb271 Merged in feature/hp-cycle-1-onboarding (pull request #21) 
Feature/hp cycle 1 onboarding
 2026-05-17 19:43:10 +00:00
nickviljoen
68a2360811 feat(report): render hp_copy_review findings as a structured table 
Both HTML report generators (generate_html_content and
generate_comprehensive_html_report) get a small case: when a check
result has a 'findings' array in its json_data, render it as a
priority-coloured table with quote/issue/suggested-fix/source
columns instead of the default response-text block. The summary
field (when present) renders above the table. Fallback to text
rendering when findings is absent — every existing check is
unaffected.

All string fields from the LLM are HTML-escaped via html.escape()
to neutralise stray <, >, &, or quote characters. Inline CSS for
.findings-table / .priority-pill / .priority-high|medium|low /
.muted is added to both stylesheets so the two generators stay
visually in sync.
 2026-05-17 21:37:35 +02:00
nickviljoen
0e833447c0 fix(brand-guidelines): inject xlsx Source Messaging summary into check prompts 
Task 5 review found that get_reference_asset_content treated all
non-localization-matrix .xlsx files as opaque ('reference file
uploaded'), never reading the Gemini summary that excel_processor
writes. That meant hp_copy_review would see no canonical messaging
and fire its score-0 fallback on every real asset.

Extend the .xlsx branch to mirror the PDF pattern: when the file
record has a summary_path (set by excel_processor after a
successful source-messaging summary), read and inject the Markdown
into the reference content block.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 21:28:32 +02:00
nickviljoen
4c19a0fb9d feat(hp_copy_review): single-check LLM grader against Source Messaging 
Single Gemini call per asset. Prompt assembles attached Source
Messaging summaries + media-plan language context + the asset image.
Returns structured JSON with score, summary, and a findings array
(priority, category, quote, issue, suggested fix, source reference).
Empty findings = clean asset; missing reference -> score 0 with a
clear message rather than running blind.

Mirrors the boots_tandc_wording pattern: subclass FlaskAppTemplate,
expose a static prompt template, let process_single_check inject
reference-asset content and media-plan context at runtime. A
standalone build_prompt() helper mirrors that assembly for unit-
style smoke tests and ad-hoc prompt inspection.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 21:25:30 +02:00
nickviljoen
014a9cb8ff feat(hp): promote HP client + add hp_copy_review profile 
HP is no longer a placeholder. The client gets a new hp_copy_review
profile (single weighted check, client-specific visibility) as its
default, plus the generic static_general and video_general profiles
it already had visibility into.
 2026-05-17 21:08:18 +02:00
nickviljoen
568465f9be fix(brand-guidelines): preserve localization-matrix parsing in xlsx dispatch 
The prior Task 2 commit (295305e) over-replaced existing logic that
recognised certain .xlsx/.xls uploads as localization matrices and
set asset_type='localization_matrix'. That field is load-bearing in
two downstream sites (api_server.py:1628 and :1986) that build
localization context for QC checks; destroying it would silently
break any existing client using localization matrices.

Restore the original try-localization-matrix-first path; only fall
through to excel_processor (HP Source Messaging summary) when the
file isn't a parseable localization matrix. Also restore .xls
support and tag Source Messaging uploads as
asset_type='source_messaging' so downstream code can distinguish
them from localization matrices.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 21:03:56 +02:00
nickviljoen
295305ef2d feat(brand-guidelines): route .xlsx uploads to excel_processor 
The /api/brand_guidelines POST handler now dispatches by extension:
.pdf → pdf_processor.process_pdf_file (existing), .xlsx →
excel_processor.process_excel_file (new). Same DB record shape;
cover image is null for Excel since there's no first-page analogue.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 21:02:05 +02:00
nickviljoen
c51e0729ce fix(excel-processor): wrap extraction in try/except to honour 'never raises' 
Code review found that _extract_workbook_text was unwrapped — a
corrupt/locked .xlsx or InvalidFileException would leak out of
process_excel_file despite the docstring promising 'Never raises'.
Wrap the extraction call too; on extraction failure, write a
degraded summary explaining the failure and return cleanly.

Verified by passing a non-existent file: the function returns a
degraded summary instead of raising FileNotFoundError.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:55:54 +02:00
nickviljoen
abd36a9abe fix(excel-processor): use literal trademark glyphs in summary prompt 
Spec requires "™, ®, ©" in the Approved Brand and Product Names
section instructions; first pass wrote "TM, R, C" out of unfounded
caution about encoding. Python 3 source handles UTF-8 fine and
pdf_processor.py uses smart punctuation throughout.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:52:38 +02:00
nickviljoen
ed46504ac6 feat(excel-processor): add openpyxl + Gemini summary pipeline for HP Source Messaging 
Mirrors pdf_processor.py — public process_excel_file() reads any HP
Source Messaging Excel, extracts cells via openpyxl (skipping empty
rows, capped at 50K chars), and summarises into structured Markdown
via Gemini 2.5 Pro. Output saved as brand_guidelines/files/{file_id}_summary.md.

On Gemini failure the processor writes a degraded summary containing
the raw extraction so the reference asset stays usable. Test fixtures
(real HP Excels) live under backend/tests/fixtures/hp/ and are gitignored.
 2026-05-17 20:49:50 +02:00
nickviljoen
7d178f11ee docs(plan): HP onboarding cycle 1 implementation plan 
7-task plan against 2026-05-17-hp-cycle-1-onboarding-design.md:
excel_processor → .xlsx dispatch → media-plan language field →
HP client+profile → hp_copy_review check → findings-table renderer
→ dev smoke + deploy. Lightweight verification posture (py_compile +
imports + profile load + python3 -c mini-tests + dev smoke runs)
to match the project's existing style — no pytest scaffolding.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:32:56 +02:00
nickviljoen
53ba67c2c0 docs(spec): HP onboarding cycle 1 — hp_copy_review check 
Captures the brainstorm outcome for migrating HP off the deprecated
hp-copy PHP/Make.com POC onto AI QC. Cycle 1 of 3 in HP onboarding
(cycles 2 = Word/PPT processor, 3 = Box picker — both independent
and shipped later). Locks the four design decisions reached during
the brainstorm:

- User selects the canonical Source Messaging reference asset at
  QC-run time (matches existing brand-guidelines UX)
- Single hp_copy_review check, single Gemini call per asset,
  structured findings JSON output matching the Messi Copy Review
  document format
- Excel processor mirrors pdf_processor.py: openpyxl extracts raw
  cell content, Gemini summarises into structured Markdown,
  saved as {file_id}_summary.md alongside the file
- Media-plan `language` field is free-form text, included in the
  check prompt when present, omitted gracefully when absent

No code yet — pick up with the writing-plans skill to draft the
implementation plan against this spec.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:17:43 +02:00
Nick Viljoen
6315393c95 Merged in develop (pull request #20) 
chore(env): untrack legacy env files so deploys stop clobbering them
 2026-05-17 17:24:46 +00:00
Nick Viljoen
fc588c626d Merged in feature/untrack-tracked-env-files (pull request #19) 
chore(env): untrack legacy env files so deploys stop clobbering them
 2026-05-17 17:01:32 +00:00
nickviljoen
1057c5660f chore(env): untrack legacy env files so deploys stop clobbering them 
config.env, backend/config.env, config/development.env, and
config/production.env still contained real secrets and were getting
silently reverted by `git reset --hard` during deploys — manual
key-restore was required after both v1.3.0 and v1.3.1 to recover
the in-place GOOGLE_API_KEY rotation. Move them to .gitignore
alongside the already-untracked backend/config/*.env paths.

The next deploy after this lands will delete them from disk one
final time (because they were tracked in the prior commit). Same
backup/restore dance documented for the previous secrets-untrack
is needed for that single deploy; after it, the files are
permanently untracked.

This does NOT remove historical secrets from git history. Rotation
of OPENAI_API_KEY, BOX_CLIENT_SECRET, SECRET_KEY, SMTP_PASSWORD
remains a separate open follow-up.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 19:00:09 +02:00
Nick Viljoen
eb7ba38013 Merged in develop (pull request #18) 
Develop
 2026-05-17 16:31:07 +00:00
Nick Viljoen
8e2d970d61 Merged in feature/boots-ppack-page-parallelism (pull request #17) 
perf(document-mode): parallelize per-page check dispatch in stages 3c/3d
 2026-05-17 16:15:52 +00:00
nickviljoen
1c5dd980d4 perf(document-mode): parallelize per-page check dispatch in stages 3c/3d 
A 4-page Boots PPack run (7 page-scoped checks) was taking ~15 min
because the dispatcher processed pages sequentially within each
check — 28 Gemini calls in a single file. Asset-mode's
ThreadPoolExecutor parallelism was bypassed because doc-mode called
process_checks_in_batches once per page in a loop.

Wrap the per-page dispatch in both Stage 3c (page_sample) and Stage
3d (page_each) with a ThreadPoolExecutor (max_workers=4). Extract
the per-page work into a single nested helper used by both stages,
which also tags each result with page_type so the existing artwork
vs informational aggregation in Stage 3d keeps working. Aggregation
logic, scoring, strict-grade override, and report shape are all
unchanged.

process_checks_in_batches is already reentrant (asset-mode uses it
under its own internal ThreadPoolExecutor), so concurrent calls are
safe. Progress-tracker writes intentionally tolerate races (visual
only). Per-page exceptions are caught inside the helper so one bad
page doesn't kill the doc — it just records a score-0 result.

Expected: 15 min → ~3-4 min on the same 4-page PDF. Needs wall-time
confirmation on dev with a real run.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 18:14:27 +02:00
nickviljoen
8e50413b53 docs(spec): Phase 5 cycle 1 — Postgres database design 
Captures the brainstorm outcome for adding a Postgres database
alongside the existing JSONL usage logs, ahead of the dashboard
work. Decomposes Phase 5 into three independent cycles (DB first,
then Docker, then dashboard) and locks the schema, transition
strategy (dual-write), hosting (Docker on each VM), backup
approach (pg_dump → GCS), and rollback escape hatch.

No code changes yet — pick up with the writing-plans skill when
returning to Phase 5.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 17:02:03 +02:00
Nick Viljoen
86dec44124 Merged in fix/deploy-sigpipe-when-many-commits (pull request #16) 
fix(deploy): use git's own -n limit instead of | head -20
 2026-05-17 13:26:41 +00:00
nickviljoen
a3b3f45f01 fix(deploy): use git's own -n limit instead of | head -20 
When the deploy batch has more than 20 commits, the `git log ... | head -20`
pipeline closes the pipe after 20 lines. git log gets SIGPIPE (exit 141),
which `set -o pipefail` propagates, and `set -e` then exits the script
silently — no prompt shown, no error message.

Only bites for release-sized batches (>20 commits). First seen on the
v1.3.0 prod deploy: 20 commits displayed, then the script returned to
the shell without prompting. dev deploys never hit this because they
typically only have 1-3 commits ahead.

Fix: tell git to limit its own output via `-n 20`. Same display, no
broken pipe. Also swap the count-by-wc-l for `git rev-list --count`
which is more idiomatic and avoids any further pipe shenanigans.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 15:25:38 +02:00
Nick Viljoen
45925746cf Merged in develop (pull request #15) 
Release v1.3.0: Phases 1-4 + Box JWT integration
 2026-05-17 13:09:46 +00:00
Nick Viljoen
e25006039f Merged in docs/box-client-onboarding-runbook (pull request #14) 
docs: add Box client onboarding runbook
 2026-05-17 12:13:53 +00:00
nickviljoen
31b059de79 docs: add Box client onboarding runbook 
Documents the end-to-end process for adding a new client to the
Box-webhook-driven QC pipeline:

1. Box admin: create INCOMING + REPORTS folders, invite service account
2. Code: add box_folder_id / box_reports_folder_id / default_profile
   to client_config.py, ship via PR
3. Verify service account access with `box_setup.py list-folder`
4. Register webhook via `box_setup.py register-all-clients` (or UI)
5. End-to-end test by uploading a sample asset, watching logs,
   confirming report appears + source moves to _PROCESSED
6. Optional: tune default_profile from the Settings UI without a code
   deploy
7. Promote to prod (develop→main PR, tag, deploy.sh prod)

Includes a gotchas table for the issues most likely to come up:
403s from missing collaborator invites, signature verification
failures, folder ID mismatches, replace-upload behavior, etc.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 14:12:48 +02:00
Nick Viljoen
432162f167 Merged in feature/default-profile-ui (pull request #13) 
feat(settings): default-profile UI per client (admin-only) for Box webhook flow
 2026-05-17 11:51:50 +00:00
nickviljoen
bf89466d06 feat(settings): default-profile UI per client (admin-only) for Box webhook flow 
Adds a "Default Profile" sub-tab to the Settings modal. Lists the
current client's profiles as radio buttons, shows which is the active
default and whether it's a runtime override or the static value from
client_config.py. Admins click a different profile + Set to override;
clear-override button reverts to the static value.

Storage layer: backend/client_defaults.json (gitignored, per-server),
following the same pattern as user_access.json. Resolution order in
client_config.get_default_profile(): override → static
default_profile field → None. The Box webhook handler is the sole
consumer that needs profile selection without a logged-in user; it
now reads via get_default_profile() so overrides take effect.

Why a separate JSON, not rewriting client_config.py: a buggy override
write can never break server boot — worst case the override is
ignored and the static value applies. Cleaner separation between
"static config you check in" and "runtime overrides admins make".

Backend:
- client_config.get_default_profile(client_id) — resolver
- client_config.set_default_profile(client_id, profile_id) — validates
  + writes (rejects profiles not in client's profile list)
- client_config.clear_default_profile_override(client_id)
- GET /api/clients/<id>/default_profile (any auth'd user)
- PUT /api/clients/<id>/default_profile (admin-only, _require_admin)
- DELETE /api/clients/<id>/default_profile (admin-only)
- Box webhook handler in api_server.py now uses get_default_profile()

Frontend:
- New "Default Profile" tab button + tab content in Settings modal
- showTab hook loads settings when tab activates
- loadDefaultProfileSettings / saveDefaultProfile /
  clearDefaultProfileOverride functions
- DOM-construction (createElement + textContent) used throughout —
  no innerHTML with interpolated values, so user-controllable
  strings (client_id, profile_id) can never cause XSS

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 13:50:20 +02:00
Nick Viljoen
be00f24416 Merged in feature/box-processed-folder-move (pull request #12) 
feat(box-jwt): move source file to _PROCESSED after successful run
 2026-05-17 11:31:01 +00:00
nickviljoen
b7e9c483de feat(box-jwt): move source file to _PROCESSED after successful run 
Solves two problems at once:

1. Folder cleanliness — INCOMING accumulates indefinitely otherwise.
2. Duplicate-upload re-trigger — Box V2's FILE.UPLOADED trigger doesn't
   fire when the same filename is "uploaded as new version" of an
   existing file. By moving the source out of INCOMING after success,
   re-uploading the same filename becomes a genuinely-new file event
   again and the webhook fires normally.

After report uploads successfully to the REPORTS folder, the worker:
1. find_or_create_subfolder(<INCOMING>, '_PROCESSED') — idempotent
2. move_file(file_id, <_PROCESSED>, new_name=f'{session_id}_{filename}')

The session_id prefix gives the archived file a sortable timestamp and
ties it back to the matching QC_Report_<session_id>_*.html in REPORTS.

Defensive: the move only runs if the report upload to Box succeeded.
If Box delivery failed, the source stays in INCOMING so a retry just
means re-uploading. Move failures are non-fatal — logged + recorded
in result_data['box_source_move_error'], analysis still marked
complete.

Adds four helpers to box_jwt_client.py:
- find_subfolder_by_name(parent, name) → Optional[str]
- create_subfolder(parent, name) → str
- find_or_create_subfolder(parent, name) → str  (idempotent)
- move_file(file_id, target_folder, new_name=None) → Dict

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 13:29:45 +02:00
Nick Viljoen
4d08a23322 Merged in fix/comprehensive-report-status-filter (pull request #11) 
fix(reports): render check details for status='success' in generate_comprehensive_html_report
 2026-05-17 11:05:25 +00:00
nickviljoen
c75f3a99b9 fix(reports): render check details for status='success' in generate_comprehensive_html_report 
generate_comprehensive_html_report filtered check rendering with
`status == 'completed'`, but the modern check pipeline
(process_single_check via /api/start_analysis and the Phase 4 Box
webhook flow) returns `status == 'success'`. Only the legacy
process_single_check_with_triage returns 'completed'.

Result: every report produced by the modern pipeline had an empty
"Detailed Analysis Results" section — just the heading with nothing
below it. Surfaced when Nick ran a LOREAL Box-webhook test on
2026-05-17: webhook fired correctly, 4 LLM checks ran, scores came
back, technical pre-flight rendered, but the per-check accordion was
empty.

Fix: accept either status value, so both modern and legacy code paths
render correctly. Errored checks (status='error') still skipped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 13:01:21 +02:00
Nick Viljoen
57ce396860 Merged in feature/loreal-box-folders (pull request #10) 
feat(clients): wire LOREAL Box folders for webhook-driven QC
 2026-05-15 07:51:39 +00:00
nickviljoen
4a9ddee87f feat(clients): wire LOREAL Box folders for webhook-driven QC 
First client to use the Phase 4 unattended-QC pipeline. Adds three
optional fields to the loreal entry in client_config.py:

- box_folder_id=381501258415 (AI-QC > INCOMING > AI QC LOREAL IN)
- box_reports_folder_id=382076841334 (AI-QC > REPORTS > AI QC LOREAL REPORTS)
- default_profile=loreal_static

When a file lands in the INCOMING folder, /api/box/webhook will pick
it up, run loreal_static (strict-grade), and upload the HTML report
to the REPORTS folder. Other clients remain unaffected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 09:50:40 +02:00
Nick Viljoen
1c8e1ea1a7 Merged in feature/box-jwt-integration (pull request #9) 
Feature/box jwt integration
 2026-05-14 21:42:43 +00:00
nickviljoen
a99c8601f0 Merge develop into feature/box-jwt-integration 
Brings in the 4 commits that landed on develop after this branch was
cut: the chore/untrack-env-files PR (#7) and the
fix/tech-section-in-html-content PR (#8).

Conflict resolution:
- .gitignore: both branches added `backend/config/box_jwt_config.json`
  in slightly different positions. Kept both sets of additions —
  development.env + production.env (from develop) and
  box_jwt_config.json (from this branch).
- api_server.py: auto-merged cleanly; the Phase 4 webhook endpoint and
  the Phase 3 technical-section fix touch different regions of the file.

Verified after merge: api_server imports cleanly, box_webhook route
registered, _render_technical_section_html callable, 60 QC apps and
15 profiles load.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 23:42:00 +02:00
Nick Viljoen
c99b8b7770 Merged in fix/tech-section-in-html-content (pull request #8) 
fix(tech-check): also render Technical section in generate_html_content
 2026-05-14 21:29:37 +00:00
nickviljoen
096eba747d fix(tech-check): also render Technical section in generate_html_content 
Phase 3 patched generate_comprehensive_html_report() but missed the
older generate_html_content() generator. The /api/start_analysis flow
with output_mode='html' (the path the web UI's download button
actually triggers) routes through generate_html_content, so the
Technical Details section never appeared in user-downloaded reports
despite the technical_report data being present in the underlying
result_data.

Mirrors the Phase 3 treatment exactly: pre-builds technical_html via
_render_technical_section_html(), adds the .technical / .technical-grid
/ .tech-row CSS rules, and injects {technical_html} between the
summary block and the Detailed Analysis Results header.

generate_comprehensive_html_report() retains the same logic for the
/api/process_file path (line 4187) and the new Box webhook flow
(_run_box_triggered_analysis on the Phase 4 branch).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 23:28:52 +02:00
Nick Viljoen
33278e4f62 Merged in chore/untrack-env-files (pull request #7) 
chore(secrets): untrack env files + add JWT path to .gitignore
 2026-05-14 21:17:47 +00:00
nickviljoen
cfb13eb870 chore(secrets): untrack env files + add JWT path to .gitignore 
backend/config/development.env and backend/config/production.env were
committed to the repo with real API keys, SMTP passwords, and Flask
SECRET_KEY values. This commit:

1. Adds both files to .gitignore so future edits stop landing in git.
2. git rm --cached's them (local copies preserved on disk, just
   untracked).
3. Also pre-emptively adds backend/config/box_jwt_config.json to
   .gitignore — Phase 4 already gitignores it on a separate branch, but
   listing it here protects the file regardless of merge order.
4. Updates backend/config/.env.template with the new Box JWT-related
   vars (BOX_JWT_CONFIG_PATH, BOX_WEBHOOK_PRIMARY_KEY,
   BOX_WEBHOOK_SECONDARY_KEY) so the template is a complete reference
   for setting up a new environment from scratch.

IMPORTANT — secrets still in git history after this commit. Removing
them from history requires a destructive rewrite (git filter-repo +
force-push every branch). Pragmatic alternative: rotate any secret
that was ever in the files. Candidates: OPENAI_API_KEY, BOX_CLIENT_SECRET,
SECRET_KEY, SMTP_PASSWORD. AZURE_TENANT_ID and AZURE_CLIENT_ID are
public-ish identifiers and don't need rotating. GOOGLE_API_KEY just
rotated this session.

DEPLOY GOTCHA: deploy.sh does git reset --hard, which will delete the
env files from /opt/ai_qc/backend/config/ on the server when this
commit lands. Back them up before deploying, restore after:

    sudo cp /opt/ai_qc/backend/config/development.env /tmp/dev.env.bak
    # ...deploy...
    sudo cp /tmp/dev.env.bak /opt/ai_qc/backend/config/development.env
    sudo systemctl restart ai-qc.service

Same dance on prod with production.env when promoting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 23:13:18 +02:00
nickviljoen
65848bcda1 feat(box-jwt): add box_setup.py bootstrap CLI for webhook management 
One-off script used to register/inspect Box V2 webhooks against the
service account. Subcommands: list-webhooks, list-folder, list-clients,
create-webhook, delete-webhook, register-all-clients.

Typical bootstrap flow on a fresh deploy:
1. Drop box_jwt_config.json on the server (gitignored, scp'd in).
2. Verify the service account can read each client folder:
   `python backend/scripts/box_setup.py list-folder <folder_id>`
3. Once a client's box_folder_id is set in client_config.py, register
   its webhook idempotently:
   `python backend/scripts/box_setup.py register-all-clients \
       https://optical-dev.oliver.solutions/ai_qc/api/box/webhook`
4. Copy the signing keys from the Box Developer Console (Custom App →
   Webhooks) into BOX_WEBHOOK_PRIMARY_KEY / BOX_WEBHOOK_SECONDARY_KEY
   in the env file, then restart ai-qc.service.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 22:53:03 +02:00
nickviljoen
8f995d557b feat(box-jwt): JWT service-account client + webhook ingestion endpoint 
Adds machine-to-machine Box integration alongside the existing per-user
OAuth scaffolding. The new JWT client (backend/box_jwt_client.py) is
the auth/file/webhook surface used for unattended workflows: load the
Custom App JSON config, sign a JWT assertion, exchange for a 60-minute
service-account access token (cached + refreshed automatically), and
expose file download/upload + V2 webhook CRUD + HMAC signature
verification.

Wires a new POST /api/box/webhook endpoint (NOT @auth.require_auth — it
authenticates each delivery via Box's HMAC signature headers) that:

1. Verifies the signature against env-configured signing keys
   (BOX_WEBHOOK_PRIMARY_KEY / BOX_WEBHOOK_SECONDARY_KEY).
2. Dedups deliveries by box-delivery-id with a bounded in-memory cache.
3. Maps the source folder to a client via a new
   get_client_by_box_folder() helper on client_config.
4. Spawns a background thread that downloads the file, runs the same
   technical pre-flight + LLM check pipeline as the user-uploaded path,
   writes the HTML report to output/<client>/, uploads the report back
   to the client's box_reports_folder_id, and logs the run with a
   synthetic 'box_webhook' user.

Webhook runs skip media-plan / localization / OCR context — those are
user-UI concepts without a meaningful source in unattended runs. The
existing /api/start_analysis path is unchanged.

client_config.py gains three optional per-client fields used by the new
flow when present: `box_folder_id`, `box_reports_folder_id`, and
`default_profile`. Existing client entries keep working without them.

.gitignore now excludes backend/config/box_jwt_config.json so the JWT
config (with its embedded private key + passphrase) never lands in git.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 22:51:34 +02:00
Nick Viljoen
95121f2fb9 Merged in feature/technical-preflight (pull request #6) 
Feature/technical preflight
 2026-05-14 20:07:10 +00:00
nickviljoen
377efe30e5 feat(tech-check): show Technical Details section in HTML report 
Adds a new "Technical Details" card to generate_comprehensive_html_report()
between the summary and the per-check detailed results. Renders only
the fields present on the technical_report dict (file size, dimensions,
DPI, page count, duration, fonts, etc. — vary by file type) and shows
a prominent filename-vs-actual match badge when filename hints were
parsed.

If technical_report is absent or kind==unknown, the section is omitted
entirely so reports for assets we can't inspect (e.g. exotic
extensions) keep the existing layout unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 22:00:25 +02:00
nickviljoen
2b287f3dbb feat(tech-check): wire pre-flight into visual + document analysis 
Runs technical_check.inspect() immediately after file save on both
/api/start_analysis (visual flow) and /api/document/start_analysis
(document flow). The report is stashed on progress_tracker[session_id]
so it survives across the background thread boundary, then surfaces
two ways:

1. Each LLM check in the visual flow gets a "Technical metadata"
   preamble prepended to its prompt via format_for_llm_prompt(), so the
   model knows the file's actual dimensions, format, page count, etc.
   without having to infer them visually.
2. result_data['technical_report'] in both flows carries the same dict
   through to the frontend for UI rendering (next commit).

Pre-flight is best-effort: if it fails for any reason, analysis still
proceeds without the preamble (silent except for the report.errors
list).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:57:11 +02:00
nickviljoen
f4a95914b5 feat(tech-check): add machine-side pre-flight inspection module 
New backend/technical_check.py extracts technical metadata from
uploaded assets via PIL (images), PyMuPDF (PDFs), and ffprobe (videos)
— no LLM, runs in milliseconds. Also opportunistically parses
dimension hints from the filename and compares them to the actual
file, returning a match/mismatch verdict.

Output is a JSON-serializable dict; format_for_llm_prompt() renders it
as a tight Markdown block that downstream prompts can prepend. Module
never raises — inspection errors land in `errors` so partial reports
still surface.

Standalone for this commit. Wiring into the upload flow and UI lands
in subsequent commits on this branch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:53:06 +02:00
Nick Viljoen
94af442393 Merged in chore/claude-md-after-phases-1-2 (pull request #5) 
docs: update CLAUDE.md after Phases 1+2 (Dow Jones removed, demos added)
 2026-05-14 19:40:44 +00:00
nickviljoen
bcd318a7b1 docs: update CLAUDE.md after Phases 1+2 (Dow Jones removed, demos added) 
Updates the intro count (9 → 12 clients), adds Google/HP/Ferrero to
the client name list, and adds three table rows for the new demo
clients (Doc column marked _scope pending_ until per-client docs land).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:39:40 +02:00
Nick Viljoen
5d1eab493c Merged in feature/add-demo-clients (pull request #4) 
Feature/add demo clients
 2026-05-14 19:34:38 +00:00
Nick Viljoen
02ae248e92 Merged in feature/remove-dow-jones (pull request #3) 
Feature/remove dow jones
 2026-05-14 19:33:56 +00:00
nickviljoen
93dc030e0c feat(clients): add Google, HP, Ferrero as demo placeholders 
Three new clients in demo/eval phase. Each uses Honda-style minimal
setup (static_general + video_general only) until real scope and test
assets arrive. Descriptions are placeholders to be replaced once scope
is confirmed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:30:18 +02:00
nickviljoen
5860abf0f9 docs(dow-jones): update CLAUDE.md after offboarding 
Removes the Dow Jones row from the client/profile table and the four
Dow Jones profile names from the pre-session profile-load checklist.
Also updates the intro paragraph counts (9 clients, 15 profiles, 60+
checks) and drops Dow Jones from the client name list, so the intro
no longer contradicts the table.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:14:30 +02:00
nickviljoen
d1826d83f1 chore(dow-jones): remove client_config entry 
Drops the 'dow_jones' block from CLIENT_PROFILES. After this, the
client picker no longer renders Dow Jones; the four archived profiles
are unreachable from user flows. Nine clients remain.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:12:47 +02:00
nickviljoen
b23b7f2e17 chore(dow-jones): archive profiles, checks, and per-client doc 
Moves the Dow Jones / MarketWatch / WSJ profile JSONs (4), check apps
(22), and CLAUDE_DOW_JONES.md into backend/_archive/dow_jones/. All
moves use git mv so history follows. Adds a restore-instructions
README. No loader changes needed — the archive lives outside the
scanned directories.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:11:54 +02:00
nickviljoen
69f6abca56 docs(dow-jones): add Phase 1 implementation plan 
Step-by-step plan that turns the spec into 5 tasks: archive moves
(one commit), client_config edit (one commit), CLAUDE.md edits (one
commit), full verification, then push + PR with explicit user-confirm
gates. Defensive guards at each task halt execution if the codebase
has drifted from the spec.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:09:14 +02:00
nickviljoen
8437b63871 docs(dow-jones): add Phase 1 spec for client offboarding 
Captures the design for removing Dow Jones from Visual AI QC: archive
location (backend/_archive/dow_jones/), file moves, code edits, things
explicitly not touched, and verification commands. Implementation
follows in subsequent commits on this branch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-14 21:06:10 +02:00
nickviljoen
9746ba249b docs: refresh CLAUDE_AXA.md status + add AI-usage breakdown 
Updates the AXA client doc to reflect the 2026-05-10 state:
- Status line now reads 2026-05-10, covers Phase 6 (veraPDF), profile split,
  and dev deploy
- New "AI usage across AXA tools" section for client-facing communication
  (8 of 9 tools deterministic, only axa_pdf_diff uses AI)
- Open items expanded to include the pending source-PDF request and the
  prod-deployment hold

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 11:54:24 +02:00
nickviljoen
a80ff6dee4 Merged in feature/axa-accessibility-profile-split (pull request #2) 2026-05-10 11:21:34 +02:00
nickviljoen
a1cfc75309 Merge remote-tracking branch 'origin/develop' into feature/axa-accessibility-profile-split 
# Conflicts:
#	CLAUDE_AXA.md
 2026-05-10 11:20:09 +02:00
nickviljoen
a46ba9fc71 Split AXA accessibility check into its own profile 
Removed axa_pdf_accessibility from axa_policy_document (was 8 checks, now 7)
and created a new axa_accessibility profile that contains only that check.
Marked the new profile strict_grade: true so a single PDF/UA-1 rule failure
forces an unmistakable Fail badge on the report — mirrors how axes4 PAC is
used in practice (single-purpose, binary verdict).

Lets users run accessibility-only QC without sitting through the rest of
the policy-document checks, and removes weight from the policy-document
score that the accessibility check wasn't really earning (its 0/10 verdict
was dragging the overall grade in a way that obscured the content checks).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 11:15:46 +02:00
Nick Viljoen
02ce0c774d Merged in feature/axa-verapdf-integration (pull request #1) 
Wire veraPDF into axa_pdf_accessibility for PAC-equivalent PDF/UA-1 validation
 2026-05-10 08:41:22 +00:00
nickviljoen
2aeff24136 Wire veraPDF into axa_pdf_accessibility for PAC-equivalent PDF/UA-1 validation 
AXA's accessibility QC team uses axes4 PAC (PDF/UA-1 / Matterhorn Protocol)
as their compliance gate, but our existing 9-criterion deterministic check
runs surface-level only and would pass documents PAC fails. Wired up the
existing _run_verapdf() stub so veraPDF — the open-source Matterhorn
implementation — runs as a subprocess and drives the score when available.

Verified locally: veraPDF on EAA_v1.pdf reports the exact same Content (86)
and Metadata (1) failure counts as PAC's report on the same document family,
confirming protocol parity.

Falls back cleanly to the deterministic layer when veraPDF isn't installed,
so deploys are safe before the binary lands on dev/prod servers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 10:36:03 +02:00
nickviljoen
418be66498 Merge develop into main: AXA document-mode + Boots PPack + WSJ tuning + docs restructure for v1.2.0 
Major additions:
- AXA document-mode QC pipeline: multi-page PDF analysis (Phases 1, 3, 4, 5).
  New profiles axa_policy_document (8 checks) + axa_policy_document_diff (1 check).
  document_mode/ subsystem reused by Boots PPack.
- Boots Production Pack profile: 7-check multi-page document-mode QC built on AXA
  spine, with page classifier (cover/checklist/palette/notes/artwork) and
  artwork-page-only strict-grade exemption. Includes tuned prompts (closed-world
  brand-list semantics, ALL CAPS retail convention exception, stylised logotype
  exception, vision-LLM caveat fields for font weight / superscript / sizing).
- WSJ Static prompt tuning: complete-sentence whitelist for capitalization decision
  tree, graphic/illustrative headline awareness in typography check, split-layout
  logo placement convention, mandatory 30% sizing assessment with score cap.
  Validated across 3 WSJ-NY assets and 3 tuning iterations.

Documentation:
- CLAUDE.md restructured: monolithic 962-line root split into slim 211-line
  project-wide root + per-client CLAUDE_<CLIENT>.md files (10 clients fully
  covered). Auto-loaded session context drops ~88%. Added explicit session-start
  convention pointing to the right client doc.
- Stale 932-line backend/CLAUDE.md replaced with 18-line redirect.

Other:
- Box OAuth (PR1: token storage + redirect URI inference)
- Access-request endpoint fix (list_access_entries iteration)
 2026-05-06 12:47:15 +02:00
nickviljoen
078a1f9a86 Merge feature/docs-restructure into develop: slim project-wide CLAUDE.md, full per-client doc coverage 2026-05-06 12:30:45 +02:00
nickviljoen
59a0b2408c Restructure CLAUDE.md docs: slim project-wide root, complete per-client coverage 
Splits the monolithic CLAUDE.md (962 lines) into a slim project-wide root (211 lines)
plus per-client files. Auto-loaded context drops ~88% per session.

Changes:
- CLAUDE.md slimmed to project-wide essentials (architecture, auth, deployment, branch
  strategy, deploy scripts, prod troubleshooting, pre-session checklist). Adds explicit
  session-start convention pointing to CLAUDE_<CLIENT>.md for client-specific work.
  Updates client roster table to all 10 clients with profile counts.
- New CLAUDE_AXA.md: document-mode pipeline + axa_policy_document profiles
- New CLAUDE_DIAGEO.md: key_visual + packaging profiles, check inventories
- New CLAUDE_UNILEVER.md: profiles + zero-score logic for face/new visibility
- New CLAUDE_HONDA.md, CLAUDE_RANK.md, CLAUDE_GENERAL.md: stubs (clients use generic
  profiles only — kept for completeness and future expansion)
- backend/CLAUDE.md: stale 932-line duplicate replaced with 18-line redirect to root
  + backend-specific quick pointers

Per-client files (CLAUDE_LOREAL.md, CLAUDE_AMAZON.md, CLAUDE_BOOTS.md,
CLAUDE_DOW_JONES.md) unchanged — already had the right content.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-06 12:29:16 +02:00
nickviljoen
f5aaf8da24 Merge feature/dow-jones-tuning into develop: WSJ Static prompt tuning 2026-05-06 12:03:56 +02:00
nickviljoen
9acda38adc Merge feature/boots-ppack into develop: Boots Production Pack profile (multi-page document mode) + tuned prompts 2026-05-06 12:03:51 +02:00
nickviljoen
f493a0182a Merge feature/axa-document-mode into develop: document-mode QC pipeline (Phases 1, 3, 4, 5) 2026-05-06 12:03:42 +02:00
nickviljoen
3b76bf2c9c Tune WSJ Static prompts: cap whitelist, graphic headline, split-layout logo, 30% sizing cap 
- wsj_capitalization_punctuation: explicit complete-sentence whitelist + soft-flag pattern for Rule 5 price formatting (price_spacing_correct / price_bolded_correct accept needs_manual_check, new price_formatting_caveat field)
- wsj_typography_hierarchy: graphic/illustrative headline awareness — large stylised serif price/number graphics are recognised as the display headline; surrounding sans-serif copy is correctly classified as subhead/body. Stylised price headlines exempt from the period rule.
- wsj_logo_compliance: horizontal logo placement allows anchoring to the copy block on split/asymmetric layouts; mandatory sizing assessment block with worked examples, score capped at 6/10 for logos exceeding 30% of longest side.

Validated on 3 WSJ-NY test assets across 3 iterations.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-06 12:01:59 +02:00
nickviljoen
cec11f1f6a Tune Boots PPack prompts: superscript guard, ALL CAPS / logotype exceptions, weight/sizing limits 
Three rounds of prompt tuning against the Remington (4p), Easter Overlay
(18p), and Grenade (7p) sample packs. Easter Overlay (the noisiest)
climbed 72.38 → 78.97 → 80.04 across iterations, with strict-grade
violations dropping 27 → 18 → 14. Remaining violations are now genuine
compliance issues — the noise patterns are cleared.

boots_caveat_compliance:
- Superscript guard: vision LLM was flagging every roundel asterisk as
  superscript because the * glyph naturally sits high in its line.
  Strict two-feature rule now required (raised baseline AND visibly
  shrunk ~50-60% of body). Borderline cases → "needs_manual_check"
  with new superscript_caveat field. Caveat avg 4.4 → 7.27.
- Same vision-LLM caveat applied to weight_matching (Light vs Regular
  at small sizes is below detection threshold) and sizing_compliant
  (1-2pt size differences below detection threshold). New weight_caveat
  and sizing_caveat fields. Reserved 1-2 score band for unambiguous
  critical violations only.
- Explicit scoring principle: "when in doubt, prefer 7-8 with
  manual_check flags over a lower confident-violation score".

boots_brand_name_accuracy:
- ALL CAPS retail convention now explicitly acceptable. L'OREAL,
  ESTEE LAUDER, MAYBELLINE etc. no longer flagged as casing errors —
  only structural element mismatches (accents, hyphens, apostrophes,
  special chars) count.
- Stylised brand logotype exception: known logomarks like `17` for
  SEVENTEEN, &SISTERS ampersand styling, e.l.f. dot rendering are
  Pass — surfaced via new logotype_observations field.
- Brand name avg 5.53 → 7.47 → 6.67 (LLM run-to-run variability).

Strongest real catch in dataset: Easter Overlay page 14 is labelled
for the ROI market in production notes but uses £ instead of € on
the artwork. Exactly the pre-press error worth surfacing. Caught
consistently across all runs by boots_currency_locale.

CLAUDE_BOOTS.md updated with three-pack smoke-test table, vision-LLM
limitations summary, and the four reusable prompt-tuning patterns
that worked on this build.

Local-only — feature/boots-ppack remains unmerged until after Boots
show-and-tell.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 16:26:11 +02:00
nickviljoen
50d0063b37 Add Boots Production Pack profile (multi-page document mode) 
New profile boots_ppack for QCing multi-page Boots production packs
(PowerPoint-exported PDFs, 4-18 pages each). Built on top of AXA's
document-mode infrastructure — branched off feature/axa-document-mode
because it reuses the dispatcher, ingest, and result writer.

New checks:
- boots_logo_compliance — three-path scoring (master wordmark / partner
  lock-up / no branding) so OLIVER x BOOTS-style footer lock-ups aren't
  scored against master wordmark rules. Conservative without a formal
  Boots logo guideline.
- boots_colour_palette — verifies CMYK/RGB/Hex spec values on creative-
  guidance pages against canonical Boots Blue / Health Primary Blue /
  Offer Red, plus visual sanity-check on artwork pages.

Existing checks tuned:
- boots_brand_name_accuracy: closed-world list semantics. Brands not on
  the approved list now go to names_not_on_list (manual review) instead
  of failing — the list is sourced from the original 7 docs and is known
  incomplete (Remington, Imodium, Maybelline etc. are legitimate Boots-
  stocked brands not on it).
- boots_tandc_wording: explicit font-weight caveat — Boots Sharp Regular
  vs Light isn't reliably distinguishable by vision LLM at small sizes.
  Surfaced via font_weight_caveat field + needs_manual_check value.

Page classifier (document_mode/page_classifier.py):
Heuristic tags each page as cover / checklist / palette / notes /
artwork. Validated on all 10 sample packs.

Strict-grade exemption (Profile.strict_grade flag):
Only artwork-classified pages count towards Pass/Fail. Cover, checklist,
palette, and notes pages are still QC'd and reported as Informational
but cannot trigger a Fail. Banner shows exactly which artwork-page
checks fell below 6.

Result writer extended:
- Per-page table with score + page_type pill for any page_each-scope
  check (auto-applied as fallback)
- Strict-grade banner (red on violation, green when clean)
- Page_type pills throughout the per-page strip

Smoke-test result (Remington 4-page pack, 2026-05-05):
Overall 70.75/100, strict-grade Fail. After two iterations of prompt
tuning, all three remaining strict-grade violations are real catches:
orphan asterisk in T&Cs, "they may not be stocked" wording deviation,
missing "Charges may apply". brand_name_accuracy 7.0 (was 3.0 before
list fix), logo_compliance 9.5 (was 1.5 before lock-up path fix).

Local-only — not pushed to dev or merged to develop until after Boots
show-and-tell. Same posture as feature/axa-document-mode.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 12:47:13 +02:00
nickviljoen
67ed7fdd9d Add wsj podcast profile to Dow Jones client, File naming check added to all profiles 2026-04-29 18:17:36 +02:00
nickviljoen
24c716df77 Fix /api/access_request iterating list_access_entries() as a list 
list_access_entries() returns a dict {default_clients, entries} but the
endpoint iterated it directly, which yields the dict keys (strings) and
then crashed on .get('is_admin') with "'str' object has no attribute
'get'". Read access_data['entries'] instead so admin recipients are
collected correctly and the request email actually sends.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-28 08:24:22 +02:00
76 changed files with 6083 additions and 2207 deletions
Show stats Expand all files Collapse all files

15
.gitignore vendored
View file

@ -74,3 +74,18 @@ backend/media_plans/
backend/usage_logs/
backend/user_access.json
backend/box_tokens.json
backend/client_defaults.json
backend/config/development.env
backend/config/production.env
backend/config/box_jwt_config.json
# Legacy env paths (pre-config/ refactor) still in use on older deploys.
# Untracked 2026-05-17 — git reset --hard during deploys was overwriting
# rotated secrets with the historical (compromised) values.
config.env
backend/config.env
config/development.env
config/production.env
# Local test fixtures (real HP Source Messaging files; not for commit)
backend/tests/fixtures/

1022
CLAUDE.md
View file

File diff suppressed because it is too large Load diff

89
CLAUDE_AXA.md Normal file
View file

@ -0,0 +1,89 @@
# AXA Client Documentation
> Referenced from main CLAUDE.md. Detailed AXA QC profile descriptions, document-mode pipeline notes, and status.
## Overview
AXA QC is built around **document-mode** — multi-page PDF analysis (policy documents, forms, brochures), not single-asset image checks. The document-mode subsystem (`backend/document_mode/`) was built for AXA and is now reused by Boots Production Pack.
**Status (2026-05-10):** Phases 1, 3, 4, 5, 6 merged to `develop` and live on dev (`https://optical-dev.oliver.solutions/ai_qc/`). Phase 6 wires veraPDF into the accessibility check (PAC-equivalent PDF/UA-1 validation) and splits accessibility into its own dedicated profile. Email to AXA pending — explains Adobe vs PAC + veraPDF parity findings + requests the original `axa-transaction-charges-100326.pdf` so we can run a true apples-to-apples comparison. Not yet on prod — held for AXA show-and-tell + email response. Full plan in `backend/AXA_DOCUMENT_MODE_PLAN.md`.
## AXA Profiles
### `axa_policy_document` — single-document mode (7 checks)
Multi-page policy document QC. `mode: document`, scopes vary per check. Accessibility validation lives in the dedicated `axa_accessibility` profile, not here.
| Check | What it does | Weight |
|------|--------------|--------|
| `axa_font_inventory` | Per-page font extraction + brand-font compliance against AXA's approved font list | 1.0 |
| `axa_phone_inventory` | Extracts phone numbers across pages, validates format and approved-list membership | 1.0 |
| `axa_bold_words_definitions` | Bold-word inventory + definition cross-check (seed list at `backend/document_mode/data/axa_bold_words_seed.json`) | 2.0 |
| `axa_page_numbering` | Page numbering format and continuity | 1.0 |
| `axa_print_preflight` | Print-preflight checks (color space, embedded fonts, image resolution) | 1.0 |
| `axa_print_code` | Print code presence + format | 1.0 |
| `axa_omg_versioning` | OMG version footer/header presence and consistency | 1.0 |
### `axa_accessibility` — accessibility-only mode (1 check, strict-grade)
`mode: document`, `strict_grade: true`. Standalone PDF/UA-1 validation for users who only need to check accessibility compliance without the full policy-document content suite. Mirrors how axes4 PAC is used — single-purpose, binary verdict.
| Check | What it does | Weight |
|------|--------------|--------|
| `axa_pdf_accessibility` | PDF/UA-1 validation via veraPDF (matches axes4 PAC), with deterministic PyMuPDF fallback if veraPDF is not installed | 1.0 |
### `axa_policy_document_diff` — old-vs-new diff mode (1 check)
`mode: document_diff` — compares two PDFs (old vs new policy version) and reports structured changes.
| Check | What it does | Weight |
|------|--------------|--------|
| `axa_pdf_diff` | Detects added/removed/modified pages, paragraphs, defined terms, phone numbers | 1.0 |
## Document-mode infrastructure
AXA's document-mode subsystem is the foundation for all multi-page PDF QC in this app:
- `document_mode/ingest.py` — PDF ingestion, page rendering, span/font/color extraction via PyMuPDF
- `document_mode/dispatcher.py` — Orchestrates per-check execution against pages, supports scopes: `document` / `targeted` / `page_sample` / `page_pair` / `page_each`
- `document_mode/checks.py`, `print_preflight_checks.py`, `accessibility_checks.py` — AXA check implementations
- `document_mode/diff_engine.py`, `diff_report_writer.py` — Old-vs-new diff handling
- `document_mode/result_writer.py` — HTML report rendering with per-page sections
Boots Production Pack reuses this entire spine — so any infra changes here affect both clients.
## AI usage across AXA tools
For client-facing context: **8 of 9 AXA tools are deterministic** (no LLM, $0 cost, runs in seconds). Only `axa_pdf_diff` uses AI — Gemini 2.5 Pro vision-LLM page-pair comparison at ~$0.40-0.80 per pair. The accessibility check uses veraPDF, which is a rule-based open-source PDF/UA-1 validator — not AI. This framing matters when clients conflate "automation" with "AI".
| Tool | Type | Engine |
|---|---|---|
| `axa_font_inventory`, `axa_phone_inventory`, `axa_bold_words_definitions`, `axa_page_numbering`, `axa_print_code`, `axa_omg_versioning` | Deterministic | PyMuPDF (text + font extraction, regex) |
| `axa_print_preflight` | Deterministic | PyMuPDF (page geometry, image colour spaces, DPI, transparency, PDF/X) |
| `axa_pdf_accessibility` | Deterministic (rule-based) | veraPDF subprocess (PDF/UA-1 / Matterhorn Protocol) + PyMuPDF fallback |
| `axa_pdf_diff` | **AI** | Gemini 2.5 Pro vision-LLM, page-pair diff |
## Open items
- AXA show-and-tell pending — feedback will drive the next round of tuning
- Awaiting `axa-transaction-charges-100326.pdf` from AXA (the file PAC was run against) — needed to fully confirm veraPDF↔PAC parity on the Structure Elements rule bucket
- Phase 2 (any further check expansion) deferred until after show-and-tell
- Canonical AXA font list / approved phone list / OMG version reference data may need expansion as test PDFs surface gaps
- Prod deployment of veraPDF + `axa_accessibility` profile — held until AXA confirms findings on dev
## veraPDF deployment
`axa_pdf_accessibility` runs the **veraPDF** PDF/UA-1 validator as a subprocess when the binary is available. veraPDF implements the Matterhorn Protocol — the same rule set axes4 PAC uses — so its verdict is the closest open-source equivalent to PAC.
Binary resolution order (in `accessibility_checks._resolve_verapdf_binary`):
1. `VERAPDF_BIN` env var
2. `verapdf` on PATH
3. `/opt/ai_qc/vendor/verapdf/verapdf` (project-local production install)
If veraPDF isn't installed the check falls back to the 9-criterion deterministic PyMuPDF layer — no breakage, just less depth. **Production install pattern** is a project-local bundled-JRE tarball under `/opt/ai_qc/vendor/verapdf/` to avoid touching system Java or other projects on shared servers.
## Key files
- `backend/AXA_DOCUMENT_MODE_PLAN.md` — full design plan and phase breakdown
- `backend/document_mode/` — pipeline implementation
- `backend/profiles/axa_policy_document.json`, `axa_accessibility.json`, `axa_policy_document_diff.json`
- `backend/document_mode/data/axa_bold_words_seed.json` — bold-word seed list

48
CLAUDE_BOOTS.md
View file

@ -13,15 +13,55 @@ Boots is a retail client with promotional artwork compliance checks. Unlike othe
## Boots QC Tools
Five checks for Boots retail promotional artwork compliance. All checks use equal weight (2.0 each, 100-point scale). Profile: `boots_static`.
Seven checks for Boots retail promotional artwork compliance. Profiles: `boots_static` (single-asset, 5 checks) and `boots_ppack` (multi-page production-pack document mode, all 7 checks).
| Tool | Source Document(s) | What it checks |
|------|-------------------|----------------|
| `boots_caveat_compliance` | ASTERISK RULES | Caveat ordering (* -> dagger -> ** -> double dagger -> triangle -> clover), sizing per context (1/3 headline, 1/2 sub-headline, same as body), **NO SUPERSCRIPT** (critical), font weight matching |
| `boots_brand_name_accuracy` | BRAND NAMES (3 pages) | Exact spelling of ~170 brand + product names including accents, apostrophes, hyphens, casing. Full approved list embedded in prompt |
| `boots_caveat_compliance` | ASTERISK RULES | Caveat ordering (* -> dagger -> ** -> double dagger -> triangle -> clover), sizing per context (1/3 headline, 1/2 sub-headline, same as body), **NO SUPERSCRIPT** (critical), font weight matching, plus orphan-asterisk detection (smoke test caught a `*` in T&Cs with no matching marker in main copy) |
| `boots_brand_name_accuracy` | BRAND NAMES (3 pages) | Exact spelling of ~170 brand + product names including accents, apostrophes, hyphens, casing. Closed-world list — brands not on the list are surfaced in `names_not_on_list` for manual review and DO NOT cause a Fail; only spelling errors against listed brands fail. |
| `boots_offer_mechanics` | OFFER ROUNDELS + VALUE MECHANICS | Offer roundel format matches approved categories (price reductions, multibuys, threshold spend, FREE/GWP, points), spaced-caps styling, "Our best..." approved phrases |
| `boots_tandc_wording` | OFFER T&Cs + CLICK AND COLLECT + LOCK-UP T&Cs | Standard offer T&C wording (3FOR2, BOGOF, etc.), C&C exact text + font weight + hierarchy, lock-up T&Cs (Advantage Card, Parenting Club, Price Advantage, Pyramid), offer date formatting |
| `boots_tandc_wording` | OFFER T&Cs + CLICK AND COLLECT + LOCK-UP T&Cs | Standard offer T&C wording (3FOR2, BOGOF, etc.), C&C exact text + font weight + hierarchy, lock-up T&Cs (Advantage Card, Parenting Club, Price Advantage, Pyramid), offer date formatting. Font weight is best-effort — flagged via `font_weight_caveat` field for manual verification. |
| `boots_currency_locale` | Agent prompt cross-cutting rules | Currency: GBP for UK / EUR for ROI, URLs: boots.com / boots.ie, consistent locale throughout asset |
| `boots_logo_compliance` | Built from PPack observation (no formal Boots logo guideline supplied) | Three-path scoring: A) **master wordmark** (strict — typeface, colour, orientation, distortion, clear space), B) **partner / production lock-up** (lenient — "OLIVER x BOOTS" footers etc. follow lock-up conventions, NOT master wordmark rules), C) **no Boots branding** (N/A neutral). |
| `boots_colour_palette` | Boots canonical palette derived from creative-guidance pages | Two modes: A) **creative-guidance pages** verify CMYK/RGB/Hex spec values match Boots Blue (#05054b), Health Primary Blue (#5dc4e9), Offer Red (#d3072a); B) **artwork pages** sanity-check dominant brand colours visually. |
## Boots Production Pack (`boots_ppack`) profile — multi-page document mode
For multi-page production packs (4-18 pages each, exported from PowerPoint as PDF). Built on top of AXA's document-mode infrastructure; all 7 checks run at `scope: page_each` with strict-grade override.
**Page classifier** (`backend/document_mode/page_classifier.py`): heuristic tags every page as `cover` / `checklist` / `palette` / `notes` / `artwork`. Decision order:
1. Strong palette (≥3 of CMYK/RGB/Hexadecimal headings + ≥2 hex colours) → palette
2. Strong checklist (≥3 of "Asset suitable", "Fonts present", "Resolution fine", etc.) → checklist
3. Artwork signals (T&Cs, offer mechanics, prices, GSL barcode) → artwork
4. Yellow Notes / Client Queries with no artwork signals → notes
5. Sparse Production Pack title block → cover (doubles as brief / context page)
6. Default → artwork (fail-safe: false positives on artwork are recoverable)
**Strict-grade exemption** (`Profile.strict_grade=True` in `profile_config.py`): only artwork-classified pages count towards Pass/Fail. Cover, checklist, palette, and notes pages are scored and surfaced in the report as **informational** but cannot trigger a Fail. The strict-grade banner in the HTML report lists exactly which artwork-page checks fell below 6.
**Cost per pack:** 7 checks × pages = roughly £0.05-0.30 per pack. 4-page packs ~£0.10, 18-page packs ~£0.30.
**Smoke-test results (2026-05-05):** all three test packs Fail by strict-grade — but the remaining violations are genuine compliance issues, not noise. Across three rounds of prompt tuning, Easter Overlay (the noisiest 18-page pack) climbed from 72.38 → 78.97 → **80.04**. Strict-grade violations dropped from 27 → 18 → 14 across 10 pages.
| Pack | Pages | Final overall | Strict-grade violations |
|---|---|---|---|
| Remington (1.8MB, 4 pages) | 4 | 70.75 | 3 (orphan asterisk, T&C wording deviations) |
| Easter Overlay (3MB, 18 pages) | 18 | 80.04 | 14 (real catches across brand_name / T&C / offer_mechanics / currency_locale) |
| Grenade (5.9MB, 7 pages) | 7 | 78.0 | 3 (caveat orphan, meal-deal format) |
The strongest real catch in the dataset: Easter Overlay page 14 is labelled for the ROI market in production notes but uses £ instead of € on the artwork — caught by `boots_currency_locale`. That's exactly the kind of pre-press error worth surfacing.
**Vision-LLM limitations explicitly handled in prompts** (so the Boots team understands what's reliable vs best-effort):
- Font weight (Boots Sharp Regular vs Light) at small sizes — surfaced via `font_weight_caveat` (T&C check) and `weight_caveat` (caveat check)
- Asterisk superscript at small sizes — surfaced via `superscript_caveat` (asterisk glyph naturally sits high; only flag when raised AND shrunk)
- Caveat size comparison at small sizes — surfaced via `sizing_caveat` (1-2pt differences below detection threshold)
- Subtle accent marks on brand names — `accent_marks_verifiable` flag
**Tuning patterns that worked** (worth knowing for future client onboards):
- "Closed-world list" semantics — when an approved-list reference is incomplete (third-party brands, font lists, etc.), absence from list ≠ failure. Surface for manual review at neutral 7/10, flag misspellings of listed items as Fail.
- "ALL CAPS retail convention" exception — brand names rendered in caps (L'OREAL, ESTEE LAUDER) are typographic choices, not spelling errors.
- "Stylised brand logotype" exception — known logomarks like `17` for SEVENTEEN are Pass.
- "Best-effort with manual_check flag" pattern — for vision-LLM limitations, score 7-8 with explicit caveat field rather than confident-but-wrong Fail.
## Guidance Document Summary

53
CLAUDE_DIAGEO.md Normal file
View file

@ -0,0 +1,53 @@
# Diageo Client Documentation
> Referenced from main CLAUDE.md. Detailed Diageo QC profile descriptions and check inventories.
## Overview
Diageo has two specialised profiles for its core asset types: **Key Visual** (campaign creative) and **Packaging** (label/pack design). Both run against generic visual checks shared with other CPG-style brand profiles (Unilever uses an overlapping check set).
## Diageo Profiles
### `diageo_key_visual` — 11 checks
Campaign key-visual QC. Uses generic shared visual checks at brand-tuned weights.
| Check | What it does | Weight |
|-------|--------------|--------|
| `background_contrast` | Product/text contrast against background | 0.115 |
| `brand_assets_visibility` | Brand assets clearly visible | 0.077 |
| `call_to_action` | CTA presence and clarity | 0.115 |
| `face_gaze_direction` | If a face is present, gaze direction guides toward product/CTA | 0.038 |
| `face_visibility` | Face presence and visibility | 0.077 |
| `imperative_verb` | Headline uses imperative verb | 0.077 |
| `logo_visibility` | Brand logo clearly visible | 0.115 |
| `text_readability` | Text legibility | 0.115 |
| `visual_elements_count` | Element count not overwhelming | 0.077 |
| `visual_hierarchy` | Clear visual hierarchy | 0.115 |
| `word_count` | Headline word count appropriate | 0.077 |
### `diageo_packaging` — 13 checks
Packaging design QC. Adds packaging-specific checks (curved edges, color format) to a similar base.
| Check | What it does | Weight |
|-------|--------------|--------|
| `background_contrast` | Visibility of design elements | 0.087 |
| `brand_assets_visibility` | Brand assets visible on pack | 0.13 |
| `call_to_action` | CTA on pack (if applicable) | 0.043 |
| `color_format` | Color mode appropriate for print | 0.043 |
| `curved_edges` | Pack curve treatment | 0.087 |
| `face_gaze_direction` | Gaze direction (if face) | 0.043 |
| `face_visibility` | Face visibility | 0.043 |
| `logo_visibility` | Brand logo on pack | 0.13 |
| `lowercase_text` | Lowercase usage rules | 0.043 |
| `new_visibility` | "NEW" tag visibility (if present) | 0.087 |
| `product_visibility` | Product clearly visible | 0.13 |
| `text_readability` | Text legibility | 0.087 |
| `visual_elements_count` | Element count appropriate | 0.043 |
## Status
No formal prompt-tuning rounds have been run on Diageo profiles in this repo's history. Profiles use generic shared checks, so tuning is captured in the underlying `visual_qc_apps/<check>/app.py` prompts rather than client-specific check modules.
If Diageo-specific tuning is required (specific brand families, region rules, etc.), introduce dedicated `diageo_*` checks in `visual_qc_apps/` following the Boots / Amazon pattern.

21
CLAUDE_GENERAL.md Normal file
View file

@ -0,0 +1,21 @@
# General / Other Client Documentation
> Referenced from main CLAUDE.md. The "General / Other" tile is the catch-all for users without a brand-specific client assignment.
## Overview
`general` is the default client. Every authenticated user is granted access to it via `default_clients: ["general"]` in `backend/user_access.json`. It's the safe sandbox where new users can run analyses without an admin granting brand-specific access.
## Profiles available
| Profile | Notes |
|---------|-------|
| `static_general` | 10-check baseline static QC profile |
| `video_general` | Generic video QC profile |
| `inclusive_accessibility` | 2-check accessibility-focused profile (accessibility + inclusive design) |
## Notes
- The `general` client is intentionally generic — no client-specific tuning happens here.
- New profiles created with `visibility: "all"` automatically appear in this client's profile list.
- For client-specific work, set up a dedicated client tile and use a `client_specific` profile rather than adding to `general`.

24
CLAUDE_HONDA.md Normal file
View file

@ -0,0 +1,24 @@
# Honda Client Documentation
> Referenced from main CLAUDE.md. Honda has no client-specific profiles or checks at present.
## Overview
Honda is set up as a client tile in the platform but uses the **generic** `static_general` and `video_general` profiles only. No client-specific QC tools, profiles, or prompt tuning have been built for Honda.
## Profiles available
| Profile | Notes |
|---------|-------|
| `static_general` | 10-check baseline static QC profile shared with all clients |
| `video_general` | Generic video QC profile |
## Adding Honda-specific work
If Honda-specific QC needs arise (brand guidelines, dealer-template compliance, etc.), follow the established client pattern:
1. Create `honda_*` check modules under `backend/visual_qc_apps/`
2. Create a `honda_static.json` (or similar) profile in `backend/profiles/`
3. Update `client_config.py` to add the profile to the Honda client's profile list
4. Capture tuning history and known limitations in this file
See `CLAUDE_AMAZON.md` and `CLAUDE_BOOTS.md` for examples of full client builds.

24
CLAUDE_RANK.md Normal file
View file

@ -0,0 +1,24 @@
# Rank Client Documentation
> Referenced from main CLAUDE.md. Rank has no client-specific profiles or checks at present.
## Overview
Rank is set up as a client tile in the platform but uses the **generic** `static_general` and `video_general` profiles only. No client-specific QC tools, profiles, or prompt tuning have been built for Rank.
## Profiles available
| Profile | Notes |
|---------|-------|
| `static_general` | 10-check baseline static QC profile shared with all clients |
| `video_general` | Generic video QC profile |
## Adding Rank-specific work
If Rank-specific QC needs arise, follow the established client pattern:
1. Create `rank_*` check modules under `backend/visual_qc_apps/`
2. Create a `rank_static.json` (or similar) profile in `backend/profiles/`
3. Update `client_config.py` to add the profile to the Rank client's profile list
4. Capture tuning history and known limitations in this file
See `CLAUDE_AMAZON.md` and `CLAUDE_BOOTS.md` for examples of full client builds.

56
CLAUDE_UNILEVER.md Normal file
View file

@ -0,0 +1,56 @@
# Unilever Client Documentation
> Referenced from main CLAUDE.md. Detailed Unilever QC profile descriptions, profile-specific scoring logic, and check inventories.
## Overview
Unilever has two specialised profiles: **Key Visual** (campaign creative) and **Packaging** (label/pack design). Both share most checks with Diageo (generic CPG-style visual checks) but include a small number of **bonus checks** with profile-specific zero-scoring behaviour for missing critical elements.
## Unilever Profiles
### `unilever_key_visual` — 15 checks (120-point scale)
Campaign key-visual QC.
| Check | What it does | Weight |
|-------|--------------|--------|
| `background_contrast` | Product/text contrast against background | 0.10 |
| `brand_assets_visibility` | Brand assets visible | 0.12 |
| `call_to_action` | CTA presence and clarity | 0.03 |
| `curved_edges` | Curved-edge treatment | 0.04 |
| `face_gaze_direction` | Gaze direction guides toward product/CTA *(bonus / zero-score)* | 0.06 |
| `face_visibility` | Face presence and visibility *(bonus / zero-score)* | 0.07 |
| `imperative_verb` | Headline uses imperative verb | 0.02 |
| `logo_visibility` | Brand logo visible | 0.14 |
| `lowercase_text` | Lowercase usage rules | 0.10 |
| `new_visibility` | "NEW" tag visibility *(bonus / zero-score)* | 0.07 |
| `supporting_images` | Supporting imagery quality | 0.10 |
| `text_readability` | Text legibility (deprecated, now part of inheritance) | (n/a) |
| `visual_elements_count` | Element count not overwhelming | 0.14 |
| `visual_hierarchy` | Clear visual hierarchy | 0.10 |
| `visuals_left_text_right` | Visuals left, text right composition | 0.06 |
| `word_count` | Headline word count | 0.05 |
### `unilever_packaging` — 17 checks
Packaging design QC. Same base as Key Visual plus print-related checks (`crop_marks`, `color_format`).
## Profile-specific scoring logic — bonus / zero-score
The Unilever Key Visual profile implements **zero-score behaviour** for three checks tied to the presence of specific creative elements:
| Check | Trigger | Behaviour |
|-------|---------|-----------|
| `face_visibility` | `face_present == false` | Score forced to **0** |
| `new_visibility` | `new_present == false` | Score forced to **0** |
| `face_gaze_direction` | `face_present == false` | Score forced to **0** |
This ensures that creatives missing critical brand-mandated elements (a face, the "NEW" tag) cannot pass on the back of high scores from other checks. The zero-score logic lives in `api_server.py:extract_score_from_result()` and is gated by `profile_config.get('name') == 'Unilever Key Visual'`.
The Unilever Key Visual profile uses a **120-point scale** (total weight slightly above 1.0) — the bonus checks add headroom rather than being equally weighted with the core checks.
## Status
No formal client-driven prompt-tuning rounds in this repo's history. The profile-specific scoring logic was added as a system enhancement to handle the bonus-check pattern.
If Unilever-specific tuning is required (specific brand families, regional rules, etc.), introduce dedicated `unilever_*` checks in `visual_qc_apps/` following the Boots / Amazon pattern.

197
backend/BOX_CLIENT_ONBOARDING.md Normal file
View file

@ -0,0 +1,197 @@
# Box Client Onboarding Runbook
Adds a new client to the Box-webhook-driven QC pipeline (Phase 4). Run through this once per client. Most steps need ~5 minutes; total ~30 minutes including Box admin turnaround for collaborator invites.
Architectural reference: the JWT auth + webhook endpoint live in `backend/box_jwt_client.py` and `backend/api_server.py` (search for `_run_box_triggered_analysis`). The admin CLI is `backend/scripts/box_setup.py`. The JWT auth coexists with an older per-user OAuth flow in `backend/box_client.py` — different code path, dormant scaffolding, not used by this pipeline.
---
## What you need before starting
- **Box admin access** (or someone who can act as one) — to create folders and invite the service account.
- **SSH access to the dev server** (`optical-production-dev`) — to run the bootstrap CLI and tail logs.
- **Repo write access** — to land the `client_config.py` change as a PR.
- **The client's profile decisions** — which profile should be the unattended-run default? (Pick from the client's existing `profiles` list.)
Already done at the platform level (don't redo per-client):
- JWT config JSON at `/opt/ai_qc/backend/config/box_jwt_config.json` on each server
- `BOX_WEBHOOK_PRIMARY_KEY` + `BOX_WEBHOOK_SECONDARY_KEY` in each server's env file
- ffmpeg installed (for video pre-flight)
---
## Step 1 — Box-side prep (admin task)
For client `<CLIENT>` (e.g. Diageo):
1. **Create two folders in Box:**
- `AI-QC > INCOMING > AI QC <CLIENT> IN` — where source assets land
- `AI-QC > REPORTS > AI QC <CLIENT> REPORTS` — where QC reports land
2. **Invite the JWT service account as a collaborator on BOTH folders.** Role: **Editor** or higher. (Editor lets it read uploads, write reports, and move files into the auto-created `_PROCESSED` subfolder. Co-owner also works.)
3. **Capture the folder IDs.** Box shows them in the URL when you open a folder, or you can list them programmatically once invites are in:
```bash
cd /opt/ai_qc
venv/bin/python backend/scripts/box_setup.py list-folder <parent_AI-QC_folder_id>
```
---
## Step 2 — Code change
Edit `backend/client_config.py`, add three optional fields to the client entry:
```python
'<client_id>': {
'name': 'Client Display Name',
'profiles': ['client_specific_profile', 'static_general', 'video_general'],
'display_name': 'Client Display Name',
'description': '...',
'box_folder_id': '<INCOMING folder ID>',
'box_reports_folder_id': '<REPORTS folder ID>',
'default_profile': '<one of the profiles above>',
},
```
Then:
- Push as a small PR → merge to `develop`
- On the dev server: `cd /opt/ai_qc && ./backend/scripts/deploy.sh dev`
- No env-file backup dance needed (this is a code-only change)
---
## Step 3 — Verify the service account got access
Before registering webhooks, sanity-check that the service account can actually read the folders the admin invited it to:
```bash
cd /opt/ai_qc
venv/bin/python backend/scripts/box_setup.py list-folder <INCOMING folder ID>
venv/bin/python backend/scripts/box_setup.py list-folder <REPORTS folder ID>
```
Expected: both print `Folder <id> contains N items:` even if empty.
**If you get `Access Denied` / HTTP 403**: the service account isn't actually a collaborator yet. Box admin needs to retry the invite. Common causes:
- Invite went to the wrong identity (Box has separate "user" and "app" identities — the JWT app is an app)
- Invite is pending acceptance somewhere
- Folder was created but invite wasn't applied at the right level
Don't proceed until both `list-folder` calls succeed.
---
## Step 4 — Register the V2 webhook
**Option A: CLI (recommended)** — idempotent, batch-able, lives in version control:
```bash
cd /opt/ai_qc
venv/bin/python backend/scripts/box_setup.py register-all-clients \
https://optical-dev.oliver.solutions/ai_qc/api/box/webhook
```
The script:
- Scans `client_config.py` for every client with `box_folder_id` set
- For each, checks Box for an existing webhook on that folder pointing at the given URL
- Skips ones that already exist
- Creates webhooks for any that are missing
- Prints `<client> (<folder_id>): CREATED webhook id=<id>` or `SKIP — webhook already exists`
Safe to re-run any time; it won't duplicate.
**Option B: Box Developer Console UI** — useful for one-off testing:
- Box Developer Console → your Custom App → **Webhooks** tab → **Create Webhook**
- URL: `https://optical-dev.oliver.solutions/ai_qc/api/box/webhook`
- Content Type: **Folder** → search/pick the client's INCOMING folder
- Event Triggers: tick **`FILE.UPLOADED`** only (do not tick others — they'd trigger spurious webhook deliveries)
- Save
No new signing keys to generate — they're app-level, configured once for the whole Custom App.
---
## Step 5 — End-to-end test
Open one terminal:
```bash
sudo journalctl -u ai-qc.service -f
```
In Box: upload a small test asset (image, PDF, or video) to the client's INCOMING folder.
Within a few seconds you should see (timestamps abbreviated):
```
Box webhook: dispatching session=<ts> client=<client_id> profile=<default_profile> file_id=...
Box webhook: downloaded <file> → uploads-dev/<ts>/<file>
Running check 1/N: <check_name>
...
Box webhook: uploaded report QC_Report_<ts>_<file>.html → folder <REPORTS folder ID>
Box webhook: moved source → _PROCESSED/<ts>_<file>
Box webhook: analysis complete for session <ts>, score <N>
```
Then in Box, verify:
- A new `QC_Report_<ts>_<original-filename>.html` exists in the REPORTS folder
- The source file has been moved into the auto-created `_PROCESSED` subfolder inside INCOMING. Its new name has the session_id prefix, which ties back to the corresponding report.
---
## Step 6 — (Optional) Tune the default profile from the UI
If the team finds that the static `default_profile` in code doesn't match how they want webhook-triggered runs to behave, an admin can change it without a code deploy:
1. Open the app → pick the client in the picker
2. ⚙️ **Settings****Default Profile** tab
3. Click a different profile → **Set as default**
The override is persisted to `backend/client_defaults.json` (gitignored, per-server) and takes effect immediately on the next webhook run. **Revert to static default** clears the override.
---
## Step 7 — Promote to prod
After the dev test passes:
1. PR `develop → main` on Bitbucket. Merge.
2. Tag main: e.g. `v1.2.0`, push the tag.
3. On the prod server (`optical-production`):
```bash
cd /opt/ai_qc
./backend/scripts/deploy.sh prod v1.2.0
```
4. Once-per-environment prod prerequisites (you only do these the first time prod gets Phase 4, never again):
- JWT config JSON at `/opt/ai_qc/backend/config/box_jwt_config.json` (scp from your laptop, `chmod 600`)
- `BOX_WEBHOOK_PRIMARY_KEY` + `BOX_WEBHOOK_SECONDARY_KEY` in `production.env` — these are the same app-level keys as dev
- `sudo apt install ffmpeg` (for video pre-flight)
5. Register webhooks pointing at the prod URL (different from dev's URL — each webhook is bound to one address):
```bash
cd /opt/ai_qc
venv/bin/python backend/scripts/box_setup.py register-all-clients \
https://optical-prod.oliver.solutions/ai_qc/api/box/webhook
```
The Box folders themselves are shared — you don't create new prod-only folders. Both dev and prod webhooks fire on the same client folders. If you don't want prod handling uploads yet, just don't register the prod webhooks until you're ready.
---
## Common gotchas
| Symptom | Likely cause | Fix |
|---|---|---|
| 403 from `list-folder` | Service account isn't a collaborator on that folder yet | Box admin re-invites with Editor role |
| `Box webhook: signature verification failed` in logs | Signing keys in env don't match what the Custom App has | Box Developer Console → Manage Signature Keys → regenerate → update env on each server → restart service |
| `Box webhook: no client configured for Box folder <id>` | The folder ID Box sent doesn't match any `box_folder_id` in `client_config.py` | Check `client_config.py` against the actual Box folder ID; they're strings, must match exactly |
| `Box webhook: skipping non-QC extension <ext>` | User uploaded a file type we don't QC (e.g. `.docx`, `.zip`) | Working as intended; document for the client |
| Webhook fires correctly but source file stays in INCOMING | The report-upload step failed earlier; the move is gated on a successful report upload so the user can retry by re-uploading | Look upstream in the log for `failed to upload report to Box: <error>` and fix the cause (usually a permissions issue on the REPORTS folder) |
| Re-uploading the same filename doesn't trigger a fresh webhook | This is normal Box V2 behavior — same-name "replace" uploads create new versions of the existing file, which the folder-scoped webhook doesn't fire on | The auto-move-to-`_PROCESSED` step solves this for the happy path. If a file got stuck in INCOMING because of a previous failure, move/delete it manually so the next upload is a genuinely-new file |
| Reports folder fills up indefinitely | No auto-cleanup of old reports — by design | Manual cleanup, or add an age-based pruning script as a follow-up |
| `_PROCESSED` folder not auto-created | Service account doesn't have Editor (Viewer can't create subfolders) | Box admin upgrades the collaborator role to Editor |
---
## What this onboarding does NOT cover
- **Removing a client from the integration** — to stop processing: delete the webhook in the Box Developer Console (or `box_setup.py delete-webhook <webhook_id>`), then remove the `box_folder_id` field from `client_config.py` in a PR. Existing reports in the REPORTS folder are left alone.
- **Multiple webhook-triggered profiles per client** — current schema is one default profile per client. If a client needs `FILE.UPLOADED` in one folder to run profile A and a different folder to run profile B, that's a schema change (one `client_config.py` entry per folder, or extend the schema to `{folder_id: profile_id}` maps).
- **Webhook health monitoring** — there's no alert if Box stops delivering. If you suspect webhooks are silent, drop a fresh test asset and watch logs; if nothing fires, check Box Developer Console → Webhooks → the webhook's `App Diagnostics` tab.

943
backend/CLAUDE.md
View file

@ -1,933 +1,18 @@
# CLAUDE.md
# CLAUDE.md (backend/)
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
This file used to duplicate the project-wide guidance and is now stale. Read **`../CLAUDE.md`** at the repo root for current project-wide guidance, and the relevant **`../CLAUDE_<CLIENT>.md`** when working on client-specific code.
## Project Overview
## Quick pointers for backend work
Visual AI QC is a Python Flask-based AI-powered quality control platform for analyzing marketing materials and design assets using OpenAI GPT-4o and Google Gemini 2.5 Pro. It evaluates visual and video content against brand guidelines and design best practices through **75 specialized QC checks** across **14 profiles**, serving **10 clients** (Diageo, Unilever, L'Oreal, Amazon, Boots, Dow Jones, Honda, AXA, Rank, General).
- API server entry point: `api_server.py`
- QC check modules: `visual_qc_apps/{check_name}/app.py`
- Document-mode pipeline (multi-page PDF): `document_mode/`
- Profile JSONs: `profiles/`
- Profile loading + check discovery: `profile_config.py`
- Client ↔ profile mapping: `client_config.py`
- LLM config: `llm_config.py`
- User access control: `user_access.py` + `user_access.json` (gitignored)
- Usage logs: `usage_logs/<YYYY-MM-DD>.jsonl`
- Deploy scripts: `scripts/deploy.sh`, `scripts/rollback.sh`, `scripts/health-check.sh`
## Core Architecture
### Main Components
- **`api_server.py`** - Main Flask server with async processing and parallel execution
- **`visual_qc_apps/`** - Modular QC check system with 65 individual check modules
- **`profiles/`** - JSON configuration files defining QC check combinations and weights
- **`brand_guidelines/`** - Reference asset storage and brand guideline database
- **`llm_config.py`** - Centralized LLM configuration and API interaction
- **`profile_config.py`** - Profile loading and QC check discovery system
- **`usage_tracker.py`** - Usage tracking and cost estimation system
- **`generate_usage_report.py`** - Command-line tool for generating usage reports
- **`client_config.py`** - Client-profile relationship management with visibility control
- **`pdf_processor.py`** - PDF text extraction, LLM summarization for brand guidelines
- **`media_plan_processor.py`** - Excel media plan parsing, filename matching, spec validation
- **`web_ui.html`** - Single-page web interface for uploads and analysis
### Key Design Patterns
- **Modular QC Checks**: Each check lives in `visual_qc_apps/{check_name}/app.py` with standardized interface
- **Profile-Based Configuration**: QC profiles define which checks run, their weights, and LLM assignments
- **Parallel Batch Processing**: Checks execute in parallel batches of 15 for performance
- **Async Progress Tracking**: Non-blocking analysis with real-time progress updates
- **Reference Asset Integration**: Brand guidelines enhance analysis accuracy through prompt augmentation
## Development Commands
### Running the Application
#### Development Environment (Recommended)
```bash
# Quick start with development environment
./scripts/run-local.sh
# Access web interface at http://localhost:7183
```
#### Legacy/Manual Setup
```bash
# Start the Flask server directly
python api_server.py
# Or with environment variable
export ENVIRONMENT=development
python api_server.py
```
### Environment Setup
#### New Environment System (Recommended)
The application now supports separate development and production environments:
```bash
# Install dependencies
pip install -r requirements.txt
# Configure development environment
cp config/.env.template config/development.env
# Edit config/development.env with:
# OPENAI_API_KEY, GOOGLE_API_KEY, AZURE_CLIENT_ID, etc.
# Configure production environment
cp config/.env.template config/production.env
# Edit config/production.env with production settings
```
#### Environment Structure
```
config/
├── development.env # Local development settings
├── production.env # Production server settings
└── .env.template # Template for new environments
uploads-dev/ # Development uploads (separate from production)
output-dev/ # Development output (separate from production)
scripts/
├── run-local.sh # Start local development
├── deploy-to-prod.sh # Deploy to production
└── test-system.sh # Validate system before deployment
```
#### Legacy Environment Setup
```bash
# Fallback to legacy config.env (still supported)
cp config.env.example config.env
# Edit config.env with OPENAI_API_KEY and GOOGLE_API_KEY
```
### Adding New QC Checks
1. Create directory: `visual_qc_apps/{check_name}/`
2. Create `app.py` with standardized interface using `flask_app_template.py`
3. Register in profile configurations
4. Restart server to activate
### Code Quality Checks
#### Comprehensive Testing (Recommended)
```bash
# Run full system validation
./scripts/test-system.sh
# This includes:
# - Python syntax validation
# - Core module import testing
# - Profile system validation (all 14 profiles)
# - QC module testing
# - Configuration validation
# - Brand guidelines database testing
```
#### Manual Testing
```bash
# Run syntax check on all Python files
python -m py_compile **/*.py
# Import all modules to check for runtime issues
python -c "import api_server, llm_config, profile_config"
# Test authentication modules
python -c "import jwt_validator, auth_middleware; print('Authentication modules imported successfully')"
```
### Development Workflow
#### Local Development Process
1. **Start Development Server**: `./scripts/run-local.sh`
2. **Make Changes**: Edit code, profiles, or configurations
3. **Test Locally**: Verify functionality at http://localhost:7183
4. **Run Validation**: `./scripts/test-system.sh` before deployment
5. **Deploy to Production**: `./scripts/deploy-to-prod.sh` when ready
#### Environment Detection
The application automatically detects which environment to use:
1. **`ENVIRONMENT` environment variable** (development/production)
2. **Config file existence** in `config/` folder
3. **Fallback to legacy** `config.env` if new structure not found
#### Benefits of New Setup
- ✅ **Safe Testing**: Changes don't affect production
- ✅ **Separate Data**: Dev uploads/output don't mix with production
- ✅ **Easy Deployment**: One command to push to production
- ✅ **Automated Testing**: Validation before deployment
- ✅ **Quick Rollback**: Automatic backups before deployment
## File Structure
```
├── api_server.py # Main Flask application
├── visual_qc_apps/ # QC check modules
│ ├── utils.py # Shared utilities
│ ├── flask_app_template.py # Template for new checks
│ └── {check_name}/app.py # Individual QC checks
├── profiles/ # QC profile configurations (14 total)
│ ├── general_check.json # General purpose profile (10 checks)
│ ├── static_general.json # Static general profile (10 checks)
│ ├── unilever_key_visual.json # Unilever key visual profile (15 checks)
│ ├── unilever_packaging.json # Unilever packaging profile (17 checks)
│ ├── diageo_key_visual.json # Diageo key visual profile (11 checks)
│ ├── diageo_packaging.json # Diageo packaging profile (13 checks)
│ ├── loreal_static.json # L'Oreal static profile (2 checks)
│ ├── amazon_static.json # Amazon ASD 2025 profile (6 checks)
│ └── inclusive_accessibility.json # Accessibility profile (2 checks)
├── brand_guidelines/ # Reference assets
│ └── guidelines_db.json # Asset metadata
├── config/ # Environment configurations (NEW)
│ ├── development.env # Development environment settings
│ ├── production.env # Production environment settings
│ └── .env.template # Template for new environments
├── scripts/ # Deployment and testing scripts (NEW)
│ ├── run-local.sh # Start local development server
│ ├── deploy-to-prod.sh # Deploy to production server
│ └── test-system.sh # Comprehensive system validation
├── uploads/ # Production file uploads
├── uploads-dev/ # Development file uploads (NEW)
├── output/ # Production generated reports
├── output-dev/ # Development generated reports (NEW)
├── config.env # Legacy API keys and configuration (DEPRECATED)
├── DEV_PROD_SETUP.md # Development/Production setup guide (NEW)
└── web_ui.html # Web interface
```
## Important Configuration Files
### New Environment System
- **`config/development.env`** - Development environment API keys and Flask configuration
- **`config/production.env`** - Production environment API keys and Flask configuration
- **`config/.env.template`** - Template for creating new environment configurations
- **`scripts/run-local.sh`** - Local development startup script
- **`scripts/test-system.sh`** - Comprehensive system validation script
- **`scripts/deploy-to-prod.sh`** - Production deployment script
- **`DEV_PROD_SETUP.md`** - Detailed setup and deployment guide
### Core Application Files
- **`config.env`** - Legacy API keys and Flask configuration (DEPRECATED but still supported)
- **`requirements.txt`** - Python dependencies for OpenAI, Google AI, Flask, PIL, PyMuPDF
- **`profiles/*.json`** - QC check configurations with weights and LLM assignments
## Key Integration Points
### LLM Configuration (`llm_config.py`)
- Manages OpenAI GPT-4 and Google Gemini API interactions
- Handles model switching and error handling
- Converts images to base64 for API consumption
### Profile System (`profile_config.py`)
- Dynamically discovers available QC checks
- Loads profile configurations from JSON files
- Maps checks to specific LLM models
### Parallel Processing Architecture
- Uses ThreadPoolExecutor for concurrent API calls
- Batches of 15 checks for optimal performance
- Real-time progress tracking with batch indicators
## Authentication System
### MSAL/PKCE Implementation
The application implements Microsoft Authentication Library (MSAL) with Proof Key for Code Exchange (PKCE) flow for secure user authentication:
- **Frontend**: MSAL Browser Library v2.38.3+ with popup-based authentication
- **Backend**: Python JWT validation using PyJWT library
- **Session Management**: httpOnly cookies with security flags
- **Token Validation**: Real-time validation against Azure AD JWKS
### Authentication Components
#### Core Files
- **`jwt_validator.py`** - Azure AD JWT token validation with JWKS verification
- **`auth_middleware.py`** - Flask authentication middleware with httpOnly cookie management
- **Authentication endpoints** in `api_server.py` - `/auth/login`, `/auth/logout`, `/auth/status`
- **Frontend integration** in `web_ui.html` - MSAL configuration and popup authentication
#### Configuration Requirements
```bash
# Required environment variables in config.env
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
FLASK_ENV=development
SECRET_KEY=your-secret-key-here-change-in-production
```
#### Dependencies
- PyJWT>=2.8.0 for JWT token validation
- cryptography>=41.0.0 for cryptographic operations
- requests for HTTPS calls to Azure AD endpoints
### Protected Endpoints
The following API endpoints require authentication:
- `/api/start_analysis` - File analysis initiation
- `/api/analyze` - Smart analysis with triage
- `/api/process_file` - Direct file processing
- `/api/process_triaged_file` - Triaged file processing
- `/api/profiles` (POST/PUT/DELETE) - Profile management
- `/api/brand_guidelines` (POST/DELETE) - Brand guidelines management
### Authentication Flow
1. **Frontend**: User clicks "Sign In with Microsoft" → MSAL popup authentication
2. **Azure AD**: User authenticates → Authorization code with PKCE validation
3. **Token Exchange**: MSAL exchanges code for ID/access tokens
4. **Server Validation**: Python validates JWT against Azure AD JWKS
5. **Session Creation**: Valid tokens stored in httpOnly cookies
6. **API Access**: Authenticated requests include cookie for validation
### Security Features
- **httpOnly Cookies**: Prevent XSS access to authentication tokens
- **PKCE Flow**: Enhanced security for single-page applications
- **Real-time Validation**: Every request validates token against Azure AD
- **Secure Headers**: Cookies use Secure, SameSite=Lax flags
- **Server-side Validation**: No client-side security dependencies
## QC Profile System
### Available Profiles
The system includes 14 focused QC profiles designed for different use cases:
1. **General Check** (10 checks, 100-point scale)
- Purpose: Streamlined general-purpose QC analysis
- Checks: Essential design and technical standards
- Weighting: Even distribution (10% each)
- Requirements: No reference assets needed
- Scoring: Individual scores 1-10, final score 0-100
2. **Static General** (10 checks, 100-point scale)
- Purpose: Comprehensive digital static asset QC
- Checks: Text readability, contrast, language, hierarchy, alignment, product/logo visibility, CTA, accessibility, inclusive
- Used by: All clients as a baseline profile
3. **Unilever Key Visual** (15 checks, 120-point scale)
- Purpose: Unilever brand guidelines for key visual materials
- Special Logic: Bonus checks with zero-scoring for missing elements
- Requirements: Brand guidelines recommended
- Scoring: Weighted distribution, 120-point maximum
4. **Unilever Packaging** (17 checks)
- Purpose: Unilever packaging design standards
- Requirements: Brand guidelines recommended
5. **Diageo Key Visual** (11 checks)
- Purpose: Diageo brand guidelines for key visuals
- Requirements: Brand guidelines recommended
6. **Diageo Packaging** (13 checks)
- Purpose: Diageo packaging design standards
- Requirements: Brand guidelines recommended
7. **L'Oreal Static** (3 checks, 100-point scale)
- Purpose: Focused L'Oreal QC for digital static marketing materials
- Checks: language_consistency, text_readability, background_contrast
- Scoring: Equal weight distribution (3.33 each), any individual check <6 = overall Fail
- Note: text_readability scores 7/10 neutral for product-only shots (no marketing text)
- Note: background_contrast focuses on actual visibility, not theoretical colour similarity
8. **Amazon Static** (6 checks, 100-point scale)
- Purpose: Amazon ASD 2025 design guidelines compliance
- Checks: Required elements, logo/country compliance, typography, headline layout, margins, box placement
- Requirements: Guidelines embedded in check prompts from ASD 2025 PDF
- Scoring: Weighted distribution (element/logo checks weighted higher)
9. **Inclusive Accessibility** (2 checks)
- Purpose: Focused accessibility compliance
- Checks: Accessibility and inclusive design
- Requirements: No reference assets needed
### Client Configuration
| Client | Display Name | Profiles |
|--------|-------------|----------|
| diageo | Diageo | diageo_key_visual, diageo_packaging, static_general, video_general |
| unilever | Unilever | unilever_key_visual, unilever_packaging, static_general, video_general |
| loreal | L'Oreal | loreal_static, static_general, video_general |
| amazon | Amazon | amazon_static, static_general, video_general |
| boots | Boots | boots_static, static_general, video_general |
| dow_jones | Dow Jones | dow_jones_static, marketwatch_static, wsj_static, static_general, video_general |
| honda | Honda | static_general, video_general |
| axa | AXA | static_general, video_general |
| rank | Rank | static_general, video_general |
| general | General / Other | static_general, video_general, inclusive_accessibility |
### Profile Selection Guidelines
- **General content analysis**: Use Static General or General Check
- **Brand-specific analysis**: Use appropriate brand profile
- **Amazon ASD 2025 compliance**: Use Amazon Static
- **Dow Jones corporate**: Use Dow Jones Static
- **MarketWatch assets**: Use MarketWatch Static
- **WSJ assets**: Use WSJ Static
- **Accessibility focus**: Use Inclusive Accessibility
- **Mixed requirements**: Profiles can be combined in multi-profile analysis
## Recent System Enhancements
### Unilever Profile-Specific Scoring Logic
The **Unilever Key Visual** profile now implements specialized scoring logic for enhanced quality control:
#### Zero-Score Implementation
- **Face Visibility Check**: Automatically sets score to 0 when `face_present` = false in JSON response
- **New Visibility Check**: Automatically sets score to 0 when `new_present` = false in JSON response
- **Face Gaze Direction Check**: Automatically sets score to 0 when `face_present` = false in JSON response
#### Implementation Details (`api_server.py:extract_score_from_result()`)
```python
# Unilever Key Visual profile specific logic
if (profile_config and profile_config.get('name') == 'Unilever Key Visual' and
check_name in ['face_visibility', 'new_visibility', 'face_gaze_direction']):
# Check for zero score conditions based on missing elements
if check_name == 'face_visibility' and json_data.get('face_present') == False:
return 0
elif check_name == 'new_visibility' and json_data.get('new_present') == False:
return 0
elif check_name == 'face_gaze_direction' and json_data.get('face_present') == False:
return 0
```
This ensures that missing critical elements (faces, "new" text) result in zero scores, providing more stringent quality control for Unilever key visual assets.
### Scoring System Enhancements
The scoring calculation system has been improved to handle different profile weight structures correctly:
#### Multi-Scale Scoring Support
- **100-Point Scale**: General Check profile with total weight 10.0 uses direct weighted scores
- **Other Scales**: Profiles with lower total weights use scaled scoring (weighted_score × 10)
- **Brand-Specific Scales**: Unilever Key Visual uses 120-point maximum scale
#### Fixed Calculation Logic (`api_server.py`)
```python
# Smart scoring calculation based on profile weight structure
if total_weight >= 10.0:
overall_score = total_weighted_score # Direct score for high-weight profiles
else:
overall_score = total_weighted_score * 10 # Scale up for traditional profiles
```
#### JSON Response Merging
Enhanced JSON extraction to merge multiple JSON blocks from LLM responses:
- Combines metadata (face_present, new_present) with scoring data
- Enables proper bonus check logic for Unilever profiles
- Maintains backward compatibility with single JSON responses
### Enhanced Saved Files Management
The output file system has been significantly improved for better user experience:
#### Automatic Date Sorting (`api_server.py:list_output_files()`)
- Files now automatically sorted by creation date (newest first)
- Backend sorts using file timestamps before sending to frontend
- No more manual sorting needed in the UI
#### Smart Refresh System (`web_ui.html`)
- **Progressive Retry Mechanism**: Attempts refresh at 1s, 3s, and 5s intervals after analysis
- **File Count Detection**: Compares before/after file counts to detect new files
- **Early Success Exit**: Stops retrying immediately when new files are detected
- **Visual Loading Indicators**: Shows "🔄 Checking for new files..." during refresh
- **New File Highlighting**: Latest files highlighted with green background and "NEW" badge
- **Auto-cleanup**: Visual highlights fade after 5 seconds
#### Implementation Features
```javascript
// Enhanced refresh with progressive delays
const refreshAttempts = [1000, 3000, 5000]; // 1s, 3s, 5s delays
// Visual feedback for new files
displaySavedFiles(data.files, shouldHighlight);
// Smart detection logic
if (newFileCount > previousFileCount) {
console.log('New file(s) detected, refresh complete');
break;
}
```
### MSAL Authentication System Improvements
Enhanced the Microsoft Authentication Library implementation for better reliability:
#### Robust Error Handling (`web_ui.html`)
- **MSAL Initialization Check**: Validates MSAL library loaded before initialization
- **Authentication State Tracking**: `msalInitialized` flag prevents undefined access
- **Fallback CDN Support**: Secondary CDN source if primary fails to load
- **User-Friendly Error Messages**: Clear error messages when authentication unavailable
#### Enhanced Security
```javascript
// Safe authentication with validation
if (!msalInitialized || !myMSALObj) {
console.error('MSAL not initialized properly');
alert('Authentication system not available. Please check your connection.');
return;
}
```
#### MSAL Concurrent Sign-In Protection
Fixed interaction_in_progress error by implementing concurrent sign-in prevention:
- **Sign-In Flag**: `isSigningIn` flag prevents multiple simultaneous authentication attempts
- **Storage Cleanup**: Clears MSAL localStorage/sessionStorage before authentication to remove stuck state
- **Proper Reset**: Uses finally block to reset flag on both success and failure
```javascript
let isSigningIn = false; // Prevent concurrent sign-in attempts
async function signIn() {
if (isSigningIn) {
console.log('Sign-in already in progress, ignoring duplicate request');
return;
}
try {
isSigningIn = true;
// Clear any pending MSAL interactions
localStorage.removeItem('msal.interaction.status');
sessionStorage.removeItem('msal.interaction.status');
// ... authentication logic
} finally {
isSigningIn = false;
}
}
```
### Usage Tracking and Reporting System (NEW)
The system now includes comprehensive usage tracking and report generation capabilities:
#### Usage Tracking Features
- **Automatic Logging**: All analyses automatically logged with detailed metadata
- **Cost Estimation**: Real-time cost estimates based on LLM usage (OpenAI & Gemini)
- **User Activity**: Track which users perform analyses and their usage patterns
- **Client Breakdown**: Usage statistics per client (diageo, unilever, loreal, general)
- **Profile Usage**: Track which profiles are most frequently used
- **Daily Logs**: Usage data stored in daily JSONL files for easy processing
#### Usage Report Generator (`backend/generate_usage_report.py`)
Command-line tool to generate comprehensive usage reports:
```bash
# Generate report for last 7 days
python backend/generate_usage_report.py --last-days 7
# Generate monthly report
python backend/generate_usage_report.py --last-days 30 --output monthly_report.txt
# Filter by specific client
python backend/generate_usage_report.py --client diageo --last-days 30
# Generate CSV for Excel
python backend/generate_usage_report.py --last-days 30 --format csv --output report.csv
# Generate JSON for API integration
python backend/generate_usage_report.py --last-days 30 --format json --output report.json
```
**Report Sections**:
- Summary: Total analyses, checks, estimated costs, averages
- By Client: Usage breakdown per client with top profiles
- By User: Individual user statistics and activity
- By Profile: Profile usage across clients
- By Date: Daily breakdown of activity and costs
**Output Formats**: Text (human-readable), JSON (machine-readable), CSV (spreadsheet)
**Documentation**: See `backend/USAGE_REPORTS.md` for detailed usage guide
#### Usage Log Storage
- **Location**: `backend/usage_logs/`
- **Format**: JSONL (JSON Lines) - one log entry per line
- **Naming**: `YYYY-MM-DD.jsonl` (daily files)
- **Retention**: Logs kept indefinitely (consider archiving after 1 year)
### Profile Auto-Versioning System (NEW)
The system now implements automatic version control when profiles are edited:
#### How It Works
1. **Original Profile**: `my_profile.json` (version 1)
2. **First Edit**: Creates `my_profile_v2.json` (version 2), keeps original unchanged
3. **Second Edit**: Creates `my_profile_v3.json` (version 3), keeps v1 and v2 unchanged
4. **Client Configs**: Automatically updated to use latest version
#### Benefits
- ✅ **Safety**: Original profiles never overwritten
- ✅ **History**: Complete version history preserved
- ✅ **Rollback**: Easy to revert to previous versions
- ✅ **Audit Trail**: Track who made changes and when
- ✅ **Testing**: Test new versions without affecting production
#### Version Metadata
Each profile version includes:
- `version`: Version number (1, 2, 3, ...)
- `created_at`: ISO timestamp of creation
- `created_by`: Email of user who created profile
- `modified_at`: ISO timestamp of last modification (if edited)
- `modified_by`: Email of user who edited profile
- `previous_version`: Profile ID of previous version (if edited)
#### API Behavior
- **POST /api/profiles**: Creates new profile with version 1
- **PUT /api/profiles/<id>**: Creates new version automatically
- **DELETE /api/profiles/<id>**: Deletes specific version only
- **GET /api/profiles**: Returns all versions (filtered by client visibility)
**Documentation**: See `backend/PROFILE_MANAGEMENT.md` for detailed usage guide
### Profile Visibility Control System (NEW)
Profiles can now be configured with granular visibility settings:
#### Visibility Options
**1. All Clients (Default)**
```json
{
"visibility": "all",
"visible_to_clients": []
}
```
Profile visible to all clients in the system (diageo, unilever, loreal, general).
**2. Client-Specific**
```json
{
"visibility": "client_specific",
"visible_to_clients": ["diageo", "unilever"]
}
```
Profile visible only to specified clients.
#### Use Cases
- **All Clients**: General-purpose profiles, standard QC checks, accessibility compliance
- **Client-Specific**: Brand-specific profiles, custom checks, confidential QC criteria
#### Implementation
- **Profile Creation**: Set visibility during creation via API or Web UI
- **Client Filtering**: Users only see profiles available to their selected client
- **Dynamic Loading**: `client_config.py` automatically updated based on visibility
- **Backward Compatible**: Existing profiles default to "all" visibility
#### Web UI Integration
- **Create Profile**: Checkbox for "Reveal to All Clients"
- Checked: Visible to all clients
- Unchecked: Show client selector for specific clients
- **Profile List**: Shows visibility status with icons
- 🌍 All Clients
- 🔒 Specific Clients (with client list)
**Available Client IDs**: `diageo`, `unilever`, `loreal`, `amazon`, `boots`, `general`
**Documentation**: See `backend/PROFILE_MANAGEMENT.md` for detailed configuration guide
### Amazon ASD 2025 QC Tools
Six specialized checks for Amazon Sale Day design compliance, with guidelines from the ASD 2025 PDF embedded directly in each tool's prompt:
| Tool | What it checks |
|------|---------------|
| `amazon_required_elements` | All required elements present (Headline, Box, Subhead, Date, Legal line) |
| `amazon_logo_country` | Correct Amazon/URL logo per country (established vs emerging locales) |
| `amazon_typography` | Ember Modern Standard Display font, leading/tracking, size ratios (subhead 30-60%, date 20-45%), ligatures |
| `amazon_headline_layout` | Headline left-aligned, largest element, natural line splits |
| `amazon_margins` | 7% shortest side (10% wide, 20%/10% very wide+small formats) |
| `amazon_element_placement` | Element placement (box, bag, logo), positioning rules, cropping rules (tape NEVER cropped) |
### Client-Scoped Reporting Dashboard
Reporting has been moved from the Settings modal into a dedicated "Reporting" tab within each client's main view:
- **Date range filtering**: Start/end date pickers for custom report periods
- **Summary cards**: Total Analyses, Unique Users, Total Checks Run, Estimated Cost
- **Detail table**: Per-analysis breakdown with date, user, profile, checks, score, cost
- **Client isolation**: Reports only show data for the currently selected client
- **API endpoint**: `GET /api/client_usage_stats?client={id}&start_date={}&end_date={}`
### Admin Panel
View-only administration panel for platform user management:
- **Access**: Dedicated "Admin" button in header, visible only to admin users
- **Full page**: Separate section (not a popup), with "Back to App" navigation
- **Summary stats**: Total Users, Total Platform Analyses, Total Estimated Cost
- **User table**: Name, Email, Analyses, Total Checks, Clients Used, Last Active, Est. Cost
- **Admin config**: `ADMIN_USERS` list in `backend/client_config.py`
- **API endpoints**: `GET /api/admin/check`, `GET /api/admin/users`
### User Login Tracking
All authenticated user visits are now logged:
- **Event type**: `user_login` logged on every `/auth/status` check
- **Data captured**: user_id, user_email, user_name, timestamp
- **Storage**: Same JSONL usage logs in `backend/usage_logs/`
- **Purpose**: Enables admin panel to show all users who have visited, not just those who ran analyses
### PDF Reference Asset Processing
Multi-page PDF brand guidelines are now fully processed on upload:
- **Text extraction**: All pages extracted using PyMuPDF (`pdf_processor.py`)
- **LLM summarization**: Extracted text sent to Gemini 2.5 Pro for structured brand guidelines summary (2000-4000 words covering colors, typography, layout, do's/don'ts, QC specs)
- **Cover image**: Page 1 extracted as PNG for visual reference in QC checks
- **Storage**: `{file_id}_summary.txt` and `{file_id}_cover.png` in `brand_guidelines/files/`
- **QC integration**: Summary text included in check prompts, cover image sent as visual reference
- **Fallback chain**: LLM summary → raw text (8000 chars) → inline extraction → metadata only
- **Auto-backfill**: Existing unprocessed PDFs processed on server startup
- **API endpoints**: `GET /api/brand_guidelines/<id>/status`, `POST /api/brand_guidelines/<id>/reprocess`
### Media Plan System
Excel media plans can be uploaded per client for automatic asset validation:
- **Upload**: Settings → Media Plan tab, accepts .xlsx/.xls files
- **Parsing**: Extracts asset specs from all channel sheets (Display, OLV, OOH, TV, Print, Audio) using openpyxl
- **Filename matching**: Automatic fuzzy matching (exact → case-insensitive → starts-with → contains → fuzzy >70%)
- **Validation**: Checks uploaded asset dimensions and file type against media plan spec
- **QC context**: Matched asset metadata (country, language, placement, vendor, dimensions) injected into all check prompts
- **Storage**: `backend/media_plans/` directory with parsed JSON cache
- **API endpoints**: `POST /api/media_plan`, `GET /api/media_plan?client={id}`, `DELETE /api/media_plan/<client_id>`
- **Module**: `media_plan_processor.py` - `parse_media_plan()`, `find_matching_asset()`, `validate_asset_specs()`, `build_media_plan_context()`
### User Access Control System
Default-deny per-user client access, with admin grant/revoke via the admin panel's User Access tab. Enforced server-side on every client-scoped endpoint.
**Storage:** `backend/user_access.json` — auto-bootstrapped on first server start with `nick.viljoen@brandtech.plus` as the sole admin. Never commit this file (it's in `.gitignore`).
```json
{
"version": 1,
"default_clients": ["general"],
"admins": ["nick.viljoen@brandtech.plus"],
"users": {
"alice@example.com": {
"clients": ["general", "diageo"],
"updated_at": "2026-04-22T14:30:00Z",
"updated_by": "nick.viljoen@brandtech.plus"
}
}
}
```
**Module:** `backend/user_access.py`
- `get_user_clients(email)` — returns granted clients (admins see all)
- `set_user_clients(email, clients, actor_email)` — grant/revoke; validates against client_config
- `is_admin(email)` — used everywhere; `client_config.is_admin` now delegates here
- `promote_admin(email, actor)` / `demote_admin(email, actor)` — demote blocked if last admin
- `list_access_entries()` — for the admin panel
**Enforcement points in `api_server.py`:**
- `GET /api/clients` — returns only clients the user can see (admins see all)
- `_require_admin()` helper — gates the 4 `/api/admin/user_access*` endpoints
- `_require_client_access(client_id)` helper — applied to `start_analysis`, `output_files`, `media_plan` (GET/POST/DELETE), `client_usage_stats`, `/output/<client>/<filename>`. Returns 403 with `"code": "client_access_denied"` on denial.
**Audit trail:** `log_access_change(audit_entry)` in `usage_tracker.py` writes `event: "access_change"` records into the daily JSONL usage logs. Captures actor, target, action (grant/revoke/promote_admin/demote_admin), and clients_before/after.
**Frontend (`web_ui.html`):** Admin panel has two tabs — Usage Overview and User Access. Access tab: searchable user table, inline editor with per-client checkboxes, admin toggle, + Add User (pre-grants access before someone has signed in). `handleClientAccessDenied()` helper bounces revoked users back to the client picker with a red toast.
### Self-service Client Access Requests
A "Request Client Access" tile on the client picker lets signed-in users ask admins for additional client access without going through Slack/email side-channels.
- **Tile:** appended after the user's existing client tiles in `populateClientSelector()` (web_ui.html). Always visible — if the user already has every client, the modal short-circuits with a friendly "you already have everything" alert.
- **Modal:** auto-fills name + email from `currentUser` (read-only — identity always taken from the verified MSAL session, never the body), checkbox list of clients the user does **not** already have, optional reason textarea.
- **Endpoints (`api_server.py`):**
- `GET /api/all_clients` — auth-required, returns the full client catalogue so the form can offer clients the user can't currently see.
- `POST /api/access_request` — auth-required. Validates requested client IDs, looks up admin recipients via `user_access.list_access_entries()`, sends a plaintext + HTML email through `email_service.send_email()` with `Reply-To` set to the requester. Logs an `access_request` event to the daily JSONL usage log via `usage_tracker.log_access_request()`. Returns 502 if email delivery fails (request still logged with `email_sent: false`).
- **Email transport (`backend/email_service.py`):** thin SMTP wrapper using STARTTLS. Reads `SMTP_SERVER`, `SMTP_PORT`, `SMTP_USER`, `SMTP_PASSWORD`, `SENDER_EMAIL` from env. Currently wired to Mailgun via the `twist@mail.dev.oliver.solutions` SMTP user.
### Settings Modal UX (Apr 2026)
- **Reference Assets tab:** the Brand Name + Tags + Description form was collapsed to a single "Name" field. The user-entered name is what now drives the dropdown label on the main configuration page (falls back to `original_filename` for legacy records that pre-date the change).
- **Media Plan tab:** added a "Name" field. The backend stores `display_name` on the media plan record; both the active-plan card and the main-page dropdown prefer `display_name` and fall back to `original_filename` for old plans.
- **Modal footer is context-aware:** "Save Profile" + "Cancel" show only on the Profile / Create Profile tabs. Reference Assets / QC Tools / Media Plan tabs show a single green "Save" button that simply closes the modal — the upload buttons within those tabs are the actual save action.
## Deployment Environments
| Env | URL | Branch tracked | Server | Service | Status |
|---|---|---|---|---|---|
| Local | `http://localhost:7183` | any | your laptop | none (Flask dev) | — |
| Dev | `https://optical-dev.oliver.solutions/ai_qc/` | `develop` | `optical-production-dev` (GCP VM, europe-west2-b) | `ai-qc.service` | **Live** |
| Prod | `https://optical-prod.oliver.solutions/ai_qc/` | tags on `main` | `optical-production` (GCP VM, europe-west2-c) | `ai-qc.service` | **Live** (currently `v1.1.0`) |
| Legacy sandbox | older URL | `main` (direct) | older VM, runs as `www-data` | `ai_qc.service` | Still alive as fallback |
Both new-style envs (dev + prod):
- App lives at `/opt/ai_qc`, runs as `nick.viljoen`
- systemd unit `ai-qc.service` running Waitress on `127.0.0.1:7183`
- Apache reverse-proxy include at `/opt/ai_qc/deploy/apache-ai-qc.conf`, pulled into the main `optical-dev.oliver.solutions.conf` vhost
- TLS terminated at the GCP load balancer (no certbot on the box)
- Each server has its own SSH key for Bitbucket pulls (kept in `~/.ssh/bitbucket_ai_qc`, host alias `bitbucket-ai-qc`)
## Branch Strategy
- **`develop`** = what's deployed to the dev server. Push to `develop` → run `deploy.sh dev` on optical-dev.
- **`main`** = what's deployed to prod. Never push directly; merge `develop → main` via PR, then tag (`v1.0.0`). Deploy the tag with `deploy.sh prod v1.0.0`.
- **Feature branches** (`feature/<name>`) branch from `main`, PR into `develop`. Keep merged feature branches around as history or delete once main catches up.
## Deploy Scripts
All in `backend/scripts/`, run on the target server:
| Script | Usage | What it does |
|---|---|---|
| `deploy.sh dev` | `backend/scripts/deploy.sh dev [--dry-run]` | Fetch, show diff, confirm, `git reset --hard origin/develop`, pip install if `requirements.txt` changed, `sudo systemctl restart ai-qc.service`, smoke test via `/health`, auto-rollback on failure |
| `deploy.sh prod <tag>` | `backend/scripts/deploy.sh prod v1.2.0 [--dry-run]` | Same flow but checks out a specific tag |
| `rollback.sh` | `backend/scripts/rollback.sh last` or `... <commit-hash>` | Revert to the checkpoint written by the most recent deploy, or to any specific commit |
| `health-check.sh` | `backend/scripts/health-check.sh` | One-line "is the app alive?" — `curl /health`, exits 0/1 |
The deploy script writes the pre-deploy HEAD to `.last_deploy_rollback` in the app dir before changing anything, so `rollback.sh last` always knows where to go back to.
## Production Deployment
### Critical Production Issues and Solutions
#### Issue 1: Web UI 404 Error ("Web UI not found")
**Symptom**: Backend API runs successfully, but accessing the root URL returns `{"error":"Web UI not found"}` with 404 status.
**Root Cause**: The `serve_web_ui()` function in both `api_server.py` and `backend/api_server.py` used relative path `'web_ui.html'` which only works when Flask starts from the project root directory. Production servers (Waitress, systemd) often run from different working directories.
**Solution**: Use absolute paths relative to the script location:
```python
@app.route('/', methods=['GET'])
def serve_web_ui():
"""Serve the web UI"""
try:
# Root api_server.py - web_ui.html is in same directory
base_dir = os.path.dirname(os.path.abspath(__file__))
web_ui_path = os.path.join(base_dir, 'web_ui.html')
# Backend api_server.py - web_ui.html is in parent directory
# base_dir = os.path.dirname(os.path.abspath(__file__))
# web_ui_path = os.path.join(os.path.dirname(base_dir), 'web_ui.html')
with open(web_ui_path, 'r') as f:
html_content = f.read()
return Response(html_content, mimetype='text/html')
except FileNotFoundError:
return jsonify({'error': 'Web UI not found'}), 404
```
**Files Fixed**:
- `/api_server.py` (line 1306-1310)
- `/backend/api_server.py` (line 1306-1310)
#### Issue 2: Apache ProxyPass Not Working (Auth Endpoints 404)
**Symptom**: Backend accessible via localhost, but web URL returns 404 for `/auth/*` and other API endpoints. ProxyPass rules appear correct in Apache config.
**Root Cause**: Apache checks for static files/directories BEFORE applying ProxyPass rules. If a directory like `/var/www/html/ai_qc/` exists, Apache tries to serve files from that directory first and never triggers the ProxyPass rule.
**Solution**: Remove or rename static directory that matches ProxyPass path:
```bash
# Check for conflicting static directory
ls -la /var/www/html/ai_qc/
# Rename as backup (safer than deleting)
sudo mv /var/www/html/ai_qc /var/www/html/ai_qc.backup.$(date +%Y%m%d_%H%M%S)
# Test that ProxyPass now works
curl -I https://your-domain.com/ai_qc/auth/status
```
**Apache ProxyPass Order**: Place more specific paths before general paths:
```apache
# In /etc/apache2/apache2.conf or site config
# More specific paths first
ProxyPass /ai_qc/auth http://localhost:7183/auth
ProxyPassReverse /ai_qc/auth http://localhost:7183/auth
# General path last
ProxyPass /ai_qc http://localhost:7183
ProxyPassReverse /ai_qc http://localhost:7183
```
**Key Lesson**: When using Apache ProxyPass, do NOT create a static directory with the same name as the proxy path. The backend serves everything through the proxy.
#### Issue 3: MSAL Authentication "interaction_in_progress" Error
**Symptom**: Clicking "Sign In with Microsoft" throws `BrowserAuthError: interaction_in_progress` and authentication fails.
**Root Cause**:
1. Multiple sign-in buttons (header and auth-required screen) could trigger concurrent authentication
2. Previous failed authentication left MSAL state in localStorage/sessionStorage
3. No protection against double-clicks on sign-in button
**Solution**: Implement concurrent sign-in protection (see MSAL section above)
**Testing After Fix**: Clear browser cache or use incognito window to test, as old JavaScript and MSAL state may be cached.
### Production Deployment Checklist
1. **Code Deployment**
```bash
cd /opt/ai_qc
git pull origin main
sudo systemctl restart ai_qc.service
```
2. **Verify No Static Directory Conflicts**
```bash
# Check for conflicting directories
ls -la /var/www/html/ | grep ai_qc
# Should NOT exist if using ProxyPass
```
3. **Test Backend Directly**
```bash
curl -I http://localhost:7183/
curl -I http://localhost:7183/auth/status
curl -I http://localhost:7183/health
```
4. **Test Through Apache Proxy**
```bash
curl -I https://your-domain.com/ai_qc/
curl -I https://your-domain.com/ai_qc/auth/status
```
5. **Test in Browser**
- Open in incognito/private window (avoids cache issues)
- Verify web UI loads
- Test Microsoft authentication
- Upload and analyze a test file
6. **Monitor Logs**
```bash
# Flask application logs
sudo journalctl -u ai_qc.service -f
# Apache logs
sudo tail -f /var/log/apache2/ai_qc_ssl_error.log
sudo tail -f /var/log/apache2/ai_qc_ssl_access.log
```
### Common Production Issues
| Issue | Check | Solution |
|-------|-------|----------|
| 404 on web UI | `curl localhost:7183/` | Use absolute paths in serve_web_ui() |
| 404 on /auth/* | Check `/var/www/html/ai_qc/` | Remove static directory conflicting with ProxyPass |
| MSAL errors | Browser console | Clear browser cache, check concurrent sign-in protection |
| Backend not starting | `systemctl status ai_qc` | Check Python environment, dependencies, port conflicts |
| Permission errors | File ownership | Ensure www-data owns necessary directories |
| Permission denied on new dirs | `git pull` resets ownership | `sudo chown -R www-data:www-data uploads output media_plans brand_guidelines usage_logs` |
## Pre-Session Completion Checklist
Before ending any session, ALWAYS run these Python syntax and import checks:
1. **Syntax Check**: Run `python -m py_compile **/*.py` to verify all Python files compile without syntax errors
2. **Import Check**: Run `python -c "import api_server, llm_config, profile_config"` to verify core modules import successfully
3. **Authentication Check**: Run `python -c "import jwt_validator, auth_middleware; print('Authentication modules imported successfully')"` to verify authentication system
4. **QC Module Check**: Test import of any modified QC modules in `visual_qc_apps/`
5. **Profile System Check**: Verify all 14 profiles load correctly:
```bash
python -c "
from profile_config import get_profile
profiles = ['general_check', 'static_general', 'unilever_key_visual', 'unilever_packaging', 'diageo_key_visual', 'diageo_packaging', 'loreal_static', 'amazon_static', 'boots_static', 'inclusive_accessibility', 'dow_jones_static', 'marketwatch_static', 'wsj_static', 'video_general']
for p in profiles:
profile = get_profile(p)
print(f'✅ {profile.name} ({len(profile.get_enabled_checks())} checks)')
"
```
6. **Client Config Check**: Verify all 10 clients load correctly:
```bash
python -c "
from client_config import get_all_clients
for cid, c in get_all_clients().items():
print(f'✅ {c[\"display_name\"]}: {c[\"profiles\"]}')
"
```
7. **Enhanced System Check**: Verify recent enhancements work correctly:
- Test General Check profile 100-point scoring system
- Test Unilever profile zero-scoring logic with face/new visibility checks
- Test saved files are client-scoped (only show for selected client)
- Test client-scoped reporting dashboard with date range filters
- Test admin panel shows all platform users (admin users only)
- Test MSAL authentication initialization and error handling
- Verify scoring calculation handles different weight structures correctly
For everything else (architecture, auth, deployment, branch strategy, troubleshooting, pre-session checklist) see `../CLAUDE.md`.

0
CLAUDE_DOW_JONES.md → backend/_archive/dow_jones/CLAUDE_DOW_JONES.md
View file

39
backend/_archive/dow_jones/README.md Normal file
View file

@ -0,0 +1,39 @@
# Dow Jones — Archived 2026-05-14
**Reason:** Client offboarded. No longer using Visual AI QC.
## Contents
- `CLAUDE_DOW_JONES.md` — per-client documentation (originally at repo root)
- `profiles/` — 4 brand profile JSONs (originally `backend/profiles/`)
- `dow_jones_static.json`
- `marketwatch_static.json`
- `wsj_static.json`
- `wsj_podcast.json`
- `visual_qc_apps/` — 22 QC check directories (originally `backend/visual_qc_apps/`)
- 6 × `dj_*` (corporate Dow Jones brand)
- 6 × `mw_*` (MarketWatch sub-brand)
- 6 × `wsj_*` (WSJ static)
- 4 × `wsj_podcast_*` (WSJ podcast variants)
## Restoring
If Dow Jones returns:
1. Move `profiles/*.json` back to `backend/profiles/`.
2. Move every `visual_qc_apps/<name>/` directory back to `backend/visual_qc_apps/<name>/`.
3. Move `CLAUDE_DOW_JONES.md` back to the repo root.
4. Re-add the client entry to `backend/client_config.py`:
```python
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'wsj_podcast', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
```
5. Re-add the Dow Jones row to the client table in `CLAUDE.md` (repo root).
6. Add `'dow_jones_static','marketwatch_static','wsj_static','wsj_podcast'` back to the inline profile list in the `CLAUDE.md` pre-session checklist.
7. Restart the server.

0
backend/profiles/dow_jones_static.json → backend/_archive/dow_jones/profiles/dow_jones_static.json
View file

0
backend/profiles/marketwatch_static.json → backend/_archive/dow_jones/profiles/marketwatch_static.json
View file

0
backend/profiles/wsj_podcast.json → backend/_archive/dow_jones/profiles/wsj_podcast.json
View file

0
backend/profiles/wsj_static.json → backend/_archive/dow_jones/profiles/wsj_static.json
View file

0
backend/visual_qc_apps/dj_color_palette/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_color_palette/app.py
View file

0
backend/visual_qc_apps/dj_file_naming/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_file_naming/app.py
View file

0
backend/visual_qc_apps/dj_logo_compliance/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_logo_compliance/app.py
View file

0
backend/visual_qc_apps/dj_photography_style/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_photography_style/app.py
View file

0
backend/visual_qc_apps/dj_square_motif/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_square_motif/app.py
View file

0
backend/visual_qc_apps/dj_typography_hierarchy/app.py → backend/_archive/dow_jones/visual_qc_apps/dj_typography_hierarchy/app.py
View file

0
backend/visual_qc_apps/mw_art_direction/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_art_direction/app.py
View file

0
backend/visual_qc_apps/mw_color_palette/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_color_palette/app.py
View file

0
backend/visual_qc_apps/mw_image_treatment/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_image_treatment/app.py
View file

0
backend/visual_qc_apps/mw_layout_composition/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_layout_composition/app.py
View file

0
backend/visual_qc_apps/mw_logo_compliance/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_logo_compliance/app.py
View file

0
backend/visual_qc_apps/mw_typography_hierarchy/app.py → backend/_archive/dow_jones/visual_qc_apps/mw_typography_hierarchy/app.py
View file

32
backend/visual_qc_apps/wsj_capitalization_punctuation/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_capitalization_punctuation/app.py
View file

@ -54,6 +54,13 @@ RULE 5 — SUBHEADERS AND BODY COPY:
- Always 2 spaces before a price in body copy.
- Price text is bolded (except the period if it ends with one).
IMPORTANT VISION-LLM LIMITATION ON RULE 5 PRICE FORMATTING:
The "two spaces before a price" rule is a typesetting concern that is NOT reliably verifiable from a rendered PNG. The visual difference between one space and two spaces at body-copy size is below the reliable detection threshold of vision-LLM analysis. Do NOT flag space-count violations set `price_spacing_correct: "needs_manual_check"` and populate `price_formatting_caveat` instead.
The "price bolded" rule IS visually verifiable when the weight difference is OBVIOUS (e.g. price clearly heavier than surrounding body). For borderline weight observations or when the price already appears bolded but ambiguity exists, set `price_bolded_correct: "needs_manual_check"` and populate `price_formatting_caveat` do NOT confidently flag a bolded price as un-bolded.
Do NOT score the asset 5-6/10 on Rule 5 violations alone. Headline rules (1-4) are the dominant factor.
RULE 6 EYEBROWS AND CTAs:
- Eyebrow text: ALL CAPS (e.g., "BREAKING NEWS").
- CTA/Button text: ALL CAPS (e.g., "SUBSCRIBE NOW").
@ -63,14 +70,26 @@ If the asset contains very little text (e.g., just a logo), score this check neu
DECISION TREE HOW TO EVALUATE EACH HEADLINE:
Before scoring, you MUST classify each headline correctly:
A) Read the headline text.
B) Does it contain BOTH a subject AND a verb (i.e., is it a complete sentence)?
B) **CHECK THE EXPLICIT WHITELIST FIRST.** If the headline matches any of these patterns or is one of these exact examples, it is a COMPLETE SENTENCE in sentence case and is CORRECT do NOT flag it as a Title Case error:
- "Insight that informs every decision." (subject + relative clause + period correct sentence case)
- "Find clarity in world-class coverage." (imperative complete sentence correct sentence case)
- "Stay ahead of the top stories." (imperative complete sentence correct sentence case)
- "We report on the news you can't afford to ignore." (subject + verb correct sentence case)
- "Follow WSJ for your news." (imperative correct sentence case)
- Any imperative starting with a verb (Find, Stay, Follow, Discover, Read, See, Get, Make, Start, Subscribe) followed by an object COMPLETE SENTENCE sentence case is correct.
- Any clause beginning with a noun followed by "that"/"which"/"who" + verb COMPLETE SENTENCE sentence case is correct.
C) If not on the whitelist, classify by structure: Does it contain BOTH a subject AND a verb (i.e., is it a complete sentence)?
- YES it is a COMPLETE SENTENCE expect SENTENCE CASE (only first word and proper nouns capitalised).
Examples: "Insight that informs every decision." / "Find clarity in world-class coverage." / "Stay ahead of the top stories."
- NO it is an INCOMPLETE SENTENCE (phrase or fragment) expect TITLE CASE.
Examples: "Journalism Held to a Higher Standard." / "Business Journalism, Uncompromised." / "Reporting Without Bias."
C) Does it follow the "Make ___ Your Business." pattern? always TITLE CASE regardless.
Do NOT penalise a complete sentence for using sentence case that IS the correct rule.
D) Does it follow the "Make ___ Your Business." pattern? always TITLE CASE regardless.
CRITICAL: Sentence case on a complete sentence is the CORRECT rule, not an error. Do NOT score `title_case_correct: false` or flag a capitalization error simply because a complete-sentence headline is in sentence case. When in doubt about whether a headline is complete or incomplete, default to assuming it is COMPLETE (sentence case is correct) the cost of a false-positive Title Case flag is high.
STEPS TO EVALUATE:
1. Identify all visible text elements in the asset (headlines, subheaders, body copy, eyebrows, CTAs).
@ -101,7 +120,10 @@ Format your response as JSON:
"sentence_case_correct": true or false or "not_applicable",
"eyebrows_all_caps": true or false or "no_eyebrows",
"ctas_all_caps": true or false or "no_ctas",
"capitalization_errors": ["list of specific errors found, empty array if none"],
"price_spacing_correct": true or false or "needs_manual_check" or "no_price",
"price_bolded_correct": true or false or "needs_manual_check" or "no_price",
"price_formatting_caveat": "Free-text note when price_spacing_correct or price_bolded_correct is 'needs_manual_check' — describe the borderline observation. Empty string otherwise.",
"capitalization_errors": ["list of specific errors found, empty array if none — only include items you are confident are violations, not borderline observations"],
"explanation": "Detailed description of capitalization and punctuation assessment",
"recommendations": ["List specific recommendations if applicable, else an empty array"]
}"""

0
backend/visual_qc_apps/wsj_color_usage/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_color_usage/app.py
View file

0
backend/visual_qc_apps/wsj_imagery_expression/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_imagery_expression/app.py
View file

0
backend/visual_qc_apps/wsj_layout_composition/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_layout_composition/app.py
View file

46
backend/visual_qc_apps/wsj_logo_compliance/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_logo_compliance/app.py
View file

@ -20,10 +20,11 @@ The Wall Street Journal uses four logotype formats, all rendered ONLY in black o
1. PRIMARY HORIZONTAL LOGOTYPE - The full "The Wall Street Journal" wordmark in a single horizontal line.
- Used on most creatives, especially those with messaging about journalism or the IYB (It's Your Business) campaign.
- Placement: Always center-aligned on the creative.
- Placement (default): Center-aligned on the creative.
- Placement (split / asymmetric layouts): On 50/50 split layouts, side-by-side image+copy compositions, or any clearly asymmetric campaign creative, the horizontal logo is permitted to anchor to the copy block (e.g. bottom of the copy column) rather than the canvas center. This is an accepted WSJ placement convention do NOT penalise a horizontal logo anchored to the copy block on a split/asymmetric layout. Treat as `placement_correct: true`.
- Minimum clear space: Half of the cap-height of the logo text on all sides.
- Standalone/logo-only usage: 60% of the asset's shortest side.
- Marketing assets with other content (headlines, body copy, imagery): Use 30% of the longest side. This is the STANDARD sizing for campaign creatives most marketing assets will use this rule, not the 60% standalone rule.
- Marketing assets with other content (headlines, body copy, imagery): Use 30% of the longest side. This is the STANDARD sizing for campaign creatives most marketing assets will use this rule, not the 60% standalone rule. This 30% rule is a HARD constraint flag oversized logos (visibly larger than ~30% of the longest side) as a real sizing violation, even on otherwise on-brand creatives.
2. PRIMARY IYB (IT'S YOUR BUSINESS) LOGOTYPE LOCKUP - The WSJ wordmark with the "It's Your Business." tagline.
- Used on creatives with messaging about the value of the news product or the IYB campaign.
@ -48,20 +49,43 @@ CRITICAL RULES:
- Adequate clear space must be maintained around the logo.
- Logo must not disrupt the visual hierarchy of the creative.
STEPS TO EVALUATE:
============================================================
MANDATORY SIZING ASSESSMENT DO THIS FIRST, INDEPENDENTLY
============================================================
For every Primary Horizontal Logotype or IYB Lockup on a marketing creative with other content, you MUST perform an explicit sizing assessment BEFORE forming an overall opinion. This is a HARD constraint and CANNOT be waived because the rest of the creative is on-brand.
How to assess:
1. Identify the LONGEST side of the asset (in portrait creatives this is the HEIGHT, in landscape creatives this is the WIDTH).
2. Estimate the logo's width as a percentage of the longest side.
3. Apply the threshold:
- **Logo width 30% of longest side** `size_appropriate: true`. On-brand sizing.
- **Logo width > 30% of longest side** `size_appropriate: false`. This is a real sizing violation that MUST be flagged in `issues_found` and reflected in the score.
Worked examples internalise these BEFORE scoring:
- Asset 1080w × 1920h portrait. Longest side = 1920. 30% threshold = 576px. A logo spanning ~80% of the asset WIDTH (864px) = ~45% of the longest side **VIOLATION**, must flag, must score 6 on this check.
- Asset 1200w × 628h landscape. Longest side = 1200. 30% threshold = 360px. A logo ~300px wide = 25% of longest side on-brand sizing, can score 9-10 if other rules pass.
- Asset 1080w × 1920h portrait with a logo ~500px wide = ~26% of longest side on-brand sizing.
Common failure pattern: in TALL PORTRAIT creatives the logo often spans most of the WIDTH at the bottom, which feels visually balanced but mathematically violates the 30%-of-longest-side rule because the longest side is the (much larger) height. Do NOT excuse this flag it.
Score cap: a logo that visibly exceeds ~30% of the longest side CANNOT score 9-10 on this check, regardless of how good color/placement/clear space are. The maximum permitted score for an oversized logo is 6/10.
============================================================
STEPS TO EVALUATE (in this order):
1. Identify whether a WSJ logo is present in the asset.
2. Determine which logo format is being used (Horizontal, IYB Lockup, Shortform Bug, or Stacked).
3. Verify the logo is rendered in black or white only.
4. Check placement rules specific to the logo format being used.
5. Assess whether adequate clear space is maintained around the logo.
6. Evaluate whether the logo size appears proportional to the asset dimensions.
3. **Perform the MANDATORY SIZING ASSESSMENT above for Primary Horizontal / IYB Lockup logos. Set `size_appropriate` based strictly on the 30%-of-longest-side rule.**
4. Verify the logo is rendered in black or white only.
5. Check placement rules specific to the logo format being used.
6. Assess whether adequate clear space is maintained around the logo.
7. Check for any distortion, effects, or improper treatments.
SCORING GUIDANCE:
- Score 9-10: Logo present, correct format for the context, proper placement, adequate clear space, correct color (black or white), appropriate size.
- Score 7-8: Logo present and mostly correct, minor placement or sizing issues.
- Score 5-6: Logo present but with noticeable issues (wrong placement for the format, tight clear space, slightly off-brand rendering).
- Score 3-4: Logo present but with significant issues (wrong color, distorted, severely misplaced).
- Score 9-10: Logo present, correct format for the context, proper placement, adequate clear space, correct color (black or white), AND `size_appropriate: true` (within the 30% rule). All four must hold.
- Score 7-8: Logo present and mostly correct, minor placement or clear-space issues, sizing within the 30% rule.
- Score 5-6: Logo present but with noticeable issues wrong placement for the format, tight clear space, OR `size_appropriate: false` (oversized 30%-of-longest-side rule violated). An oversized logo caps the score at 6 even if everything else is perfect.
- Score 3-4: Logo present but with significant issues (wrong color, distorted, severely misplaced, or oversized AND additional violations).
- Score 1-2: Logo missing entirely or unrecognisable.
YOUR OUTPUT:

0
backend/visual_qc_apps/wsj_podcast_format_compliance/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_podcast_format_compliance/app.py
View file

0
backend/visual_qc_apps/wsj_podcast_headline_layout/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_podcast_headline_layout/app.py
View file

0
backend/visual_qc_apps/wsj_podcast_logo_placement/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_podcast_logo_placement/app.py
View file

0
backend/visual_qc_apps/wsj_podcast_safe_area/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_podcast_safe_area/app.py
View file

15
backend/visual_qc_apps/wsj_typography_hierarchy/app.py → backend/_archive/dow_jones/visual_qc_apps/wsj_typography_hierarchy/app.py
View file

@ -71,6 +71,21 @@ STEPS TO EVALUATE:
FORMAT AWARENESS:
Very small formats (320x50 banners, 300x250 boxes, 480x320) have extremely limited space and will naturally have FEWER hierarchy levels. A banner may only have room for a headline + CTA + logo this is acceptable. Score based on whether the elements that ARE present follow WSJ typographic rules (serif headline, sans-serif body/CTA, period on headline), not on the number of hierarchy levels shown. A small-format asset with correct serif headline + sans-serif CTA + period can score 9-10.
GRAPHIC/ILLUSTRATIVE HEADLINE AWARENESS CRITICAL:
WSJ campaign creative often uses a large stylised serif price, number, word, or graphic element as the visual hero/headline rather than a traditional sentence-style headline. Examples:
- A giant compressed-serif "$4.00" price graphic dominating the composition
- A large stylised "%" or numerical figure as the visual focal point
- A bold typographic treatment of a single word or short phrase
- A graphic price-tag composition where the price IS the headline
When you see a large, dominant compressed-serif graphic of this kind, IT is the WSJ display headline do NOT treat surrounding smaller sans-serif marketing copy as "the headline" and then penalise it for being sans-serif. The smaller copy is the SUBHEAD or supporting body, and sans-serif is correct for those levels.
Decision rule: identify the LARGEST and most visually dominant text/graphic element first. If it is a serif treatment (compressed serif, Escrow-style), that is the headline and the typeface rule is satisfied even if it is a price, number, or single word rather than a full sentence. Surrounding smaller sans-serif text is then correctly classified as subhead/body/CTA.
Period rule on graphic headlines: stylised price/number graphics ($4.00, $11.25, 50% etc.) are NOT required to end with a period the period rule applies to sentence-style headlines, not to standalone numeric/price treatments. Do NOT flag a graphic price headline for "missing period".
Period detection on sentence-style headlines: if you see a period at the end of the sentence, the rule is satisfied. Do NOT flag "missing period" when a period is visibly present.
SCORING GUIDANCE:
- Score 9-10: Clear serif/sans-serif hierarchy, strong size contrast (40%+), headlines end with period, no ligatures, proper alignment, eyebrows in ALL CAPS with wide tracking. Small formats: correct typefaces and rules for the elements present.
- Score 7-8: Good hierarchy and mostly correct, minor issues (e.g., size contrast slightly under 40%, or one headline missing a period).

649
backend/api_server.py
View file

@ -7,6 +7,8 @@ import os
import sys
import json
import base64
import collections
import html
import importlib
import traceback
import re
@ -63,6 +65,8 @@ from llm_config import run_visual_qc, get_model_info
from profile_config import QC_CHECKS, PROFILES, get_profile, get_check_llm_map
from brand_guidelines_db import BrandGuidelinesDB
from auth_middleware import AuthMiddleware
from technical_check import inspect as technical_inspect, format_for_llm_prompt as technical_to_prompt
import box_jwt_client
from PIL import Image
import io
@ -450,6 +454,13 @@ def process_single_check(check_name, qc_apps, profile_config, profile_weights, f
if ocr_context and ocr_enabled:
final_prompt = final_prompt + "\n" + ocr_context
tech_report = progress_tracker.get(session_id, {}).get('technical_report')
if tech_report:
try:
final_prompt = technical_to_prompt(tech_report) + "\n\n" + final_prompt
except Exception:
pass # Pre-flight context is best-effort; never block the check on it.
print(f"Running check {check_index + 1}/{total_checks}: {check_name}")
result = run_visual_qc(
@ -848,6 +859,8 @@ def get_client_from_profile(profile_id):
return 'amazon'
elif profile_lower.startswith('boots'):
return 'boots'
elif profile_lower.startswith('hp_'):
return 'hp'
elif profile_lower.startswith(('dow_jones', 'dj_', 'marketwatch', 'mw_', 'wsj')):
return 'dow_jones'
else:
@ -963,6 +976,12 @@ def generate_html_content(report_data, filename, file_path=None):
json_data = check_data.get('json_data', {})
response_text = ""
# Structured findings (e.g. hp_copy_review) render as a table
# instead of the default response-text block. If absent, falls
# back to the existing text rendering below.
findings = (json_data or {}).get('findings') if isinstance(json_data, dict) else None
findings_html = _render_findings_table(findings) if findings is not None else None
# Try to extract detailed analysis from JSON data
if json_data:
# Look for common detailed fields in the JSON
@ -1089,12 +1108,12 @@ def generate_html_content(report_data, filename, file_path=None):
</div>
<div class="analysis-section">
<h4>Analysis Details:</h4>
<div class="response-text">{response_text.replace(chr(10), '<br>')}</div>
{f'<div class="response-text">{html.escape(json_data.get("summary", "") or "") if isinstance(json_data, dict) else ""}</div>{findings_html}' if findings_html is not None else f'<div class="response-text">{response_text.replace(chr(10), "<br>")}</div>'}
</div>
</div>
</div>
"""
# Get summary score result
overall_score = report_data['summary']['overall_score']
overall_result, overall_color = get_score_result(overall_score/10) # Normalize to 0-10 scale
@ -1105,7 +1124,9 @@ def generate_html_content(report_data, filename, file_path=None):
score_total = 120
else:
score_total = 100
technical_html = _render_technical_section_html(report_data.get('technical_report', {}))
html_content = f"""
<!DOCTYPE html>
<html lang="en">
@ -1130,6 +1151,9 @@ def generate_html_content(report_data, filename, file_path=None):
.summary {{ background: linear-gradient(135deg, #FFF9E6 0%, #FFFBF0 100%); padding: 25px; border-radius: 15px; margin: 30px 0; border-left: 5px solid #FFC407; }}
.summary-grid {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 20px; margin-top: 15px; }}
.summary-item {{ background: white; padding: 15px; border-radius: 10px; text-align: center; box-shadow: 0 2px 4px rgba(0,0,0,0.05); }}
.technical {{ background: linear-gradient(135deg, #e3f2fd 0%, #f0f7ff 100%); padding: 25px; border-radius: 15px; margin: 30px 0; border-left: 5px solid #1565c0; }}
.technical-grid {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 8px 24px; margin-top: 12px; }}
.tech-row {{ padding: 4px 0; color: #495057; font-size: 0.95em; word-break: break-word; }}
.score-display {{ font-size: 2.5em; font-weight: bold; color: {overall_color}; margin-bottom: 5px; }}
.grade {{ font-size: 1.3em; font-weight: bold; color: #495057; }}
.expandable-section {{ margin-bottom: 15px; border: 2px solid #e9ecef; border-radius: 12px; overflow: hidden; background: white; }}
@ -1148,6 +1172,16 @@ def generate_html_content(report_data, filename, file_path=None):
.json-toggle {{ cursor: pointer; color: #FFC407; text-decoration: underline; padding: 15px; text-align: center; font-weight: bold; }}
.json-view {{ display: none; margin-top: 20px; }}
.json-view pre {{ background-color: #2d3748; color: #e2e8f0; padding: 20px; border-radius: 10px; overflow-x: auto; font-size: 0.9em; }}
.findings-table {{ width: 100%; border-collapse: collapse; margin-top: 12px; font-size: 0.92em; }}
.findings-table th {{ background: #f1f3f5; color: #495057; text-align: left; padding: 8px 10px; border-bottom: 2px solid #dee2e6; font-weight: 600; }}
.findings-table td {{ padding: 8px 10px; border-bottom: 1px solid #e9ecef; vertical-align: top; word-break: break-word; }}
.findings-table tr:last-child td {{ border-bottom: none; }}
.findings-table code {{ background: #f8f9fa; padding: 2px 5px; border-radius: 4px; font-family: 'SFMono-Regular', Consolas, Menlo, monospace; font-size: 0.9em; color: #c7254e; }}
.priority-pill {{ display: inline-block; padding: 3px 8px; border-radius: 10px; color: white; font-weight: 600; font-size: 0.78em; letter-spacing: 0.03em; }}
.priority-high {{ background-color: #dc3545; }}
.priority-medium {{ background-color: #fd7e14; }}
.priority-low {{ background-color: #28a745; }}
.muted {{ color: #6c757d; font-size: 0.9em; }}
</style>
</head>
<body>
@ -1193,7 +1227,9 @@ def generate_html_content(report_data, filename, file_path=None):
</div>
</div>
</div>
{technical_html}
<h2>🔍 Detailed Analysis Results</h2>
<p style="color: #6c757d; margin-bottom: 20px; font-style: italic;">
Click on any section below to expand and view detailed analysis
@ -1239,6 +1275,105 @@ def generate_html_response(report_data, filename, save_to_file=False, session_id
else:
return Response(html_content, mimetype='text/html')
def _render_findings_table(findings):
"""Render an hp_copy_review-style findings array as an HTML table.
Each finding dict is expected to carry: priority (high|medium|low),
category, quote, issue, suggested_fix, source_reference. All string
fields are HTML-escaped before interpolation. An empty/None findings
list renders a friendly "clean copy" note instead of an empty table.
"""
if not findings:
return '<p class="muted">No findings — copy is clean.</p>'
rows = []
for f in findings:
priority = (f.get('priority') or 'low').lower()
pri_class = {
'high': 'priority-high',
'medium': 'priority-medium',
'low': 'priority-low',
}.get(priority, 'priority-low')
quote_raw = (f.get('quote') or '')[:200]
rows.append(
'<tr>'
f'<td><span class="priority-pill {pri_class}">{html.escape(priority.upper())}</span></td>'
f'<td><code>{html.escape(f.get("category", "") or "")}</code></td>'
f'<td><code>{html.escape(quote_raw)}</code></td>'
f'<td>{html.escape(f.get("issue", "") or "")}</td>'
f'<td>{html.escape(f.get("suggested_fix", "") or "")}</td>'
f'<td class="muted">{html.escape(f.get("source_reference", "") or "")}</td>'
'</tr>'
)
return (
'<table class="findings-table"><thead><tr>'
'<th>Priority</th><th>Category</th><th>Quote</th>'
'<th>Issue</th><th>Suggested fix</th><th>Source</th>'
'</tr></thead><tbody>'
+ ''.join(rows) +
'</tbody></table>'
)
def _render_technical_section_html(report):
"""Render the technical pre-flight report as an HTML block. Empty string if no report."""
if not report or report.get('kind') in (None, 'unknown'):
return ''
kind = report['kind']
rows = []
size_mb = report.get('file_size_mb')
if size_mb is not None:
rows.append(f'<div class="tech-row"><strong>File size:</strong> {size_mb} MB</div>')
dims = report.get('dimensions')
if dims:
rows.append(f'<div class="tech-row"><strong>Dimensions:</strong> {dims["width"]} × {dims["height"]}</div>')
fmt = report.get('format')
if fmt:
rows.append(f'<div class="tech-row"><strong>Format:</strong> {fmt}</div>')
dpi = report.get('dpi')
if dpi:
rows.append(f'<div class="tech-row"><strong>DPI:</strong> {dpi[0]} × {dpi[1]}</div>')
mode = report.get('mode')
if mode:
rows.append(f'<div class="tech-row"><strong>Color mode:</strong> {mode}</div>')
pc = report.get('page_count')
if pc is not None:
rows.append(f'<div class="tech-row"><strong>Pages:</strong> {pc}</div>')
pdf_ver = report.get('pdf_version')
if pdf_ver:
rows.append(f'<div class="tech-row"><strong>PDF version:</strong> {pdf_ver}</div>')
duration = report.get('duration_seconds')
if duration is not None:
rows.append(f'<div class="tech-row"><strong>Duration:</strong> {duration}s</div>')
codec = report.get('video_codec')
if codec:
rows.append(f'<div class="tech-row"><strong>Video codec:</strong> {codec}</div>')
fps = report.get('fps')
if fps:
rows.append(f'<div class="tech-row"><strong>Frame rate:</strong> {fps} fps</div>')
fonts = report.get('embedded_fonts')
if fonts:
suffix = '' if len(fonts) > 8 else ''
rows.append(f'<div class="tech-row"><strong>Embedded fonts:</strong> {", ".join(fonts[:8])}{suffix}</div>')
fm = report.get('filename_match')
if fm:
if fm['match']:
badge = '<span style="background:#28a745;color:white;padding:4px 10px;border-radius:12px;font-size:0.85em;">✓ Matches filename</span>'
else:
badge = '<span style="background:#dc3545;color:white;padding:4px 10px;border-radius:12px;font-size:0.85em;">⚠ Filename mismatch</span>'
rows.append(f'<div class="tech-row" style="margin-top:8px;">{badge} <span style="color:#6c757d;font-size:0.9em;margin-left:8px;">{fm["detail"]}</span></div>')
errors = report.get('errors', [])
if errors:
rows.append(f'<div class="tech-row" style="color:#856404;font-style:italic;"><strong>Inspection notes:</strong> {"; ".join(errors)}</div>')
if not rows:
return ''
return f'''
<div class="technical">
<h2>🔧 Technical Details <small style="color:#6c757d;font-size:0.6em;font-weight:normal;">(machine-inspected, no AI)</small></h2>
<div class="technical-grid">{''.join(rows)}</div>
</div>
'''
def generate_comprehensive_html_report(analysis_result, filename, file_path=None):
"""Generate comprehensive HTML report similar to the web UI format"""
summary = analysis_result.get('summary', {})
@ -1257,13 +1392,20 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
# Generate check results HTML
check_results_html = ''
for check_name, result in check_results.items():
if result.get('status') == 'completed':
if result.get('status') in ('success', 'completed'):
score = result.get('score', 0)
result_text = "Pass" if score >= 6 else "Fail"
score_color = '#28a745' if score >= 6 else '#dc3545'
response = result.get('response', 'No response available')
display_name = check_name.replace('_', ' ').replace(chr(32).join([w.capitalize() for w in check_name.split('_')]), check_name.replace('_', ' ').title())
# Structured findings (e.g. hp_copy_review) render as a table
# instead of the default response-text block. Fallback to the
# existing response rendering when 'findings' is absent.
json_data = result.get('json_data') if isinstance(result, dict) else None
findings = json_data.get('findings') if isinstance(json_data, dict) else None
findings_html = _render_findings_table(findings) if findings is not None else None
# Remove JSON blocks for cleaner display and handle empty responses
response = re.sub(r'```json.*?```', '', response, flags=re.DOTALL).strip()
if not response:
@ -1290,7 +1432,7 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
</div>
<div class="analysis-section">
<h4>Analysis Details:</h4>
<div class="response-text">{response.replace(chr(10), '<br>')}</div>
{f'<div class="response-text">{html.escape(json_data.get("summary", "") or "") if isinstance(json_data, dict) else ""}</div>{findings_html}' if findings_html is not None else f'<div class="response-text">{response.replace(chr(10), "<br>")}</div>'}
</div>
</div>
</div>
@ -1300,7 +1442,9 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
avg_individual_score = overall_score / 10 # Normalize to 1-10 scale
grade_text = 'Pass' if avg_individual_score >= 6 else 'Fail'
score_color = '#28a745' if avg_individual_score >= 6 else '#dc3545'
technical_html = _render_technical_section_html(analysis_result.get('technical_report', {}))
return f'''<!DOCTYPE html>
<html lang="en">
<head>
@ -1324,6 +1468,9 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
.summary {{ background: linear-gradient(135deg, #FFF9E6 0%, #FFFBF0 100%); padding: 25px; border-radius: 15px; margin: 30px 0; border-left: 5px solid #FFC407; }}
.summary-grid {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 20px; margin-top: 15px; }}
.summary-item {{ background: white; padding: 15px; border-radius: 10px; text-align: center; box-shadow: 0 2px 4px rgba(0,0,0,0.05); }}
.technical {{ background: linear-gradient(135deg, #e3f2fd 0%, #f0f7ff 100%); padding: 25px; border-radius: 15px; margin: 30px 0; border-left: 5px solid #1565c0; }}
.technical-grid {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 8px 24px; margin-top: 12px; }}
.tech-row {{ padding: 4px 0; color: #495057; font-size: 0.95em; word-break: break-word; }}
.score-display {{ font-size: 2.5em; font-weight: bold; color: {score_color}; margin-bottom: 5px; }}
.grade {{ font-size: 1.3em; font-weight: bold; color: #495057; }}
.expandable-section {{ margin-bottom: 15px; border: 2px solid #e9ecef; border-radius: 12px; overflow: hidden; background: white; }}
@ -1339,6 +1486,16 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
.check-metadata {{ background: #f8f9fa; padding: 15px; border-radius: 8px; margin-bottom: 15px; }}
.analysis-section h4 {{ color: #495057; margin-bottom: 10px; }}
.response-text {{ background: #f8f9fa; padding: 15px; border-radius: 8px; line-height: 1.6; font-family: 'Montserrat', Georgia, serif; }}
.findings-table {{ width: 100%; border-collapse: collapse; margin-top: 12px; font-size: 0.92em; }}
.findings-table th {{ background: #f1f3f5; color: #495057; text-align: left; padding: 8px 10px; border-bottom: 2px solid #dee2e6; font-weight: 600; }}
.findings-table td {{ padding: 8px 10px; border-bottom: 1px solid #e9ecef; vertical-align: top; word-break: break-word; }}
.findings-table tr:last-child td {{ border-bottom: none; }}
.findings-table code {{ background: #f8f9fa; padding: 2px 5px; border-radius: 4px; font-family: 'SFMono-Regular', Consolas, Menlo, monospace; font-size: 0.9em; color: #c7254e; }}
.priority-pill {{ display: inline-block; padding: 3px 8px; border-radius: 10px; color: white; font-weight: 600; font-size: 0.78em; letter-spacing: 0.03em; }}
.priority-high {{ background-color: #dc3545; }}
.priority-medium {{ background-color: #fd7e14; }}
.priority-low {{ background-color: #28a745; }}
.muted {{ color: #6c757d; font-size: 0.9em; }}
</style>
</head>
<body>
@ -1384,7 +1541,9 @@ def generate_comprehensive_html_report(analysis_result, filename, file_path=None
</div>
</div>
</div>
{technical_html}
<h2>🔍 Detailed Analysis Results</h2>
<p style="color: #6c757d; margin-bottom: 20px; font-style: italic;">
Click on any section below to expand and view detailed analysis
@ -1548,6 +1707,15 @@ def get_reference_asset_content(reference_asset_id):
reference_content += f"\nLocalization Matrix: Contains {', '.join(loc_messages)} "
reference_content += f"for {len(loc_countries)} markets ({', '.join(loc_countries[:10])}).\n"
reference_content += "Expected copy will be cross-referenced with the media plan during analysis.\n"
elif file_record.get('summary_path'):
# Source-messaging Excel (HP and similar) — inject the Gemini-generated Markdown summary
try:
with open(file_record['summary_path'], 'r', encoding='utf-8') as f:
summary = f.read()
reference_content += f"\nSource Messaging Summary (extracted from {original_filename}):\n{summary}\n"
except Exception as e:
print(f"Failed to read source-messaging summary at {file_record['summary_path']}: {e}")
reference_content += f"\nReference file ({file_ext}) uploaded but summary unreadable.\n"
else:
reference_content += f"\nReference file ({file_ext}) uploaded as reference.\n"
else:
@ -1745,6 +1913,11 @@ def start_analysis():
file_path = os.path.join(session_folder, file.filename)
file.save(file_path)
# Machine-side technical pre-flight (PIL/PyMuPDF/ffprobe, no LLM).
# Stored on progress_tracker so process_single_check can prepend it to
# every LLM prompt, and surfaced in result_data for the UI.
technical_report = technical_inspect(file_path)
# Derive client from profile if not provided
client = request.form.get('client_id', request.form.get('client', 'general')).lower()
if not client or client == 'general':
@ -1795,7 +1968,8 @@ def start_analysis():
'stage': 'setup',
'percentage': 0,
'session_id': session_id,
'status': 'started'
'status': 'started',
'technical_report': technical_report,
}
# Start analysis in background thread with explicit parameters
@ -2015,7 +2189,8 @@ def start_analysis():
'total_weighted_score': total_weighted_score,
'total_weight': total_weight,
'grade': determine_grade(overall_score)
}
},
'technical_report': progress_tracker[session_id].get('technical_report', {}),
}
# L'Oreal Static override: fail if ANY individual check fails (score < 6)
@ -2175,6 +2350,9 @@ def start_document_analysis():
file_path = os.path.join(session_folder, file.filename)
file.save(file_path)
# Machine-side technical pre-flight (PyMuPDF for PDFs, no LLM).
technical_report = technical_inspect(file_path)
# Pre-render directory for per-page PNGs lives alongside the PDF
pages_dir = os.path.join(session_folder, 'pages')
@ -2203,6 +2381,7 @@ def start_document_analysis():
'session_id': session_id,
'status': 'started',
'mode': 'document',
'technical_report': technical_report,
}
def run_document(session_id, file_path, filename, profile_id, client, output_mode, reference_asset, user_info):
@ -2275,6 +2454,7 @@ def start_document_analysis():
'pages_processed': doc_result.get('pages_processed', 0),
'page_count': doc_result.get('page_count', 0),
},
'technical_report': progress_tracker[session_id].get('technical_report', {}),
}
if paths.get('html'):
@ -2834,6 +3014,83 @@ def list_all_clients_endpoint():
return jsonify({'status': 'error', 'message': str(e)}), 500
@app.route('/api/clients/<client_id>/default_profile', methods=['GET'])
@auth.require_auth
def get_client_default_profile_endpoint(client_id):
"""Return the effective default profile for a client (override or static).
Auth-required (any signed-in user) read-only, no admin gate.
"""
try:
from client_config import get_all_clients, get_default_profile, get_client_profiles
clients = get_all_clients()
if client_id not in clients:
return jsonify({'status': 'error', 'message': f'unknown client: {client_id}'}), 404
access_err = _require_client_access(client_id)
if access_err:
return access_err
return jsonify({
'status': 'success',
'client_id': client_id,
'profiles': get_client_profiles(client_id),
'default_profile': get_default_profile(client_id),
'static_default': clients[client_id].get('default_profile'),
})
except Exception as e:
return jsonify({'status': 'error', 'message': str(e)}), 500
@app.route('/api/clients/<client_id>/default_profile', methods=['PUT'])
@auth.require_auth
def set_client_default_profile_endpoint(client_id):
"""Admin-only: set the default profile for a client (persisted as a runtime override).
Body: {"profile_id": "<id>"}. The profile must already be in the client's
`profiles` list we don't allow defaulting to a profile the client can't see.
Posts to backend/client_defaults.json so a bad write can never break server boot.
"""
actor_email, err = _require_admin()
if err:
return err
try:
body = request.get_json(silent=True) or {}
profile_id = (body.get('profile_id') or '').strip()
if not profile_id:
return jsonify({'status': 'error', 'message': 'profile_id is required'}), 400
from client_config import set_default_profile
ok, reason = set_default_profile(client_id, profile_id)
if not ok:
return jsonify({'status': 'error', 'message': reason}), 400
print(f'Admin {actor_email}: set default_profile for {client_id}{profile_id}')
return jsonify({
'status': 'success',
'client_id': client_id,
'default_profile': profile_id,
})
except Exception as e:
return jsonify({'status': 'error', 'message': str(e)}), 500
@app.route('/api/clients/<client_id>/default_profile', methods=['DELETE'])
@auth.require_auth
def clear_client_default_profile_endpoint(client_id):
"""Admin-only: clear the runtime override so the static default applies again."""
actor_email, err = _require_admin()
if err:
return err
try:
from client_config import clear_default_profile_override, get_default_profile
clear_default_profile_override(client_id)
print(f'Admin {actor_email}: cleared default_profile override for {client_id}')
return jsonify({
'status': 'success',
'client_id': client_id,
'default_profile': get_default_profile(client_id),
})
except Exception as e:
return jsonify({'status': 'error', 'message': str(e)}), 500
@app.route('/api/access_request', methods=['POST'])
@auth.require_auth
def request_client_access():
@ -4659,15 +4916,15 @@ def upload_brand_guideline():
).start()
file_record['processing_status'] = 'processing'
# Trigger localization matrix parsing for Excel files
# Trigger Excel processing: try localization matrix first (existing
# clients), fall back to Source Messaging summary (HP and similar).
elif file_record.get('file_type') in ('.xlsx', '.xls'):
import threading
def _process_localization_bg(fid, spath, fdir):
def _process_excel_bg(fid, spath, fdir):
try:
from localization_processor import parse_localization_matrix
parsed = parse_localization_matrix(spath)
if parsed:
# Save parsed JSON
json_path = os.path.join(fdir, f"{fid}_localization.json")
with open(json_path, 'w', encoding='utf-8') as f:
json.dump(parsed, f, indent=2, ensure_ascii=False)
@ -4682,25 +4939,34 @@ def upload_brand_guideline():
print(f"Localization matrix parsing complete for {fid}: "
f"{len(parsed.get('messages', {}))} messages, "
f"{len(parsed.get('countries', []))} countries")
else:
brand_db.update_file_record(fid, {
'processed': True,
'processed_at': datetime.now().isoformat(),
'asset_type': 'excel_file',
})
print(f"Excel file {fid} is not a localization matrix, stored as-is")
return
# Not a localization matrix — process as Source Messaging
# (HP-style structured Markdown summary via Gemini).
from excel_processor import process_excel_file
summary_text, summary_path = process_excel_file(spath, fid)
brand_db.update_file_record(fid, {
'processed': True,
'processed_at': datetime.now().isoformat(),
'summary_path': summary_path,
'summary_length': len(summary_text),
'cover_image_path': None,
'asset_type': 'source_messaging',
})
print(f"Source-messaging summary complete for {fid}: "
f"{len(summary_text)} chars")
except Exception as e:
print(f"Localization matrix parsing failed for {fid}: {e}")
print(f"Excel processing failed for {fid}: {e}")
brand_db.update_file_record(fid, {
'processed': 'error',
'processing_error': str(e)
'processing_error': str(e),
})
threading.Thread(
target=_process_localization_bg,
target=_process_excel_bg,
args=(file_record['id'], file_record['stored_path'],
str(brand_db.files_dir)),
daemon=True
daemon=True,
).start()
file_record['processing_status'] = 'processing'
@ -5866,6 +6132,339 @@ def _box_redirect_uri():
return f'{request.scheme}://{host}/auth/box/callback'
# ---------- Box JWT service-account: webhook ingestion + workflow helper ----------
# Bounded in-memory dedup for box-delivery-id. Box uses at-least-once delivery;
# a 200 from us tells it not to retry, so duplicates are rare. The maxlen keeps
# memory tiny while still catching the common retry window.
_box_recent_deliveries = collections.deque(maxlen=500)
_box_recent_deliveries_set = set()
_box_recent_deliveries_lock = threading.Lock()
# Extensions accepted from a Box upload. Keeps the webhook from kicking off QC
# on Word docs, ZIPs, etc. Mirrors what technical_check.inspect knows how to read.
_BOX_QC_EXTS = {
'.jpg', '.jpeg', '.png', '.gif', '.bmp', '.tiff', '.tif', '.webp',
'.pdf',
'.mp4', '.avi', '.mov', '.mkv', '.wmv', '.flv', '.webm',
}
def _box_remember_delivery(delivery_id):
"""Return True if first time seeing this delivery_id; False if duplicate."""
with _box_recent_deliveries_lock:
if delivery_id in _box_recent_deliveries_set:
return False
_box_recent_deliveries.append(delivery_id)
_box_recent_deliveries_set.add(delivery_id)
if len(_box_recent_deliveries_set) > _box_recent_deliveries.maxlen:
_box_recent_deliveries_set.clear()
_box_recent_deliveries_set.update(_box_recent_deliveries)
return True
def _run_box_triggered_analysis(client_id, profile_id, file_id, filename, session_id):
"""Background worker for the Box webhook flow.
Downloads the Box file, runs the technical pre-flight + LLM check pipeline,
writes the HTML report to disk under output/<client>/, and uploads the same
report back to the client's box_reports_folder_id (or box_folder_id as a
fallback). Uses a synthetic 'box_webhook' user for usage tracking.
Skips media-plan and localization context those are user-UI concepts that
don't have a meaningful source in a webhook-triggered run.
"""
try:
from client_config import get_all_clients as _get_all_clients
client_cfg = _get_all_clients().get(client_id, {})
session_folder = os.path.join(app.config['UPLOAD_FOLDER'], session_id)
os.makedirs(session_folder, exist_ok=True)
file_path = os.path.join(session_folder, filename)
# 1. Download the asset from Box.
box_jwt_client.download_file(file_id, file_path)
print(f'Box webhook: downloaded {filename}{file_path}')
# 2. Technical pre-flight (same as user-uploaded flow).
technical_report = technical_inspect(file_path)
# 3. Init progress tracker.
progress_tracker[session_id] = {
'total_checks': 25,
'completed_checks': 0,
'current_check': 'Initializing',
'current_check_display': 'Box-triggered analysis',
'stage': 'setup',
'percentage': 0,
'session_id': session_id,
'status': 'started',
'source': 'box_webhook',
'box_file_id': file_id,
'technical_report': technical_report,
}
# 4. Log analysis start with a synthetic system user.
try:
from usage_tracker import log_analysis_start
log_analysis_start(
session_id, client_id, profile_id,
{'user_id': 'box_webhook', 'email': 'box_webhook@system', 'name': 'Box Webhook'},
{'filename': filename, 'size': os.path.getsize(file_path)},
)
except Exception as log_err:
print(f'WARNING: usage log_analysis_start failed: {log_err}')
# 5. Resolve profile + enabled checks.
profile_config = get_profile(profile_id)
if not profile_config:
raise Exception(f'Profile {profile_id} not found')
enabled_checks = [c for c in profile_config.get_enabled_checks() if c in qc_apps]
if not enabled_checks:
raise Exception(f'No enabled checks for profile {profile_id}')
profile_weights = profile_config.get_check_weights()
progress_tracker[session_id].update({
'total_checks': len(enabled_checks),
'stage': 'qc_analysis',
'percentage': 10,
})
# 6. Run check batches (no media plan / localization / OCR in webhook MVP).
check_results = process_checks_in_batches(
enabled_checks, qc_apps, profile_config, profile_weights,
file_path, None, brand_db, progress_tracker,
session_id, batch_size=15, media_plan_context=None, ocr_context=None,
)
# 7. Score aggregation.
total_weighted_score = 0
total_weight = 0
completed_checks = 0
failed_checks = 0
for _check_name, result in check_results.items():
w = result.get('weight', 0.1)
total_weight += w
if result.get('status') == 'success':
completed_checks += 1
s = result.get('score')
if s is not None:
total_weighted_score += s * w
else:
failed_checks += 1
if total_weight >= 10.0:
overall_score = min(total_weighted_score, 100)
else:
overall_score = min(total_weighted_score * 10, 100)
# 8. Result envelope matching the user-flow shape.
result_data = {
'status': 'success',
'session_id': session_id,
'timestamp': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'filename': filename,
'profile': profile_id,
'profile_id': profile_id,
'profile_name': profile_config.name,
'model': 'Profile-based selection',
'results': check_results,
'profile_selection': {
'selected_profile': profile_id,
'profile_source': 'box_webhook',
'brand': client_id,
'format_suffix': profile_id,
'reference_asset': None,
'reference_asset_used': False,
},
'qc_analysis': {
'profile_used': profile_id,
'total_checks': len(enabled_checks),
'completed_checks': completed_checks,
'failed_checks': failed_checks,
'check_results': check_results,
},
'summary': {
'overall_score': round(overall_score, 1),
'profile': profile_config.name,
'checks_count': completed_checks,
'total_checks': len(enabled_checks),
'total_weighted_score': total_weighted_score,
'total_weight': total_weight,
'grade': determine_grade(overall_score),
},
'technical_report': progress_tracker[session_id].get('technical_report', {}),
'source': 'box_webhook',
'box_file_id': file_id,
}
# Strict-grade override applies the same way for webhook-triggered runs.
if getattr(profile_config, 'strict_grade', False):
for _cn, cd in check_results.items():
if cd.get('status') == 'success':
cs = cd.get('score', 0)
if cs is not None and cs < 6:
result_data['summary']['grade'] = 'Fail'
break
# 9. Write HTML report to disk so the UI's saved-files listing shows it.
report_filename = f'QC_Report_{session_id}_{os.path.splitext(filename)[0]}.html'
client_folder = ensure_client_output_folder(client_id)
report_path = os.path.join(client_folder, report_filename)
with open(report_path, 'w', encoding='utf-8') as f:
f.write(generate_comprehensive_html_report(result_data, filename, file_path=file_path))
result_data['output_file'] = {
'path': report_path,
'filename': report_filename,
'url': f'/output/{client_id}/{report_filename}',
}
# 10. Upload the report back to Box. Prefer the dedicated reports folder if
# configured; fall back to the same folder the source lived in.
reports_folder = client_cfg.get('box_reports_folder_id') or client_cfg.get('box_folder_id')
report_uploaded_ok = False
if reports_folder:
try:
uploaded = box_jwt_client.upload_file(report_path, str(reports_folder), name=report_filename)
result_data['box_report_upload'] = {
'box_file_id': uploaded.get('id'),
'box_file_name': uploaded.get('name'),
'box_folder_id': str(reports_folder),
}
report_uploaded_ok = True
print(f"Box webhook: uploaded report {report_filename} → folder {reports_folder} (id={uploaded.get('id')})")
except Exception as up_err:
print(f'WARNING: failed to upload report to Box: {up_err}')
result_data['box_report_upload_error'] = str(up_err)
else:
print(f'Box webhook: no box_reports_folder_id (or box_folder_id) on client {client_id}; report stays local only')
# 10b. Move the source file out of INCOMING into a `_PROCESSED` subfolder so the
# next upload of the same filename triggers a fresh FILE.UPLOADED event (Box's
# V2 webhook doesn't fire on same-name version replacements; freeing the name
# is the cleanest workaround). Only runs if the report made it back to Box —
# if upload failed, we want the source to stay so the user can retry by simply
# re-uploading. Failures here are non-fatal: log, record, continue.
source_folder_id = client_cfg.get('box_folder_id')
if report_uploaded_ok and source_folder_id:
try:
processed_folder_id = box_jwt_client.find_or_create_subfolder(
str(source_folder_id), '_PROCESSED'
)
processed_name = f'{session_id}_{filename}'
moved = box_jwt_client.move_file(file_id, processed_folder_id, new_name=processed_name)
result_data['box_source_moved'] = {
'box_file_id': moved.get('id'),
'box_folder_id': processed_folder_id,
'box_file_name': moved.get('name'),
}
print(f'Box webhook: moved source → _PROCESSED/{processed_name} (folder {processed_folder_id})')
except Exception as mv_err:
print(f'WARNING: failed to move source file to _PROCESSED: {mv_err}')
result_data['box_source_move_error'] = str(mv_err)
# 11. Mark complete on progress_tracker for /api/progress consumers.
progress_tracker[session_id]['result'] = result_data
progress_tracker[session_id]['status'] = 'completed'
progress_tracker[session_id]['stage'] = 'complete'
progress_tracker[session_id]['percentage'] = 100
# 12. Usage tracker completion event.
try:
from usage_tracker import log_analysis_complete
log_analysis_complete(
session_id, client_id, profile_id,
{'user_id': 'box_webhook', 'email': 'box_webhook@system', 'name': 'Box Webhook'},
{'checks_completed': completed_checks, 'overall_score': overall_score,
'status': 'success', 'source': 'box_webhook'},
)
except Exception as log_err:
print(f'WARNING: usage log_analysis_complete failed: {log_err}')
print(f'Box webhook: analysis complete for session {session_id}, score {overall_score}')
except Exception as e:
print(f'ERROR in Box-triggered analysis (session {session_id}): {e}')
import traceback
traceback.print_exc()
if session_id in progress_tracker:
progress_tracker[session_id]['status'] = 'error'
progress_tracker[session_id]['stage'] = 'error'
progress_tracker[session_id]['error'] = str(e)
@app.route('/api/box/webhook', methods=['POST'])
def box_webhook():
"""Receive a Box V2 webhook. Authenticated by HMAC signature on every request.
Box expects a 200 within ~10 seconds. We verify the signature, ack, and run
the analysis on a background thread.
"""
raw_body = request.get_data(cache=True)
headers = {k.lower(): v for k, v in request.headers.items()}
primary_key = os.environ.get('BOX_WEBHOOK_PRIMARY_KEY')
secondary_key = os.environ.get('BOX_WEBHOOK_SECONDARY_KEY')
if not primary_key and not secondary_key:
print('Box webhook: no signing keys in env (set BOX_WEBHOOK_PRIMARY_KEY); refusing all deliveries')
return jsonify({'status': 'error', 'message': 'webhook signing not configured'}), 503
if not box_jwt_client.verify_webhook_signature(raw_body, headers, primary_key, secondary_key):
print('Box webhook: signature verification failed')
return jsonify({'status': 'error', 'message': 'invalid signature'}), 401
delivery_id = headers.get('box-delivery-id', '')
if delivery_id and not _box_remember_delivery(delivery_id):
return jsonify({'status': 'ok', 'message': 'duplicate'}), 200
try:
payload = json.loads(raw_body.decode('utf-8'))
except Exception:
return jsonify({'status': 'error', 'message': 'invalid JSON'}), 400
trigger = payload.get('trigger', '')
if trigger != 'FILE.UPLOADED':
return jsonify({'status': 'ok', 'message': f'ignored trigger {trigger}'}), 200
source = payload.get('source') or {}
if source.get('type') != 'file':
return jsonify({'status': 'ok', 'message': 'not a file event'}), 200
file_id = str(source.get('id', ''))
filename = source.get('name', '')
parent = source.get('parent') or {}
parent_folder_id = str(parent.get('id', ''))
if not file_id or not parent_folder_id or not filename:
return jsonify({'status': 'error', 'message': 'malformed payload'}), 400
ext = os.path.splitext(filename)[1].lower()
if ext not in _BOX_QC_EXTS:
print(f'Box webhook: skipping non-QC extension {ext} ({filename})')
return jsonify({'status': 'ok', 'message': f'unsupported extension {ext}'}), 200
from client_config import get_client_by_box_folder, get_all_clients, get_default_profile
client_id = get_client_by_box_folder(parent_folder_id)
if not client_id:
print(f'Box webhook: no client configured for Box folder {parent_folder_id}')
return jsonify({'status': 'ok', 'message': 'no client mapping'}), 200
client_cfg = get_all_clients().get(client_id, {})
profile_id = get_default_profile(client_id) or (client_cfg.get('profiles') or ['static_general'])[0]
session_id = datetime.now().strftime('%Y%m%d_%H%M%S')
print(f'Box webhook: dispatching session={session_id} client={client_id} profile={profile_id} file_id={file_id} name={filename}')
threading.Thread(
target=_run_box_triggered_analysis,
args=(client_id, profile_id, file_id, filename, session_id),
daemon=True,
).start()
return jsonify({
'status': 'ok',
'session_id': session_id,
'client_id': client_id,
'profile_id': profile_id,
}), 200
@app.route('/auth/box/login', methods=['GET'])
@auth.require_auth
def box_login():

343
backend/box_jwt_client.py Normal file
View file

@ -0,0 +1,343 @@
"""
Box JWT service-account client.
Authenticates as a Box Custom App with Server Authentication (JWT) i.e. the
app has its own Box identity rather than acting on behalf of a logged-in user.
Used for webhook-driven, unattended workflows where the QC pipeline needs to
read files from Box and write reports back without a human in the loop.
The service account must be invited as a collaborator on each client folder
before any read/write succeeds. Folder IDs live in `client_config.py`.
Co-exists with the older per-user OAuth flow in `box_client.py` different
auth model, different use cases.
"""
from __future__ import annotations
import base64
import hashlib
import hmac
import json
import os
import secrets
import threading
import time
from typing import Any, Dict, List, Optional
import jwt
import requests
from cryptography.hazmat.primitives.serialization import load_pem_private_key
_CONFIG_PATH_ENV = 'BOX_JWT_CONFIG_PATH'
_DEFAULT_CONFIG_PATH = os.path.join(
os.path.dirname(os.path.abspath(__file__)), 'config', 'box_jwt_config.json'
)
_TOKEN_URL = 'https://api.box.com/oauth2/token'
_API_BASE = 'https://api.box.com/2.0'
_UPLOAD_BASE = 'https://upload.box.com/api/2.0'
_token_lock = threading.Lock()
_cached_token: Optional[Dict[str, Any]] = None # {'access_token': str, 'expires_at': float}
class BoxJWTError(RuntimeError):
"""Any failure while talking to Box via the JWT service account."""
def _config_path() -> str:
return os.environ.get(_CONFIG_PATH_ENV) or _DEFAULT_CONFIG_PATH
def is_configured() -> bool:
"""True iff the JWT config JSON exists at the expected path."""
return os.path.exists(_config_path())
def _load_config() -> Dict[str, Any]:
path = _config_path()
if not os.path.exists(path):
raise BoxJWTError(
f'Box JWT config not found at {path}. '
f'Drop the JSON Box gave you for the Custom App at that path, or set {_CONFIG_PATH_ENV}.'
)
with open(path, 'r') as f:
return json.load(f)
def _build_assertion(config: Dict[str, Any]) -> str:
box_app = config['boxAppSettings']
app_auth = box_app['appAuth']
private_key = load_pem_private_key(
app_auth['privateKey'].encode('utf-8'),
password=app_auth['passphrase'].encode('utf-8'),
)
claims = {
'iss': box_app['clientID'],
'sub': config['enterpriseID'],
'box_sub_type': 'enterprise',
'aud': _TOKEN_URL,
'jti': secrets.token_urlsafe(16),
'exp': int(time.time()) + 45, # Box caps assertion lifetime at 60s
}
return jwt.encode(
claims, private_key, algorithm='RS256', headers={'kid': app_auth['publicKeyID']}
)
def _fetch_new_token() -> Dict[str, Any]:
config = _load_config()
assertion = _build_assertion(config)
response = requests.post(
_TOKEN_URL,
data={
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': assertion,
'client_id': config['boxAppSettings']['clientID'],
'client_secret': config['boxAppSettings']['clientSecret'],
},
timeout=30,
)
if response.status_code != 200:
raise BoxJWTError(
f'Box token exchange failed: HTTP {response.status_code}{response.text[:300]}'
)
data = response.json()
# Refresh 5 minutes before expiry to absorb clock skew + network latency.
return {
'access_token': data['access_token'],
'expires_at': time.time() + data['expires_in'] - 300,
}
def get_service_account_token() -> str:
"""Return a currently-valid service-account access token, refreshing if needed."""
global _cached_token
with _token_lock:
if _cached_token and time.time() < _cached_token['expires_at']:
return _cached_token['access_token']
_cached_token = _fetch_new_token()
return _cached_token['access_token']
def _auth_headers() -> Dict[str, str]:
return {'Authorization': f'Bearer {get_service_account_token()}'}
# ---------- File / folder operations ----------
def list_folder_items(folder_id: str, fields: Optional[List[str]] = None, limit: int = 1000) -> List[Dict[str, Any]]:
"""List items in a folder. Returns the `entries` array from the Box API."""
params = {'limit': limit}
if fields:
params['fields'] = ','.join(fields)
response = requests.get(
f'{_API_BASE}/folders/{folder_id}/items',
headers=_auth_headers(),
params=params,
timeout=30,
)
if response.status_code != 200:
raise BoxJWTError(
f'list_folder_items({folder_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
return response.json().get('entries', [])
def get_file_metadata(file_id: str) -> Dict[str, Any]:
"""Return Box file metadata (name, size, parent, etc.)."""
response = requests.get(
f'{_API_BASE}/files/{file_id}',
headers=_auth_headers(),
timeout=30,
)
if response.status_code != 200:
raise BoxJWTError(
f'get_file_metadata({file_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
return response.json()
def download_file(file_id: str, dest_path: str) -> str:
"""Stream a Box file to dest_path. Returns dest_path on success."""
os.makedirs(os.path.dirname(dest_path), exist_ok=True)
with requests.get(
f'{_API_BASE}/files/{file_id}/content',
headers=_auth_headers(),
stream=True,
timeout=300,
) as response:
if response.status_code != 200:
raise BoxJWTError(
f'download_file({file_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
with open(dest_path, 'wb') as f:
for chunk in response.iter_content(chunk_size=64 * 1024):
if chunk:
f.write(chunk)
return dest_path
def upload_file(local_path: str, parent_folder_id: str, name: Optional[str] = None) -> Dict[str, Any]:
"""Upload a local file into a Box folder. Returns the new file's metadata."""
if not os.path.exists(local_path):
raise BoxJWTError(f'upload_file: local file not found: {local_path}')
upload_name = name or os.path.basename(local_path)
attributes = {'name': upload_name, 'parent': {'id': parent_folder_id}}
with open(local_path, 'rb') as f:
response = requests.post(
f'{_UPLOAD_BASE}/files/content',
headers=_auth_headers(),
data={'attributes': json.dumps(attributes)},
files={'file': (upload_name, f)},
timeout=300,
)
if response.status_code not in (200, 201):
raise BoxJWTError(
f'upload_file({upload_name}{parent_folder_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
entries = response.json().get('entries', [])
return entries[0] if entries else {}
def find_subfolder_by_name(parent_folder_id: str, name: str) -> Optional[str]:
"""Return the Box folder ID of a child folder named `name`, or None if not found.
Box allows duplicate folder names within a parent; if multiple match, returns
the first one encountered.
"""
for item in list_folder_items(parent_folder_id, fields=['id', 'name', 'type']):
if item.get('type') == 'folder' and item.get('name') == name:
return str(item['id'])
return None
def create_subfolder(parent_folder_id: str, name: str) -> str:
"""Create a new folder named `name` under `parent_folder_id`. Returns its ID."""
payload = {'name': name, 'parent': {'id': parent_folder_id}}
response = requests.post(
f'{_API_BASE}/folders',
headers={**_auth_headers(), 'Content-Type': 'application/json'},
data=json.dumps(payload),
timeout=30,
)
if response.status_code not in (200, 201):
raise BoxJWTError(
f'create_subfolder({name} under {parent_folder_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
return str(response.json()['id'])
def find_or_create_subfolder(parent_folder_id: str, name: str) -> str:
"""Idempotent: return existing subfolder ID, or create + return new one."""
existing = find_subfolder_by_name(parent_folder_id, name)
if existing:
return existing
return create_subfolder(parent_folder_id, name)
def move_file(file_id: str, target_folder_id: str, new_name: Optional[str] = None) -> Dict[str, Any]:
"""Move (and optionally rename) a Box file. Returns the updated file metadata.
Pass `new_name` to also rename in-flight useful for collision-avoidance when
moving into a folder that may already contain a file with the same name.
"""
payload: Dict[str, Any] = {'parent': {'id': str(target_folder_id)}}
if new_name:
payload['name'] = new_name
response = requests.put(
f'{_API_BASE}/files/{file_id}',
headers={**_auth_headers(), 'Content-Type': 'application/json'},
data=json.dumps(payload),
timeout=30,
)
if response.status_code not in (200, 201):
raise BoxJWTError(
f'move_file({file_id}{target_folder_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
return response.json()
# ---------- Webhook (V2) management ----------
def create_webhook(target_type: str, target_id: str, address: str, triggers: List[str]) -> Dict[str, Any]:
"""Register a V2 webhook on a file or folder. Returns the webhook record (id + signing keys)."""
if target_type not in ('file', 'folder'):
raise BoxJWTError(f'target_type must be "file" or "folder", got {target_type!r}')
payload = {
'target': {'type': target_type, 'id': target_id},
'address': address,
'triggers': triggers,
}
response = requests.post(
f'{_API_BASE}/webhooks',
headers={**_auth_headers(), 'Content-Type': 'application/json'},
data=json.dumps(payload),
timeout=30,
)
if response.status_code not in (200, 201):
raise BoxJWTError(
f'create_webhook({target_type}/{target_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
return response.json()
def list_webhooks() -> List[Dict[str, Any]]:
"""List V2 webhooks visible to the service account."""
response = requests.get(
f'{_API_BASE}/webhooks', headers=_auth_headers(), timeout=30
)
if response.status_code != 200:
raise BoxJWTError(
f'list_webhooks failed: HTTP {response.status_code}{response.text[:300]}'
)
return response.json().get('entries', [])
def delete_webhook(webhook_id: str) -> None:
"""Delete a V2 webhook by ID."""
response = requests.delete(
f'{_API_BASE}/webhooks/{webhook_id}', headers=_auth_headers(), timeout=30
)
if response.status_code not in (200, 204):
raise BoxJWTError(
f'delete_webhook({webhook_id}) failed: HTTP {response.status_code}{response.text[:300]}'
)
# ---------- Webhook payload verification ----------
def verify_webhook_signature(
body: bytes,
headers: Dict[str, str],
primary_key: Optional[str],
secondary_key: Optional[str],
) -> bool:
"""Verify the signature on an incoming Box webhook payload.
Box V2 webhooks sign `body + delivery_timestamp` with HMAC-SHA256 using two
rotating keys (primary + secondary). Either key matching = valid signature.
Pass `body` as raw request bytes JSON-serializing first will reorder keys
and break verification.
"""
if headers.get('box-signature-version') != '1':
return False
if headers.get('box-signature-algorithm') != 'HmacSHA256':
return False
timestamp = headers.get('box-delivery-timestamp', '')
if not timestamp:
return False
expected_primary = headers.get('box-signature-primary')
expected_secondary = headers.get('box-signature-secondary')
message = body + timestamp.encode('utf-8')
def _matches(key: Optional[str], expected: Optional[str]) -> bool:
if not key or not expected:
return False
computed = base64.b64encode(
hmac.new(key.encode('utf-8'), message, hashlib.sha256).digest()
).decode('utf-8')
return hmac.compare_digest(computed, expected)
return _matches(primary_key, expected_primary) or _matches(secondary_key, expected_secondary)

133
backend/client_config.py
View file

@ -20,7 +20,10 @@ CLIENT_PROFILES = {
'name': "L'Oreal",
'profiles': ['loreal_static', 'static_general', 'video_general'],
'display_name': "L'Oreal",
'description': "L'Oreal brand profiles with focused and comprehensive static QC checks"
'description': "L'Oreal brand profiles with focused and comprehensive static QC checks",
'box_folder_id': '381501258415',
'box_reports_folder_id': '382076841334',
'default_profile': 'loreal_static',
},
'amazon': {
'name': 'Amazon',
@ -30,16 +33,10 @@ CLIENT_PROFILES = {
},
'boots': {
'name': 'Boots',
'profiles': ['boots_static', 'static_general', 'video_general'],
'profiles': ['boots_static', 'boots_ppack', 'static_general', 'video_general'],
'display_name': 'Boots',
'description': 'Boots retail promotional artwork compliance checks'
},
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'wsj_podcast', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
'honda': {
'name': 'Honda',
'profiles': ['static_general', 'video_general'],
@ -48,7 +45,7 @@ CLIENT_PROFILES = {
},
'axa': {
'name': 'AXA',
'profiles': ['axa_policy_document', 'axa_policy_document_diff', 'static_general', 'video_general'],
'profiles': ['axa_policy_document', 'axa_policy_document_diff', 'axa_accessibility', 'static_general', 'video_general'],
'display_name': 'AXA',
'description': 'AXA brand profiles, including multi-page policy document QC for AXA Ireland'
},
@ -58,6 +55,25 @@ CLIENT_PROFILES = {
'display_name': 'Rank',
'description': 'Rank brand profiles for marketing QC checks'
},
'google': {
'name': 'Google',
'profiles': ['static_general', 'video_general'],
'display_name': 'Google',
'description': 'Demo client — scope pending'
},
'hp': {
'name': 'HP',
'profiles': ['hp_copy_review', 'static_general', 'video_general'],
'display_name': 'HP',
'description': 'HP marketing copy QC graded against canonical Source Messaging',
'default_profile': 'hp_copy_review',
},
'ferrero': {
'name': 'Ferrero',
'profiles': ['static_general', 'video_general'],
'display_name': 'Ferrero',
'description': 'Demo client — scope pending'
},
'general': {
'name': 'General',
'profiles': ['static_general', 'video_general', 'inclusive_accessibility'],
@ -74,6 +90,105 @@ def get_all_clients():
"""Get all available clients"""
return CLIENT_PROFILES
def get_client_by_box_folder(folder_id):
"""Reverse-lookup: which client owns this Box folder_id?
Used by the Box webhook handler. Returns the client_id (key) or None.
Folder IDs are compared as strings since the Box API returns them as such.
"""
target = str(folder_id) if folder_id is not None else None
if not target:
return None
for cid, cfg in CLIENT_PROFILES.items():
if str(cfg.get('box_folder_id', '') or '') == target:
return cid
return None
def get_clients_with_box_folder():
"""Return [(client_id, client_config_dict), ...] for clients with a Box folder configured."""
return [
(cid, cfg) for cid, cfg in CLIENT_PROFILES.items()
if cfg.get('box_folder_id')
]
# ---------- Runtime override for default_profile ----------
#
# The static `default_profile` field on each client in CLIENT_PROFILES is the
# baseline value, set in code at deploy time. Admins can override it at runtime
# via the Settings UI; overrides persist to backend/client_defaults.json
# (gitignored, per-server). This separation means a buggy override write can
# never break server boot — worst case the override is ignored and the static
# value applies.
import os as _os
import json as _json
_DEFAULTS_OVERRIDE_PATH = _os.path.join(
_os.path.dirname(_os.path.abspath(__file__)), 'client_defaults.json'
)
def _load_default_overrides():
"""Return the override dict {client_id: profile_id}; empty dict if no file or unreadable."""
if not _os.path.exists(_DEFAULTS_OVERRIDE_PATH):
return {}
try:
with open(_DEFAULTS_OVERRIDE_PATH, 'r') as f:
data = _json.load(f)
return data if isinstance(data, dict) else {}
except (OSError, _json.JSONDecodeError):
return {}
def _save_default_overrides(data):
"""Persist the override dict. Writes to a temp path then renames for atomicity."""
tmp_path = _DEFAULTS_OVERRIDE_PATH + '.tmp'
with open(tmp_path, 'w') as f:
_json.dump(data, f, indent=2, sort_keys=True)
_os.replace(tmp_path, _DEFAULTS_OVERRIDE_PATH)
def get_default_profile(client_id):
"""Return the effective default profile for a client.
Resolution order: runtime override static `default_profile` field None.
Used by the Box webhook handler (no logged-in user, needs a profile to run).
"""
overrides = _load_default_overrides()
if client_id in overrides:
return overrides[client_id]
cfg = CLIENT_PROFILES.get(client_id, {})
return cfg.get('default_profile')
def set_default_profile(client_id, profile_id):
"""Persist a runtime override for a client's default profile.
Validates that the client exists and the profile is one of the client's
allowed profiles. Returns (True, None) on success or (False, reason) on
rejection.
"""
if client_id not in CLIENT_PROFILES:
return False, f'unknown client: {client_id}'
allowed = get_client_profiles(client_id)
if profile_id not in allowed:
return False, f"profile '{profile_id}' is not in client {client_id}'s profile list"
overrides = _load_default_overrides()
overrides[client_id] = profile_id
_save_default_overrides(overrides)
return True, None
def clear_default_profile_override(client_id):
"""Remove a runtime override so the static default applies again."""
overrides = _load_default_overrides()
if client_id in overrides:
del overrides[client_id]
_save_default_overrides(overrides)
def validate_client_profile(client_id, profile_id):
"""Validate that a profile belongs to a client"""
client_profiles = get_client_profiles(client_id)

10
backend/config.env
View file

@ -1,10 +0,0 @@
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
# Flask Security Configuration
FLASK_ENV=development
SECRET_KEY=your-secret-key-here-change-in-production

17
backend/config/.env.template
View file

@ -36,7 +36,7 @@ SENDER_EMAIL=noreply@your-domain.com
ERROR_EMAIL=admin@your-domain.com
REPORT_EMAILS=admin@your-domain.com
# Box.com OAuth (per-creator user authentication for automation folders)
# Box.com OAuth (per-creator user authentication — legacy/dormant scaffolding)
# Register a Custom App with OAuth 2.0 (User Authentication) in Box Developer Console.
# In the app's Configuration tab, add ALL the redirect URIs you'll use:
# http://localhost:7183/auth/box/callback (local dev)
@ -46,4 +46,17 @@ REPORT_EMAILS=admin@your-domain.com
# to set BOX_REDIRECT_URI per server — uncomment only as an override.
BOX_CLIENT_ID=your-box-client-id
BOX_CLIENT_SECRET=your-box-client-secret
# BOX_REDIRECT_URI=
# BOX_REDIRECT_URI=
# Box.com JWT (service-account auth — used by /api/box/webhook for unattended QC)
# Drop the JSON Box gives you for the "Custom App with Server Authentication (JWT)"
# at backend/config/box_jwt_config.json (gitignored, scp'd onto each server).
# Override the path with BOX_JWT_CONFIG_PATH if you store it elsewhere.
# BOX_JWT_CONFIG_PATH=/opt/ai_qc/backend/config/box_jwt_config.json
# Box V2 webhook signing keys (one app-level pair, used by every webhook the
# Custom App owns). Get them from Box Developer Console → Custom App → Webhooks
# tab → "Manage Signature Keys". Both are valid simultaneously — Box uses a
# rolling-rotate model so you can rotate one at a time without downtime.
BOX_WEBHOOK_PRIMARY_KEY=
BOX_WEBHOOK_SECONDARY_KEY=

43
backend/config/development.env
View file

@ -1,43 +0,0 @@
# Development Environment Configuration
# This file is used for local development testing
# OpenAI Configuration
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration (Development App Registration)
# NOTE: You'll need to create a separate app registration for development
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
AZURE_REDIRECT_URI=http://localhost:7183
# Flask Configuration
FLASK_ENV=development
SECRET_KEY=dev-secret-key-change-this-for-security
DEBUG_MODE=true
PORT=7183
# Application Configuration
ENVIRONMENT=development
BASE_URL=http://localhost:7183
UPLOAD_FOLDER=uploads-dev
OUTPUT_FOLDER=output-dev
# Development-specific settings
LOG_LEVEL=DEBUG
ENABLE_DEBUG_ENDPOINTS=true
# Mailgun / SMTP (for email notifications)
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_USER=twist@mail.dev.oliver.solutions
SMTP_PASSWORD=102115e9f3b9d7332d0cd1d4329bc0d4-77751bfc-ca066b71
SENDER_EMAIL=TWIST-UK-SERVER@oliver.agency
ERROR_EMAIL=nick.viljoen@brandtech.plus
REPORT_EMAILS=nick.viljoen@brandtech.plus
# Box.com OAuth (per-creator user authentication for automation folders)
# Redirect URI is computed from each request — no need to hardcode it per server.
# Set BOX_REDIRECT_URI here only as an override if request-based detection fails.
BOX_CLIENT_ID=o9zxyl6j917q0bkndrwfi2x5zbdeanh5
BOX_CLIENT_SECRET=yejdbWTeBOcdsDImpNQ7nvLJZad3e0Jm

42
backend/config/production.env
View file

@ -1,42 +0,0 @@
# Production Environment Configuration
# This file is used for production deployment on the web server
# OpenAI Configuration
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration (Production)
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
AZURE_REDIRECT_URI=https://ai-sandbox.oliver.solutions/ai_qc/
# Flask Configuration
FLASK_ENV=production
SECRET_KEY=prod-ai-qc-oliver-solutions-2025-secure-key-9f8e7d6c5b4a3
DEBUG_MODE=false
PORT=7184
# Application Configuration
ENVIRONMENT=production
BASE_URL=https://ai-sandbox.oliver.solutions/ai_qc
UPLOAD_FOLDER=uploads
OUTPUT_FOLDER=output
# Production-specific settings
LOG_LEVEL=INFO
ENABLE_DEBUG_ENDPOINTS=false
# Mailgun / SMTP (for email notifications)
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_USER=twist@mail.dev.oliver.solutions
SMTP_PASSWORD=102115e9f3b9d7332d0cd1d4329bc0d4-77751bfc-ca066b71
SENDER_EMAIL=TWIST-UK-SERVER@oliver.agency
ERROR_EMAIL=nick.viljoen@brandtech.plus
REPORT_EMAILS=nick.viljoen@brandtech.plus
# Box.com OAuth (per-creator user authentication for automation folders)
# Redirect URI is computed from each request — no need to hardcode it per server.
# Set BOX_REDIRECT_URI here only as an override if request-based detection fails.
BOX_CLIENT_ID=o9zxyl6j917q0bkndrwfi2x5zbdeanh5
BOX_CLIENT_SECRET=yejdbWTeBOcdsDImpNQ7nvLJZad3e0Jm

258
backend/document_mode/accessibility_checks.py
View file

@ -1,35 +1,46 @@
"""PDF accessibility checks aligned to PDF/UA-1 + WCAG-AAA-relevant subset.
"""PDF accessibility checks aligned to PDF/UA-1.
Deterministic Python implementation using PyMuPDF no Java/veraPDF needed
to ship Phase 4. Once veraPDF is installed on the host, _run_verapdf() can
be wired in as an additional validation layer (see __doc__ for that fn).
Two layers, applied in order:
1. veraPDF subprocess full PDF/UA-1 (ISO 14289-1) validation via the
Matterhorn Protocol. This is the same protocol PAC uses, so its
verdict is the authoritative one when veraPDF is available on the
host. When it runs, its result drives the score and pass flag.
2. Deterministic PyMuPDF criteria (C1-C9) fast surface checks that
run regardless. They give the AXA team a quick visual sanity-pass
(tagged? language set? fonts embedded?) and are the sole source of
truth when veraPDF is not installed.
Criteria checked (subset of the 30+ rules in PDF/UA-1 §7):
Deterministic criteria:
C1 Tagged PDF document has a /StructTreeRoot
C2 Marked /MarkInfo /Marked is true
C3 Title metadata /Title set and non-empty
C4 Language document /Lang specified
C5 No password protection /Encrypt absent or accessibility-friendly
C6 Fonts embedded every font flagged as embedded
C7 PDF version 1.5+ recommended (older versions can't carry full
accessibility tagging features)
C7 PDF version 1.5+ recommended
C8 XMP UA-conformance XMP metadata declares pdfuaid:part
C9 Image alt text sampled images have /Alt or /ActualText in the
structure tree (heuristic: looks for /Alt anywhere in the catalog
graph; not a full structure-tree walk).
Each criterion gets a pass/fail and a short observation. The check's
overall score = (passing_criteria / total_criteria) * 10.
C9 Image alt text sampled images have /Alt or /ActualText
"""
from __future__ import annotations
import os
import re
import shutil
import subprocess
import xml.etree.ElementTree as ET
from typing import Dict, List, Optional
import fitz # PyMuPDF
# Project-local install path for the production server (see vendor dir
# under /opt/ai_qc/vendor/verapdf/). Falls back to PATH lookup or
# VERAPDF_BIN env var.
_VERAPDF_VENDOR_PATH = '/opt/ai_qc/vendor/verapdf/verapdf'
_VERAPDF_TIMEOUT_SECONDS = 180
# ─────────────────────────────────────────────────────────────────────────────
# Helpers
# ─────────────────────────────────────────────────────────────────────────────
@ -237,10 +248,11 @@ def _check_alt_text_sampling(doc: fitz.Document) -> Dict:
def axa_pdf_accessibility(ingest_result: Dict, scope_args: Optional[Dict] = None) -> Dict:
"""Run the full PDF/UA-aligned check set on the ingested PDF.
"""Run PDF/UA-1 accessibility validation on the ingested PDF.
Requires `pdf_path` on ingest_result (set by the dispatcher). Falls
back to a structured-error result if PDF can't be opened.
When veraPDF is installed on the host, its PDF/UA-1 verdict is the
authoritative score driver. The deterministic PyMuPDF criteria run
in either case as a quick sanity layer.
"""
pdf_path = ingest_result.get('pdf_path')
if not pdf_path:
@ -282,22 +294,24 @@ def axa_pdf_accessibility(ingest_result: Dict, scope_args: Optional[Dict] = None
finally:
doc.close()
passed = [c for c in criteria if c['passed']]
failed = [c for c in criteria if not c['passed']]
total = len(criteria)
score = round((len(passed) / total) * 10, 2) if total else 0.0
pass_flag = len(failed) == 0
crit_passed = [c for c in criteria if c['passed']]
crit_failed = [c for c in criteria if not c['passed']]
crit_total = len(criteria)
if pass_flag:
summary = f'All {total} accessibility criteria passed.'
verapdf = _run_verapdf(pdf_path)
verapdf_ok = bool(verapdf and verapdf.get('available') and not verapdf.get('error'))
if verapdf_ok:
score, pass_flag, summary = _score_from_verapdf(verapdf)
else:
summary = f'{len(failed)} of {total} accessibility criteria failed.'
score = round((len(crit_passed) / crit_total) * 10, 2) if crit_total else 0.0
pass_flag = len(crit_failed) == 0
if pass_flag:
summary = f'All {crit_total} fast accessibility criteria passed (veraPDF unavailable — install for full PDF/UA-1 validation).'
else:
summary = f'{len(crit_failed)} of {crit_total} fast accessibility criteria failed (veraPDF unavailable).'
response_lines = [summary, '']
for c in criteria:
marker = '' if c['passed'] else ''
response_lines.append(f" {marker} {c['code']}{c['title']}: {c['note']}")
response = '\n'.join(response_lines)
response = _build_response_text(summary, criteria, verapdf if verapdf_ok else None)
return {
'check_name': 'axa_pdf_accessibility',
@ -307,32 +321,182 @@ def axa_pdf_accessibility(ingest_result: Dict, scope_args: Optional[Dict] = None
'summary': summary,
'findings': {
'criteria': criteria,
'criteria_total': total,
'criteria_passed': len(passed),
'criteria_failed': len(failed),
'verapdf_run': False, # set to True when veraPDF subprocess is wired in
'criteria_total': crit_total,
'criteria_passed': len(crit_passed),
'criteria_failed': len(crit_failed),
'verapdf_run': verapdf_ok,
'verapdf': verapdf if verapdf else None,
},
'response': response,
}
def _score_from_verapdf(verapdf: Dict) -> tuple:
"""Map veraPDF UA-1 verdict to (score, pass_flag, summary).
Severity ladder: any rule failure means the document is not PDF/UA-1,
so pass_flag is False whenever veraPDF marks the file non-compliant.
Score grades the depth of failure so partially-compliant documents
still produce a meaningful number for trend tracking.
"""
if verapdf.get('compliant'):
n_rules = verapdf.get('passed_rules', 0)
return 10.0, True, f'PDF/UA-1 compliant per veraPDF ({n_rules} rules passed).'
n_failed = verapdf.get('failed_rules', 0)
n_failed_checks = verapdf.get('failed_checks', 0)
if n_failed <= 1:
score = 5.0
elif n_failed == 2:
score = 3.0
else:
score = 0.0
summary = (
f'PDF/UA-1 non-compliant per veraPDF: {n_failed} rule(s) failed '
f'across {n_failed_checks} individual check(s).'
)
return score, False, summary
def _build_response_text(summary: str, criteria: List[Dict], verapdf: Optional[Dict]) -> str:
"""Plain-text response shown in the QC report's response block."""
lines = [summary, '']
if verapdf:
lines.append('── veraPDF PDF/UA-1 ──')
verdict = 'COMPLIANT' if verapdf.get('compliant') else 'NOT COMPLIANT'
lines.append(f' Verdict: {verdict}')
lines.append(
f' Rules: {verapdf.get("passed_rules", 0)} passed / '
f'{verapdf.get("failed_rules", 0)} failed'
)
lines.append(
f' Checks: {verapdf.get("passed_checks", 0)} passed / '
f'{verapdf.get("failed_checks", 0)} failed'
)
for r in verapdf.get('failed_rule_details', []):
tag_str = ', '.join(r.get('tags') or []) or ''
lines.append('')
lines.append(
f' ✗ Clause {r["clause"]}-{r["test_number"]} '
f'(×{r["failed_checks"]}, {tag_str})'
)
lines.append(f' {r["description"]}')
for s in r.get('sample_errors', [])[:1]:
lines.append(f' e.g. {s}')
lines.append('')
lines.append('── Fast deterministic criteria ──')
for c in criteria:
marker = '' if c['passed'] else ''
lines.append(f" {marker} {c['code']}{c['title']}: {c['note']}")
return '\n'.join(lines)
# ─────────────────────────────────────────────────────────────────────────────
# veraPDF integration stub — wire when Java is on the host
# veraPDF integration
# ─────────────────────────────────────────────────────────────────────────────
def _resolve_verapdf_binary() -> Optional[str]:
"""Locate the veraPDF executable. Order: VERAPDF_BIN env > PATH >
project-local vendor install. Returns None if veraPDF is not
installed; the check then falls back to deterministic-only mode.
"""
env_path = os.environ.get('VERAPDF_BIN')
if env_path and os.path.isfile(env_path) and os.access(env_path, os.X_OK):
return env_path
path_lookup = shutil.which('verapdf')
if path_lookup:
return path_lookup
if os.path.isfile(_VERAPDF_VENDOR_PATH) and os.access(_VERAPDF_VENDOR_PATH, os.X_OK):
return _VERAPDF_VENDOR_PATH
return None
def _run_verapdf(pdf_path: str) -> Optional[Dict]:
"""Stub for veraPDF subprocess validation.
To enable:
1. Install veraPDF on the host: https://verapdf.org/software/
(requires JRE 8+; ~150MB total).
2. Ensure `verapdf` binary is on PATH or set VERAPDF_BIN env var.
3. Replace this stub with subprocess.run([verapdf, '--format', 'json',
'--profile', 'ua1', pdf_path], capture_output=True). Parse the
JSON output and merge into axa_pdf_accessibility's findings.
4. Set findings['verapdf_run'] = True so the report shows it ran.
Currently returns None so callers know veraPDF was not invoked.
"""Run veraPDF PDF/UA-1 validation. Returns a structured result dict
or None when veraPDF is not installed. Returns a dict with 'error'
populated if the subprocess ran but failed in some recoverable way.
"""
return None
binary = _resolve_verapdf_binary()
if not binary:
return None
try:
result = subprocess.run(
[binary, '-f', 'ua1', '--format', 'xml', '--maxfailuresdisplayed', '3', pdf_path],
capture_output=True,
text=True,
timeout=_VERAPDF_TIMEOUT_SECONDS,
)
except subprocess.TimeoutExpired:
return {'available': True, 'binary': binary, 'error': f'veraPDF timed out after {_VERAPDF_TIMEOUT_SECONDS}s'}
except Exception as e:
return {'available': True, 'binary': binary, 'error': f'veraPDF subprocess failed: {e}'}
if not result.stdout:
return {
'available': True,
'binary': binary,
'error': 'veraPDF produced no output',
'stderr': (result.stderr or '')[:500],
}
try:
root = ET.fromstring(result.stdout)
except ET.ParseError as e:
return {
'available': True,
'binary': binary,
'error': f'Could not parse veraPDF XML: {e}',
}
vr = root.find('.//validationReport')
if vr is None:
return {
'available': True,
'binary': binary,
'error': 'No validationReport in veraPDF output',
}
details = vr.find('details')
rules: List[Dict] = []
if details is not None:
for rule in details.findall('rule'):
tags = (rule.get('tags') or '').split(',')
tags = [t for t in tags if t]
rules.append({
'specification': rule.get('specification'),
'clause': rule.get('clause'),
'test_number': rule.get('testNumber'),
'tags': tags,
'failed_checks': int(rule.get('failedChecks') or 0),
'description': (rule.findtext('description') or '').strip(),
'sample_errors': [
(c.findtext('errorMessage') or '').strip()
for c in rule.findall('check')[:2]
],
})
def _detail_int(name: str) -> int:
if details is None:
return 0
try:
return int(details.get(name) or 0)
except (TypeError, ValueError):
return 0
return {
'available': True,
'binary': binary,
'compliant': vr.get('isCompliant') == 'true',
'profile': vr.get('profileName', 'PDF/UA-1'),
'statement': vr.get('statement', ''),
'passed_rules': _detail_int('passedRules'),
'failed_rules': _detail_int('failedRules'),
'passed_checks': _detail_int('passedChecks'),
'failed_checks': _detail_int('failedChecks'),
'failed_rule_details': rules,
}

201
backend/document_mode/dispatcher.py
View file

@ -15,12 +15,20 @@ Document-scope checks bypass the LLM pipeline entirely (deterministic, $0).
Page-level checks plug into `process_checks_in_batches()` exactly as before.
"""
from concurrent.futures import ThreadPoolExecutor, as_completed
from datetime import datetime
from typing import Callable, Dict, List, Optional
from . import checks as doc_checks
# Max concurrent page-level LLM calls within a single check, used by Stage 3c
# (page_sample) and Stage 3d (page_each). Was sequential; that pinned a 4-page
# × 7-check Boots PPack run at ~15 min. Bump if larger docs / paid-tier rate
# limits make it safe; keep modest to stay well under Gemini's per-key quota.
_PAGE_PARALLEL_WORKERS = 4
def _grade(overall_score: float) -> str:
"""Same Pass/Fail rule as single-asset mode: avg per-check ≥ 6 = Pass."""
avg_individual = overall_score / 10
@ -199,6 +207,47 @@ def run_document_analysis(
'percentage': 12 + (completed / len(enabled_checks)) * 80,
})
# ── Page-type map (shared by 3c page_sample and 3d page_each) ──────────
# For profiles that don't tag pages (e.g. AXA), every page is 'artwork',
# so the page-type-aware aggregation in Stage 3d falls through cleanly.
page_type_map = {p['page_num']: p.get('page_type', 'artwork') for p in pages}
artwork_page_nums = {pn for pn, pt in page_type_map.items() if pt == 'artwork'}
# ── Per-page dispatch helper (used by 3c and 3d in parallel) ───────────
# process_checks_in_batches is already reentrant — asset-mode runs it
# under its own ThreadPoolExecutor — so it's safe to call concurrently
# from a pool. progress_tracker writes are GIL-safe and racy by design
# (visual only). page_level_results writes happen from the main thread
# after future.result(), so no races on that dict either.
def _run_check_on_page(check_name: str, page: Dict):
page_num = page['page_num']
try:
page_check_results = process_checks_in_batches(
enabled_checks=[check_name],
qc_apps=qc_apps,
profile_config=profile_config,
profile_weights=profile_weights,
file_path=page['image_path'],
analysis_reference_asset=analysis_reference_asset,
brand_db=brand_db,
progress_tracker=progress_tracker,
session_id=session_id,
batch_size=15,
media_plan_context=media_plan_context,
ocr_context=ocr_context,
)
result_for_page = page_check_results.get(check_name, {})
except Exception as e:
result_for_page = {
'check_name': check_name,
'score': 0.0,
'pass': False,
'response': f'Check raised {type(e).__name__}: {e}',
'findings': {'error': str(e)},
}
result_for_page['page_type'] = page_type_map.get(page_num, 'artwork')
return page_num, result_for_page
# ── Stage 3c: page-sample (LLM, sampled pages) ────────────────────────
page_level_results: Dict[str, Dict[int, Dict]] = {} # check → page_num → result
sample_buckets = scope_buckets['page_sample']
@ -206,30 +255,24 @@ def run_document_analysis(
for check_name, scope_args in sample_buckets:
n = (scope_args or {}).get('sample_size', 8)
page_nums = _evenly_spaced(pages_processed, n)
eligible = [pages[pn - 1] for pn in page_nums if pages[pn - 1].get('image_path')]
page_level_results[check_name] = {}
for page_num in page_nums:
page = pages[page_num - 1]
if not page.get('image_path'):
continue
progress_tracker[session_id].update({
'current_check_display': f'{check_name} on page {page_num} (sample)',
'current_page': page_num,
})
page_check_results = process_checks_in_batches(
enabled_checks=[check_name],
qc_apps=qc_apps,
profile_config=profile_config,
profile_weights=profile_weights,
file_path=page['image_path'],
analysis_reference_asset=analysis_reference_asset,
brand_db=brand_db,
progress_tracker=progress_tracker,
session_id=session_id,
batch_size=15,
media_plan_context=media_plan_context,
ocr_context=ocr_context,
)
page_level_results[check_name][page_num] = page_check_results.get(check_name, {})
progress_tracker[session_id].update({
'current_check_display': f'{check_name} (sampling {len(eligible)} pages)...',
})
pages_done = 0
with ThreadPoolExecutor(max_workers=_PAGE_PARALLEL_WORKERS) as pool:
futures = [pool.submit(_run_check_on_page, check_name, p) for p in eligible]
for fut in as_completed(futures):
pn, result = fut.result()
page_level_results[check_name][pn] = result
pages_done += 1
progress_tracker[session_id].update({
'current_check_display': f'{check_name}: {pages_done} of {len(eligible)} pages',
})
# Aggregate the sampled results into the doc-level entry
page_scores = {p: (r.get('score') or 0) for p, r in page_level_results[check_name].items()}
scores = list(page_scores.values())
@ -256,48 +299,74 @@ def run_document_analysis(
'percentage': 12 + (completed / len(enabled_checks)) * 80,
})
# ── Stage 3d: page_each (legacy; only if profile insists) ──────────────
# ── Stage 3d: page_each — run check on every page in the document ──────
# Page-type-aware: results from non-artwork pages (cover/checklist/palette/
# notes) are surfaced for visibility but excluded from the per-check
# average that drives the headline score & grade. This implements the
# strict-grade exemption requested for Boots Production Packs without
# changing AXA-style profiles (which don't tag pages → all pages count).
if scope_buckets['page_each']:
for check_name, _scope_args in scope_buckets['page_each']:
page_level_results.setdefault(check_name, {})
for page in pages:
page_num = page['page_num']
if not page.get('image_path'):
continue
progress_tracker[session_id].update({
'current_check_display': f'{check_name} on page {page_num}',
'current_page': page_num,
})
page_check_results = process_checks_in_batches(
enabled_checks=[check_name],
qc_apps=qc_apps,
profile_config=profile_config,
profile_weights=profile_weights,
file_path=page['image_path'],
analysis_reference_asset=analysis_reference_asset,
brand_db=brand_db,
progress_tracker=progress_tracker,
session_id=session_id,
batch_size=15,
media_plan_context=media_plan_context,
ocr_context=ocr_context,
)
page_level_results[check_name][page_num] = page_check_results.get(check_name, {})
eligible_pages = [p for p in pages if p.get('image_path')]
progress_tracker[session_id].update({
'current_check_display': f'{check_name} across {len(eligible_pages)} pages...',
'current_page': 0,
})
pages_done = 0
with ThreadPoolExecutor(max_workers=_PAGE_PARALLEL_WORKERS) as pool:
futures = [pool.submit(_run_check_on_page, check_name, p) for p in eligible_pages]
for fut in as_completed(futures):
pn, result = fut.result()
page_level_results[check_name][pn] = result
pages_done += 1
progress_tracker[session_id].update({
'current_check_display': f'{check_name}: {pages_done} of {len(eligible_pages)} pages',
})
page_scores = {p: (r.get('score') or 0) for p, r in page_level_results[check_name].items()}
scores = list(page_scores.values())
artwork_scores = {p: s for p, s in page_scores.items() if p in artwork_page_nums}
non_artwork_scores = {p: s for p, s in page_scores.items() if p not in artwork_page_nums}
# Headline score = average of artwork-page scores. If a profile
# has no artwork pages at all (extreme edge case), fall back to
# all pages so we don't return a 0-score Fail.
scoring_pool = artwork_scores if artwork_scores else page_scores
scores = list(scoring_pool.values())
avg = round(sum(scores) / len(scores), 2) if scores else 0.0
# Per-page response excerpts are captured in findings so the
# report renderer can show a per-page card without needing access
# to the doc-level page_level_results dict.
page_responses = {
p: ((page_level_results[check_name][p].get('response') or '')[:1500])
for p in page_scores.keys()
}
check_results[check_name] = {
'check_name': check_name,
'scope': 'page_each',
'score': avg,
'pass': avg >= 6,
'summary': f'{check_name} ran on every page: avg {avg}',
'summary': (
f'{check_name} ran on {len(page_scores)} pages '
f'({len(artwork_scores)} artwork, {len(non_artwork_scores)} informational). '
f'Artwork avg {avg}.'
),
'findings': {
'page_scores': page_scores,
'failing_pages': sorted([p for p, s in page_scores.items() if s < 6]),
'artwork_page_scores': artwork_scores,
'informational_page_scores': non_artwork_scores,
'failing_artwork_pages': sorted([p for p, s in artwork_scores.items() if s < 6]),
'page_types': page_type_map,
'page_responses': page_responses,
},
'response': '\n'.join(
f"Page {p}: {s}\n{(page_level_results[check_name][p].get('response') or '')[:1500]}"
f"Page {p} [{page_type_map.get(p, 'artwork')}]: {s}\n"
f"{page_responses[p]}"
for p, s in sorted(page_scores.items())
),
}
@ -338,6 +407,31 @@ def run_document_analysis(
else:
overall_score = 0.0
# ── Strict-grade override (artwork pages only) ─────────────────────────
# Profiles with strict_grade=True (e.g. Boots PPack) Fail if ANY check
# scored <6 on ANY artwork page. Cover/checklist/palette/notes pages do
# not contribute to this check. AXA-style profiles leave strict_grade
# off and behave as before.
strict_grade = bool(getattr(profile_config, 'strict_grade', False))
strict_violations = []
if strict_grade:
for check_name, per_page in page_level_results.items():
for page_num, page_result in per_page.items():
if page_result.get('page_type', 'artwork') != 'artwork':
continue
page_score = page_result.get('score') or 0
if page_score < 6:
strict_violations.append({
'check': check_name,
'page': page_num,
'score': page_score,
})
if strict_grade and strict_violations:
grade = 'Fail'
else:
grade = _grade(overall_score)
fonts_inventory = sorted({
font for page in pages for font in (page.get('fonts_used') or [])
})
@ -352,6 +446,7 @@ def run_document_analysis(
'pages': [
{
'page_num': p['page_num'],
'page_type': p.get('page_type', 'artwork'),
'fonts_used': p.get('fonts_used', []),
'image_path': p.get('image_path'),
}
@ -361,9 +456,11 @@ def run_document_analysis(
'page_level_results': page_level_results,
'document_summary': {
'overall_score': overall_score,
'grade': _grade(overall_score),
'grade': grade,
'check_summaries': check_summaries,
'total_weight': total_weight,
'strict_grade': strict_grade,
'strict_violations': strict_violations,
},
'ingest_metadata': {
'fonts_inventory': fonts_inventory,

11
backend/document_mode/ingest.py
View file

@ -135,6 +135,11 @@ def ingest_pdf(
pages: List[Dict] = []
# Page classifier is optional — only used by document-mode profiles that
# need a strict-grade exemption for non-artwork pages (e.g. Boots PPack).
# Importing locally keeps it out of the hot path for AXA-style profiles.
from .page_classifier import classify_page
for i in range(pages_to_process):
page_num = i + 1 # 1-indexed
page = doc.load_page(i)
@ -147,13 +152,15 @@ def ingest_pdf(
raw_text = page.get_text().strip()
fonts_used = sorted({s['font'] for s in spans if s.get('font')})
pages.append({
page_record = {
'page_num': page_num,
'image_path': rendered,
'raw_text': raw_text,
'spans': spans,
'fonts_used': fonts_used,
})
}
page_record['page_type'] = classify_page(page_record)
pages.append(page_record)
if progress_callback:
try:

168
backend/document_mode/page_classifier.py Normal file
View file

@ -0,0 +1,168 @@
"""Heuristic page classifier for Boots Production Packs.
Tags each page of a multi-page production pack with a `page_type` so the
dispatcher can:
run the same QC checks on every page (the user wants cover-page logo /
typography / brand-name compliance to be QC'd, not skipped)
flag non-artwork pages as exempt from the strict-grade override
(a cover page with no offer roundel shouldn't tank the overall grade
just because `boots_offer_mechanics` finds nothing to evaluate)
Categories observed across the 10 sample packs in
`/Users/nickviljoen/Desktop/AI_QC_Bitbucket/boots/PPacks to Test/`:
cover title page: "Production Pack / P7B IMODIUM / 21.11.25"
checklist asset suitability tick-list ("Asset suitable", "Fonts present", ...)
palette creative-guidance colour spec page (CMYK / RGB / Hex blocks)
notes copywriter / yellow-notes commentary page
artwork actual ad layout (default anything that isn't one of the above)
Only `artwork` counts towards strict-grade Pass/Fail. Everything else is
informational. The classifier never raises unknown pages default to
`artwork` because false positives there are recoverable (an extra check
on a cover page just produces an N/A score) whereas missing artwork is not.
"""
from __future__ import annotations
import re
from typing import Dict, List
PAGE_TYPES = ('cover', 'checklist', 'palette', 'notes', 'artwork')
# ── Regex patterns derived from observed text on the 10 sample packs ──────────
# These are intentionally conservative — they only fire when the page is
# unambiguously one of the admin types. Anything fuzzy falls through to artwork.
_RE_PRODUCTION_PACK_TITLE = re.compile(r'\bProduction Pack\b', re.IGNORECASE)
_RE_VERSION_LINE = re.compile(r'^\s*Version\s+\d+\s*$', re.IGNORECASE | re.MULTILINE)
_RE_JOB_NUMBER = re.compile(r'\bJob number:\s*\d', re.IGNORECASE)
# Asset checklist markers — the suitability tick-list
_CHECKLIST_TOKENS = (
'Asset suitable', 'Assets suitable',
'Fonts present',
'Resolution fine',
'Print ready asset',
'Asset low res',
'Supplied visual',
'More info required',
'Content complete',
'Colours resolved',
'IS PACK A', # appears on No7 Bundle Wobbler P9 cover/checklist combo
)
# Creative guidance / colour palette markers
_PALETTE_TOKENS = ('CMYK', 'RGB', 'Hexadecimal')
_RE_HEX_COLOUR = re.compile(r'#[0-9a-fA-F]{6}\b')
# Copywriter / yellow-notes markers
_RE_YELLOW_NOTES = re.compile(r'\bYellow Notes\b', re.IGNORECASE)
_RE_CLIENT_QUERIES = re.compile(r'\bCLIENT QUERIES\b', re.IGNORECASE)
# Strong artwork signals — text that only appears on real ad layouts.
# Used to override notes/checklist classification when an artwork page
# happens to include a Yellow Notes footer or a supplied-assets sidebar.
_RE_PRICE = re.compile(r'£\s*\d')
_RE_OFFER_MECHANIC = re.compile(
r'\b(?:3\s*FOR\s*2|BOGOF|2\s*FOR\s*£|BUY\s+\d|FREE|GIFT|MULTIBUY)\b',
re.IGNORECASE,
)
_RE_OFFER_DATES = re.compile(r'\bOffer valid (?:from|on)\b', re.IGNORECASE)
_RE_CLICK_COLLECT = re.compile(r'\bClick\s*&\s*Collect\b', re.IGNORECASE)
_RE_GSL_BARCODE = re.compile(r'\bGSL\b\s*\d', re.IGNORECASE)
def _has_artwork_signals(text: str) -> bool:
"""True if the page contains at least one strong artwork-only signal."""
return any(rx.search(text) for rx in (
_RE_PRICE,
_RE_OFFER_MECHANIC,
_RE_OFFER_DATES,
_RE_CLICK_COLLECT,
_RE_GSL_BARCODE,
))
def classify_page(page: Dict) -> str:
"""Classify a single ingested page dict.
Decision order:
1. Strong palette match (multi-token + hex colours) palette
2. Strong checklist match (3 suitability tokens) checklist
3. Pages that pass _has_artwork_signals() artwork
(catches Maybelline p5 that has Yellow Notes footer + T&Cs)
4. Yellow Notes / Client Queries with no artwork signals notes
5. Sparse Production Pack title block cover (covers brief / context too)
6. Fallthrough artwork
Strong palette/checklist precede artwork signals because some palette
and checklist pages render thumbnail previews of the artwork (e.g.
Nicorette's "£3 off offer ellipse" sample on the palette page) that
otherwise look like artwork.
Defaults to 'artwork' on any uncertainty false positives there are
cheap (an N/A score on a non-applicable check) whereas missing artwork
means a real compliance issue would slip through.
"""
text = (page.get('raw_text') or '').strip()
if not text:
return 'artwork'
# ── 1. Palette ────────────────────────────────────────────────────────
palette_tokens_found = sum(1 for tok in _PALETTE_TOKENS if tok in text)
hex_count = len(_RE_HEX_COLOUR.findall(text))
if palette_tokens_found >= 3 and hex_count >= 2:
return 'palette'
# Looser palette match for short palette pages with only one swatch
if palette_tokens_found >= 2 and hex_count >= 1 and 'COLOUR PALETTE' in text.upper():
return 'palette'
# ── 2. Checklist ──────────────────────────────────────────────────────
checklist_tokens_found = sum(1 for tok in _CHECKLIST_TOKENS if tok in text)
if checklist_tokens_found >= 3:
return 'checklist'
# ── 3. Artwork signals (T&Cs, offer mechanics, prices) ─────────────────
if _has_artwork_signals(text):
return 'artwork'
# ── 4. Notes / client queries ─────────────────────────────────────────
if _RE_YELLOW_NOTES.search(text) or _RE_CLIENT_QUERIES.search(text):
return 'notes'
# ── 5. Cover / brief / context page ───────────────────────────────────
line_count = len([ln for ln in text.splitlines() if ln.strip()])
if (
line_count <= 15
and _RE_PRODUCTION_PACK_TITLE.search(text)
and _RE_VERSION_LINE.search(text)
and _RE_JOB_NUMBER.search(text)
):
return 'cover'
# ── 6. Fallthrough ────────────────────────────────────────────────────
return 'artwork'
def classify_pages(pages: List[Dict]) -> List[str]:
"""Classify every page in an ingest_pdf result. Returns parallel list."""
return [classify_page(p) for p in pages]
def is_artwork(page_type: str) -> bool:
"""Convenience predicate for the strict-grade override."""
return page_type == 'artwork'
# Human-readable labels for report rendering.
PAGE_TYPE_LABELS = {
'cover': 'Cover',
'checklist': 'Asset Checklist',
'palette': 'Creative Guidance / Colour Palette',
'notes': 'Yellow Notes',
'artwork': 'Artwork',
}

186
backend/document_mode/result_writer.py
View file

@ -235,14 +235,60 @@ def _render_pdf_accessibility(findings: Dict) -> str:
passed = findings.get('criteria_passed', 0)
total = findings.get('criteria_total', 0)
verapdf_run = findings.get('verapdf_run', False)
verapdf = findings.get('verapdf') or {}
if verapdf_run:
verapdf_label = '<span class="ok">enabled</span>'
elif verapdf.get('error'):
verapdf_label = f'<span class="bad">error: {html.escape(verapdf["error"])}</span>'
else:
verapdf_label = '<span class="muted">not installed on host</span>'
head = f"""
<p>
<strong>{passed} / {total}</strong> PDF/UA-aligned criteria passed
· veraPDF: {'<span class="ok">enabled</span>' if verapdf_run else '<span class="muted">not run (Java not installed)</span>'}
<strong>{passed} / {total}</strong> fast criteria passed
· veraPDF PDF/UA-1: {verapdf_label}
</p>
"""
verapdf_block = ''
if verapdf_run:
compliant = verapdf.get('compliant')
verdict_html = (
"<span class='ok'>COMPLIANT</span>" if compliant
else "<span class='bad'>NOT COMPLIANT</span>"
)
rule_rows = []
for r in verapdf.get('failed_rule_details') or []:
tags = ', '.join(r.get('tags') or []) or ''
samples = r.get('sample_errors') or []
sample_html = ''
if samples:
sample_html = (
"<br><code>e.g. " + html.escape(samples[0]) + "</code>"
)
rule_rows.append(f"""
<tr>
<td><code>{html.escape(str(r.get('clause', '')))}-{html.escape(str(r.get('test_number', '')))}</code></td>
<td class='center'>{r.get('failed_checks', 0)}</td>
<td><code>{html.escape(tags)}</code></td>
<td>{html.escape(r.get('description', ''))}{sample_html}</td>
</tr>
""")
verapdf_block = f"""
<p><strong>veraPDF verdict:</strong> {verdict_html} ·
{verapdf.get('passed_rules', 0)} rules passed / {verapdf.get('failed_rules', 0)} failed ·
{verapdf.get('passed_checks', 0)} checks passed / {verapdf.get('failed_checks', 0)} failed</p>
"""
if rule_rows:
verapdf_block += f"""
<table class='findings-table'>
<thead><tr><th>Clause</th><th>Failures</th><th>Tags</th><th>Description</th></tr></thead>
<tbody>{''.join(rule_rows)}</tbody>
</table>
"""
rows = []
for c in criteria:
marker = '<span class="ok">✓</span>' if c['passed'] else '<span class="bad">✗</span>'
@ -261,7 +307,7 @@ def _render_pdf_accessibility(findings: Dict) -> str:
</tr>
""")
return head + f"""
return head + verapdf_block + f"""
<table class='findings-table'>
<thead><tr><th></th><th>Code</th><th>Criterion</th><th>Observation</th></tr></thead>
<tbody>{''.join(rows)}</tbody>
@ -277,6 +323,95 @@ def _render_generic(findings: Dict, response: str) -> str:
return f"<pre class='response-block'>{html.escape(json.dumps(findings, indent=2, default=str))}</pre>"
# Human-readable labels for page_type tags. Kept in sync with
# document_mode.page_classifier.PAGE_TYPE_LABELS.
_PAGE_TYPE_LABELS = {
'cover': 'Cover',
'checklist': 'Asset Checklist',
'palette': 'Creative Guidance',
'notes': 'Yellow Notes',
'artwork': 'Artwork',
}
def _page_type_pill(page_type: str) -> str:
label = _PAGE_TYPE_LABELS.get(page_type, page_type or 'artwork')
cls = 'page-type-artwork' if page_type == 'artwork' else 'page-type-info'
return f"<span class='page-type-pill {cls}'>{html.escape(label)}</span>"
def _render_page_each(findings: Dict, response: str) -> str:
"""Per-page breakdown for any page_each-scope check.
Renders a table of pages (page_num, type, score, status) followed by
expandable per-page response cards. Used by the Boots PPack profile
where every check runs on every page.
"""
page_scores = findings.get('page_scores') or {}
page_types = findings.get('page_types') or {}
page_responses = findings.get('page_responses') or {}
artwork_scores = findings.get('artwork_page_scores') or {}
informational_scores = findings.get('informational_page_scores') or {}
failing_artwork = set(findings.get('failing_artwork_pages') or [])
if not page_scores:
# Fall back to the generic response dump if the dispatcher didn't
# populate per-page data (e.g. a check raised mid-run).
return _render_generic(findings, response)
# Headline summary line
head = f"""
<p>
Ran on <strong>{len(page_scores)}</strong> pages
<span class='ok'>{len(artwork_scores)}</span> artwork,
<span class='muted'>{len(informational_scores)}</span> informational
(informational pages don't affect Pass/Fail).
</p>
"""
rows = []
for page_num, score in sorted(page_scores.items()):
ptype = page_types.get(page_num, 'artwork')
is_artwork = ptype == 'artwork'
score_cls = _score_class(score)
if is_artwork:
status_pill = (
'<span class="pass-pill fail">Below threshold</span>'
if page_num in failing_artwork
else '<span class="pass-pill pass">OK</span>'
)
else:
status_pill = '<span class="pass-pill" style="background:#eef2f7;color:#4a5a72;">Informational</span>'
response_text = page_responses.get(page_num, '')
body = (
f"<details class='page-response'><summary class='muted'>Show details</summary>"
f"<pre class='response-block'>{html.escape(response_text)}</pre>"
f"</details>"
if response_text else ''
)
rows.append(f"""
<tr>
<td>Page {page_num}</td>
<td>{_page_type_pill(ptype)}</td>
<td class='{score_cls}'><strong>{score}</strong></td>
<td>{status_pill}</td>
<td>{body}</td>
</tr>
""")
return head + f"""
<table class='findings-table'>
<thead>
<tr>
<th>Page</th><th>Page type</th><th>Score</th><th>Status</th><th>Detail</th>
</tr>
</thead>
<tbody>{''.join(rows)}</tbody>
</table>
"""
_FINDINGS_RENDERERS = {
'axa_font_inventory': _render_font_inventory,
'axa_phone_inventory': _render_phone_inventory,
@ -303,7 +438,12 @@ def _render_check_section(check_name: str, check_result: Dict) -> str:
pass_flag = check_result.get('pass', False)
renderer = _FINDINGS_RENDERERS.get(check_name)
body = renderer(findings) if renderer else _render_generic(findings, response)
if renderer:
body = renderer(findings)
elif scope == 'page_each':
body = _render_page_each(findings, response)
else:
body = _render_generic(findings, response)
return f"""
<details class='check-section' open>
@ -349,10 +489,12 @@ def _render_page_strip(pages: List[Dict]) -> str:
rows = []
for p in pages:
fonts = p.get('fonts_used') or []
ptype = p.get('page_type', 'artwork')
rows.append(f"""
<details class='page-row'>
<summary>
<span class='page-num'>Page {p['page_num']}</span>
{_page_type_pill(ptype)}
<span class='font-count'>{len(fonts)} fonts</span>
</summary>
<p class='fonts-on-page'>{html.escape(', '.join(fonts))}</p>
@ -378,6 +520,35 @@ def _render_html(result: Dict, original_filename: str) -> str:
</div>
"""
strict_banner = ''
if summary.get('strict_grade'):
violations = summary.get('strict_violations') or []
if violations:
# Group violations by page for readability
by_page: Dict[int, List[Dict]] = {}
for v in violations:
by_page.setdefault(v['page'], []).append(v)
page_rows = []
for page_num, vs in sorted(by_page.items()):
check_list = ', '.join(
f"<code>{html.escape(v['check'])}</code> ({v['score']})"
for v in vs
)
page_rows.append(f"<li>Page {page_num}: {check_list}</li>")
strict_banner = f"""
<div class='banner banner-fail'>
<strong>Strict-grade override triggered.</strong>
{len(violations)} artwork-page check{'s' if len(violations) != 1 else ''} scored below 6 overall grade forced to Fail.
<ul style='margin:6px 0 0 18px;padding:0;'>{''.join(page_rows)}</ul>
</div>
"""
else:
strict_banner = """
<div class='banner banner-ok'>
Strict-grade override active no artwork-page checks scored below the threshold.
</div>
"""
glance = _render_at_a_glance(check_summaries)
check_sections = '\n'.join(
f"<a id='check-{html.escape(name)}'></a>{_render_check_section(name, check_results.get(name, {}))}"
@ -448,6 +619,12 @@ def _render_html(result: Dict, original_filename: str) -> str:
.font-pill {{ display: inline-block; padding: 2px 8px; background: #eef2f7; border-radius: 999px; margin: 2px 4px 2px 0; font-size: 12px; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; }}
.banner {{ padding: 12px 16px; border-radius: 6px; margin-bottom: 12px; font-size: 13px; }}
.banner-warn {{ background: #fff4d6; color: #7a5a00; border: 1px solid #f0d77b; }}
.banner-fail {{ background: #fbe5e5; color: #8a1f1f; border: 1px solid #e9b2b2; }}
.banner-ok {{ background: #e2f4e4; color: #1f6a2a; border: 1px solid #b2d9b8; }}
.page-type-pill {{ display: inline-block; padding: 2px 8px; border-radius: 999px; font-size: 11px; font-weight: 600; letter-spacing: 0.3px; }}
.page-type-pill.page-type-artwork {{ background: #d6f0d8; color: #1f6a2a; }}
.page-type-pill.page-type-info {{ background: #eef2f7; color: #4a5a72; }}
.page-response summary {{ cursor: pointer; font-size: 12px; padding: 4px 0; }}
.page-row {{ background: white; padding: 6px 12px; margin-bottom: 4px; border-radius: 4px; box-shadow: 0 1px 2px rgba(0,0,0,0.04); }}
.page-row summary {{ display: flex; justify-content: space-between; cursor: pointer; font-size: 13px; }}
.page-num {{ font-weight: 600; }}
@ -466,6 +643,7 @@ def _render_html(result: Dict, original_filename: str) -> str:
&middot; {html.escape(result.get('timestamp', ''))}
</div>
{truncated_banner}
{strict_banner}
<div class='overall-card'>
<div>

162
backend/excel_processor.py Normal file
View file

@ -0,0 +1,162 @@
#!/usr/bin/env python3
"""Excel reference-asset processor for HP Source Messaging files.
Mirrors pdf_processor.py: openpyxl extracts raw cell content from every
sheet, Gemini 2.5 Pro summarises the result into structured Markdown
under brand_guidelines/files/{file_id}_summary.md. The hp_copy_review
check pulls that Markdown into its prompt at QC time.
Public surface:
process_excel_file(file_path, file_id) -> (summary_text, summary_path)
Behaviour mirrors pdf_processor.summarize_brand_guidelines: on Gemini
failure we write a degraded summary containing the raw extraction so
the reference asset stays usable downstream. The function does not
raise failures are logged and surfaced via the degraded payload.
"""
import os
from typing import Tuple
from openpyxl import load_workbook
BRAND_GUIDELINES_DIR = os.path.join(
os.path.dirname(os.path.abspath(__file__)), 'brand_guidelines', 'files'
)
# Cap raw extraction at ~50K chars to keep the summary prompt bounded.
# A 30-row, 12-column workbook is ~10-15K chars in practice; this leaves
# headroom for HP's larger source files without blowing the prompt budget.
_RAW_EXTRACTION_CAP = 50_000
_SYSTEM_PROMPT = """You're processing an HP Source Messaging Excel into a structured Markdown reference. Output these sections exactly, in this order:
## Product / Variant
(brand, product line, variant if any e.g. "HP OmniDesk Mini — Core")
## Key Selling Points (KSPs)
For each KSP: heading, value proposition, supporting body copy, message-length variants (ultra-short / short / medium / long if present in the source).
## Disclaimers / Footnotes
Numbered list, exact wording, what claim each footnote anchors to.
## Approved Brand and Product Names
Exact spellings, including trademark glyphs (, ®, ©).
## Variant Notes / Watch-outs
Anything explicitly marked variant-specific (e.g. "Mainstream only", "Core only", "must not appear in entry tier").
## Verboten Phrasing
Any explicitly disallowed or deprecated phrasing called out in the source.
Be exhaustive but concise. Quote exactly where the source is explicit. If a section has no content in this source, write 'None specified' under it do not omit the section heading."""
def process_excel_file(file_path: str, file_id: str) -> Tuple[str, str]:
"""Extract + summarise an HP Source Messaging Excel.
Args:
file_path: Path to the .xlsx file on disk.
file_id: Stable identifier used for the output filename.
Returns:
Tuple of (summary_text, summary_path). Summary is written to
BRAND_GUIDELINES_DIR/{file_id}_summary.md.
Never raises. On Gemini failure, writes a degraded summary that
embeds the raw extraction so the reference asset stays usable.
"""
try:
raw_text = _extract_workbook_text(file_path)
except Exception as e:
print(f" Excel extraction failed for {file_id}: {type(e).__name__}: {e}")
summary = (
f"# {os.path.basename(file_path)} (degraded — extraction failed)\n\n"
f"openpyxl extraction failed: {type(e).__name__}: {e}\n"
)
raw_text = ''
else:
try:
summary = _summarise_with_gemini(raw_text, os.path.basename(file_path))
except Exception as e:
print(f" Gemini summarisation failed for {file_id}: {type(e).__name__}: {e}")
summary = (
f"# {os.path.basename(file_path)} (degraded — summary failed)\n\n"
f"Gemini summarisation failed: {type(e).__name__}: {e}\n\n"
f"## Raw extraction\n\n```\n{raw_text}\n```\n"
)
os.makedirs(BRAND_GUIDELINES_DIR, exist_ok=True)
summary_path = os.path.join(BRAND_GUIDELINES_DIR, f"{file_id}_summary.md")
with open(summary_path, 'w', encoding='utf-8') as f:
f.write(summary)
return summary, summary_path
def _extract_workbook_text(file_path: str) -> str:
"""Read every sheet, dump as 'Sheet: <name>\\n<tab-aligned rows>\\n\\n'.
Empty rows are skipped. Output is capped at _RAW_EXTRACTION_CAP chars;
when exceeded, a truncation marker is appended and the rest is dropped.
"""
wb = load_workbook(file_path, data_only=True, read_only=True)
try:
parts = []
total_chars = 0
for sheet in wb.worksheets:
header = f"Sheet: {sheet.title}\n"
parts.append(header)
total_chars += len(header)
for row in sheet.iter_rows(values_only=True):
if not any((c is not None and str(c).strip()) for c in row):
continue
line = '\t'.join(('' if c is None else str(c)) for c in row)
parts.append(line + '\n')
total_chars += len(line) + 1
if total_chars >= _RAW_EXTRACTION_CAP:
parts.append(
f"\n[truncated — exceeded {_RAW_EXTRACTION_CAP}-char cap]\n"
)
return ''.join(parts)
parts.append('\n')
total_chars += 1
return ''.join(parts)
finally:
wb.close()
def _summarise_with_gemini(raw_text: str, source_filename: str) -> str:
"""Send the extracted workbook text to Gemini 2.5 Pro for summarisation.
Mirrors pdf_processor.summarize_brand_guidelines: uses
google.generativeai directly with MODEL_VERSIONS.gemini_vision
(currently gemini-2.5-pro). Raises on any failure; the caller
converts failures into a degraded summary.
"""
import google.generativeai as genai
from llm_config import MODEL_VERSIONS
api_key = os.getenv("GOOGLE_API_KEY")
if not api_key:
raise RuntimeError("GOOGLE_API_KEY not configured")
genai.configure(api_key=api_key)
model = genai.GenerativeModel(MODEL_VERSIONS.gemini_vision)
prompt = (
f"{_SYSTEM_PROMPT}\n\n"
f"Source filename: {source_filename}\n\n"
f"Raw cell content:\n\n```\n{raw_text}\n```"
)
response = model.generate_content(prompt)
# Mirror pdf_processor's safety-block handling: surface a useful error.
if not getattr(response, 'parts', None):
feedback = getattr(response, 'prompt_feedback', 'No specific feedback provided.')
raise RuntimeError(
f"Gemini response blocked or empty. Feedback: {feedback}"
)
return response.text

12
backend/profile_config.py
View file

@ -115,6 +115,12 @@ class Profile:
checks: Dict[str, QCCheckConfig] = field(default_factory=dict)
pre_analysis_instructions: Optional[str] = None
mode: str = "asset" # "asset" (default, single image/video) or "document" (multi-page PDF)
# Strict-grade override: when True, ANY check scoring <6 forces an
# overall Fail. In document mode this only applies to artwork-classified
# pages (cover/checklist/palette/notes pages are exempt). Used by Boots
# Production Pack profile to mirror the asset-mode strict-grade rule
# already used by L'Oreal Static and Boots Static.
strict_grade: bool = False
def get_enabled_checks(self) -> List[str]:
"""Get list of enabled check names"""
@ -156,13 +162,15 @@ def load_profiles():
profile_checks = profile_data.get('checks', {})
pre_analysis_instructions = profile_data.get('pre_analysis_instructions', None)
profile_mode = profile_data.get('mode', 'asset')
profile_strict_grade = profile_data.get('strict_grade', False)
# Create a new Profile instance
profile = Profile(
name=profile_name,
description=profile_description,
pre_analysis_instructions=pre_analysis_instructions,
mode=profile_mode
mode=profile_mode,
strict_grade=profile_strict_grade,
)
# Add each check configuration
@ -216,6 +224,8 @@ def save_profile(profile_id: str, profile: Profile):
# Persist mode only when it diverges from the default to keep existing JSONs untouched
if profile.mode and profile.mode != 'asset':
profile_data['mode'] = profile.mode
if profile.strict_grade:
profile_data['strict_grade'] = True
# Add each check configuration
for check_name, check_config in profile.checks.items():

15
backend/profiles/axa_accessibility.json Normal file
View file

@ -0,0 +1,15 @@
{
"name": "AXA Accessibility",
"description": "Standalone PDF/UA-1 accessibility validation for AXA Ireland documents. Runs the axa_pdf_accessibility check only — veraPDF (PDF/UA-1 / Matterhorn Protocol) when the binary is installed, deterministic PyMuPDF criteria as fallback. Use this profile when the QC objective is purely accessibility compliance against axes4 PAC, without the policy-document content checks.",
"mode": "document",
"checks": {
"axa_pdf_accessibility": {
"weight": 1.0,
"enabled": true,
"scope": "document"
}
},
"strict_grade": true,
"visibility": "client_specific",
"visible_to_clients": ["axa"]
}

7
backend/profiles/axa_policy_document.json
View file

@ -1,6 +1,6 @@
{
"name": "AXA Policy Document",
"description": "Multi-page PDF QC for AXA Ireland policy documents. 8 deterministic checks: font inventory, phone inventory, bold-words enforcement, page numbering, print code, OMG versioning, PDF/UA-aligned accessibility, print preflight. Runs in seconds with $0 LLM cost. Becomes compliance-driven once AXA supplies approved font list, bold-words dictionary, and approved phone numbers.",
"description": "Multi-page PDF QC for AXA Ireland policy documents. 7 deterministic checks: font inventory, phone inventory, bold-words enforcement, page numbering, print code, OMG versioning, print preflight. Runs in seconds with $0 LLM cost. Becomes compliance-driven once AXA supplies approved font list, bold-words dictionary, and approved phone numbers. Accessibility validation lives in the dedicated 'AXA Accessibility' profile.",
"mode": "document",
"checks": {
"axa_font_inventory": {
@ -23,11 +23,6 @@
"enabled": true,
"scope": "document"
},
"axa_pdf_accessibility": {
"weight": 2.0,
"enabled": true,
"scope": "document"
},
"axa_print_preflight": {
"weight": 1.0,
"enabled": true,

45
backend/profiles/boots_ppack.json Normal file
View file

@ -0,0 +1,45 @@
{
"name": "Boots Production Pack",
"description": "Multi-page Boots production-pack QC. Runs the full Boots compliance suite (caveats, brand names, offer mechanics, T&Cs, currency/locale) plus brand-identity checks (logo, colour palette) on every page. Cover, asset checklist, colour-palette and yellow-notes pages are auto-detected and exempted from the strict-grade override; only artwork pages count towards Pass/Fail.",
"mode": "document",
"strict_grade": true,
"checks": {
"boots_caveat_compliance": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
},
"boots_brand_name_accuracy": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
},
"boots_offer_mechanics": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
},
"boots_tandc_wording": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
},
"boots_currency_locale": {
"weight": 1.0,
"enabled": true,
"scope": "page_each"
},
"boots_logo_compliance": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
},
"boots_colour_palette": {
"weight": 1.5,
"enabled": true,
"scope": "page_each"
}
},
"visibility": "client_specific",
"visible_to_clients": ["boots"]
}

14
backend/profiles/hp_copy_review.json Normal file
View file

@ -0,0 +1,14 @@
{
"name": "HP Copy Review",
"description": "Marketing copy graded against canonical HP Source Messaging",
"mode": "asset",
"visibility": "client_specific",
"visible_to_clients": ["hp"],
"checks": {
"hp_copy_review": {
"weight": 10.0,
"llm": "Gemini",
"enabled": true
}
}
}

193
backend/scripts/box_setup.py Executable file
View file

@ -0,0 +1,193 @@
#!/usr/bin/env python3
"""
Box JWT service-account admin CLI.
One-off script for setting up + inspecting the Box V2 webhooks that drive the
QC pipeline. Run on the dev/prod server once the Box admin has invited the
service account to each client folder, with the JWT config JSON in place at
backend/config/box_jwt_config.json (or BOX_JWT_CONFIG_PATH).
Subcommands:
list-webhooks
Show every webhook the service account can see.
list-folder <folder_id>
List the items in a Box folder. Sanity-check the service account
can actually read the folder (otherwise it isn't a collaborator yet).
list-clients
Print which clients in client_config.py have a box_folder_id set.
create-webhook <folder_id> <address>
Register a FILE.UPLOADED V2 webhook on a folder. Address is the public
URL of /api/box/webhook (e.g. https://optical-dev.oliver.solutions/ai_qc/api/box/webhook).
delete-webhook <webhook_id>
Remove a single webhook by id.
register-all-clients <address>
For every client with a box_folder_id, ensure a FILE.UPLOADED webhook
pointing at <address> exists on that folder. Idempotent already-present
webhooks are left alone.
After registering, set the signing keys (Box Developer Console Custom App
Webhooks Settings) in the env file as BOX_WEBHOOK_PRIMARY_KEY and
BOX_WEBHOOK_SECONDARY_KEY, then restart ai-qc.service.
"""
from __future__ import annotations
import argparse
import json
import os
import sys
THIS_DIR = os.path.dirname(os.path.abspath(__file__))
BACKEND_DIR = os.path.dirname(THIS_DIR)
sys.path.insert(0, BACKEND_DIR)
import box_jwt_client
from client_config import get_clients_with_box_folder
WEBHOOK_TRIGGERS_DEFAULT = ['FILE.UPLOADED']
def cmd_list_webhooks(_args):
webhooks = box_jwt_client.list_webhooks()
if not webhooks:
print('No webhooks visible to this service account.')
return 0
for wh in webhooks:
target = wh.get('target') or {}
print(
f" id={wh.get('id')} target={target.get('type')}/{target.get('id')}"
f" address={wh.get('address')} triggers={wh.get('triggers')}"
)
return 0
def cmd_list_folder(args):
items = box_jwt_client.list_folder_items(args.folder_id, fields=['id', 'name', 'type', 'size'])
print(f'Folder {args.folder_id} contains {len(items)} items:')
for it in items:
size = f" ({it.get('size')} bytes)" if it.get('size') is not None else ''
print(f" {it.get('type')}/{it.get('id')} {it.get('name')}{size}")
return 0
def cmd_list_clients(_args):
configured = get_clients_with_box_folder()
if not configured:
print('No clients have box_folder_id set in client_config.py.')
return 0
for cid, cfg in configured:
print(
f" {cid}: source_folder={cfg.get('box_folder_id')} "
f"reports_folder={cfg.get('box_reports_folder_id') or '(falls back to source)'} "
f"default_profile={cfg.get('default_profile') or '(first profile in list)'}"
)
return 0
def cmd_create_webhook(args):
wh = box_jwt_client.create_webhook(
target_type='folder',
target_id=args.folder_id,
address=args.address,
triggers=WEBHOOK_TRIGGERS_DEFAULT,
)
print('Created webhook:')
print(json.dumps(wh, indent=2))
return 0
def cmd_delete_webhook(args):
box_jwt_client.delete_webhook(args.webhook_id)
print(f'Deleted webhook {args.webhook_id}.')
return 0
def cmd_register_all_clients(args):
"""Idempotent: skip folders that already have a webhook pointing at this address."""
existing = box_jwt_client.list_webhooks()
existing_by_folder = {}
for wh in existing:
target = wh.get('target') or {}
if target.get('type') == 'folder':
existing_by_folder.setdefault(str(target.get('id')), []).append(wh)
configured = get_clients_with_box_folder()
if not configured:
print('No clients have box_folder_id set. Nothing to register.')
return 0
created = 0
skipped = 0
errors = 0
for cid, cfg in configured:
folder_id = str(cfg['box_folder_id'])
already = existing_by_folder.get(folder_id, [])
matching = [w for w in already if w.get('address') == args.address]
if matching:
print(f" {cid} ({folder_id}): SKIP — webhook already exists (id={matching[0].get('id')})")
skipped += 1
continue
try:
wh = box_jwt_client.create_webhook(
target_type='folder',
target_id=folder_id,
address=args.address,
triggers=WEBHOOK_TRIGGERS_DEFAULT,
)
print(f" {cid} ({folder_id}): CREATED webhook id={wh.get('id')}")
created += 1
except Exception as exc:
print(f" {cid} ({folder_id}): ERROR — {exc}")
errors += 1
print()
print(f'Summary: {created} created, {skipped} already present, {errors} errored.')
if errors:
print('Common causes for errors: service account not invited as collaborator on the folder yet,')
print('or the folder_id in client_config.py is wrong.')
return 0 if errors == 0 else 1
def main():
parser = argparse.ArgumentParser(description='Box JWT admin CLI')
sub = parser.add_subparsers(dest='cmd', required=True)
sub.add_parser('list-webhooks').set_defaults(func=cmd_list_webhooks)
p_lf = sub.add_parser('list-folder', help='List items in a Box folder')
p_lf.add_argument('folder_id')
p_lf.set_defaults(func=cmd_list_folder)
sub.add_parser('list-clients').set_defaults(func=cmd_list_clients)
p_cw = sub.add_parser('create-webhook', help='Create a single FILE.UPLOADED webhook')
p_cw.add_argument('folder_id')
p_cw.add_argument('address', help='Public URL of /api/box/webhook')
p_cw.set_defaults(func=cmd_create_webhook)
p_dw = sub.add_parser('delete-webhook', help='Delete a webhook by id')
p_dw.add_argument('webhook_id')
p_dw.set_defaults(func=cmd_delete_webhook)
p_ra = sub.add_parser('register-all-clients', help='Create FILE.UPLOADED webhooks for every client with a box_folder_id')
p_ra.add_argument('address', help='Public URL of /api/box/webhook')
p_ra.set_defaults(func=cmd_register_all_clients)
args = parser.parse_args()
if not box_jwt_client.is_configured():
print(f'ERROR: Box JWT config not found. Drop the JSON from Box at '
f'{os.path.join(BACKEND_DIR, "config", "box_jwt_config.json")} or set BOX_JWT_CONFIG_PATH.',
file=sys.stderr)
return 2
try:
return args.func(args) or 0
except box_jwt_client.BoxJWTError as exc:
print(f'Box API error: {exc}', file=sys.stderr)
return 1
if __name__ == '__main__':
sys.exit(main())

9
backend/scripts/deploy.sh
View file

@ -96,8 +96,13 @@ fi
echo "Target: $TARGET_SHORT $(git log -1 --format='%s' "$TARGET_REF")"
echo ""
echo "Commits to apply:"
git log --oneline "$CURRENT_REV..$TARGET_REV" | head -20
CHANGE_COUNT=$(git log --oneline "$CURRENT_REV..$TARGET_REV" | wc -l | tr -d ' ')
# Use git's own line limit (`-n 20`) rather than `| head -20`: piping to head
# closes the pipe after 20 lines and makes git log exit with SIGPIPE (141),
# which `set -o pipefail` propagates and `set -e` then uses to kill the
# script silently. Only bites when the deploy batch is >20 commits — i.e.
# real prod releases. First hit observed on the v1.3.0 prod deploy.
git log --oneline -n 20 "$CURRENT_REV..$TARGET_REV"
CHANGE_COUNT=$(git rev-list --count "$CURRENT_REV..$TARGET_REV")
if [[ $CHANGE_COUNT -gt 20 ]]; then
echo " ... and $((CHANGE_COUNT - 20)) more"
fi

248
backend/technical_check.py Normal file
View file

@ -0,0 +1,248 @@
"""
Machine-side technical pre-flight inspection for uploaded assets.
Runs before any LLM analysis. Extracts dimensions, format, page count,
duration, codec, etc. via PIL/PyMuPDF/ffprobe. Also opportunistically
parses dimension hints from the filename and compares them to the actual
file. Returns a JSON-serializable dict. Never raises errors land in
`errors` so the caller can still surface partial results.
"""
import json
import os
import re
import subprocess
from typing import Any, Dict, Optional
from PIL import Image
import fitz # PyMuPDF
_DIMS_RE = re.compile(r'(\d{2,5})\s*[xX×]\s*(\d{2,5})')
IMAGE_EXTENSIONS = {'.jpg', '.jpeg', '.png', '.gif', '.bmp', '.tiff', '.tif', '.webp'}
PDF_EXTENSIONS = {'.pdf'}
VIDEO_EXTENSIONS = {'.mp4', '.avi', '.mov', '.mkv', '.wmv', '.flv', '.webm'}
MIME_BY_EXT: Dict[str, str] = {
'.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.png': 'image/png',
'.gif': 'image/gif', '.bmp': 'image/bmp', '.tiff': 'image/tiff',
'.tif': 'image/tiff', '.webp': 'image/webp', '.pdf': 'application/pdf',
'.mp4': 'video/mp4', '.avi': 'video/x-msvideo', '.mov': 'video/quicktime',
'.mkv': 'video/x-matroska', '.wmv': 'video/x-ms-wmv', '.flv': 'video/x-flv',
'.webm': 'video/webm',
}
def parse_filename_specs(filename: str) -> Dict[str, Any]:
"""Extract dimension hints from a filename — pattern like '1920x1080'.
Returns {} when nothing parseable is found.
"""
hints: Dict[str, Any] = {}
base = os.path.splitext(os.path.basename(filename))[0]
match = _DIMS_RE.search(base)
if match:
w, h = int(match.group(1)), int(match.group(2))
if 50 <= w <= 50000 and 50 <= h <= 50000:
hints['width'] = w
hints['height'] = h
return hints
def compare_filename_to_actual(
hints: Dict[str, Any], actual: Dict[str, Any]
) -> Optional[Dict[str, Any]]:
"""Compare filename-extracted dimensions against actual file dimensions."""
if not hints or 'width' not in hints or 'height' not in hints:
return None
actual_dims = actual.get('dimensions')
if not actual_dims:
return None
fw, fh = hints['width'], hints['height']
aw, ah = actual_dims['width'], actual_dims['height']
match = (fw == aw and fh == ah)
return {
'checked': True,
'match': match,
'filename_says': f'{fw}x{fh}',
'actual_is': f'{aw}x{ah}',
'detail': (
f'Filename suggests {fw}x{fh}; file is {aw}x{ah}'
+ (' — match' if match else ' — MISMATCH')
),
}
def _inspect_image(file_path: str) -> Dict[str, Any]:
report: Dict[str, Any] = {'kind': 'image'}
try:
with Image.open(file_path) as img:
report['dimensions'] = {'width': img.width, 'height': img.height}
report['format'] = img.format
report['mode'] = img.mode
report['has_alpha'] = img.mode in ('RGBA', 'LA') or 'transparency' in img.info
dpi = img.info.get('dpi')
if dpi:
report['dpi'] = [int(round(dpi[0])), int(round(dpi[1]))]
except Exception as exc:
report.setdefault('errors', []).append(f'image inspection failed: {exc}')
return report
def _inspect_pdf(file_path: str) -> Dict[str, Any]:
report: Dict[str, Any] = {'kind': 'pdf'}
try:
doc = fitz.open(file_path)
report['page_count'] = doc.page_count
if doc.metadata and doc.metadata.get('format'):
report['pdf_version'] = doc.metadata['format'].replace('PDF ', '')
page_dims = []
fonts = set()
has_text = False
for page in doc:
rect = page.rect
page_dims.append({'width': round(rect.width, 1), 'height': round(rect.height, 1)})
if not has_text and page.get_text().strip():
has_text = True
for font_info in page.get_fonts(full=False):
if len(font_info) > 3 and font_info[3]:
fonts.add(font_info[3])
report['page_dimensions'] = page_dims
report['embedded_fonts'] = sorted(fonts)
report['has_text'] = has_text
if page_dims:
report['dimensions'] = {
'width': int(round(page_dims[0]['width'])),
'height': int(round(page_dims[0]['height'])),
}
doc.close()
except Exception as exc:
report.setdefault('errors', []).append(f'pdf inspection failed: {exc}')
return report
def _inspect_video(file_path: str) -> Dict[str, Any]:
report: Dict[str, Any] = {'kind': 'video'}
try:
result = subprocess.run(
[
'ffprobe', '-v', 'error', '-print_format', 'json',
'-show_format', '-show_streams', file_path,
],
capture_output=True, text=True, timeout=30,
)
if result.returncode != 0:
report.setdefault('errors', []).append(
f'ffprobe error: {result.stderr.strip()[:200]}'
)
return report
data = json.loads(result.stdout)
fmt = data.get('format', {})
if 'duration' in fmt:
report['duration_seconds'] = round(float(fmt['duration']), 2)
if 'bit_rate' in fmt:
report['bitrate_kbps'] = int(int(fmt['bit_rate']) / 1000)
v_streams = [s for s in data.get('streams', []) if s.get('codec_type') == 'video']
a_streams = [s for s in data.get('streams', []) if s.get('codec_type') == 'audio']
if v_streams:
v = v_streams[0]
w, h = v.get('width'), v.get('height')
if w and h:
report['dimensions'] = {'width': w, 'height': h}
report['video_codec'] = v.get('codec_name')
fps_raw = v.get('avg_frame_rate', '0/0')
if '/' in fps_raw:
num, den = fps_raw.split('/')
try:
if int(den) > 0:
report['fps'] = round(int(num) / int(den), 2)
except ValueError:
pass
report['audio_codec'] = a_streams[0].get('codec_name') if a_streams else None
except FileNotFoundError:
report.setdefault('errors', []).append('ffprobe not installed on this server')
except subprocess.TimeoutExpired:
report.setdefault('errors', []).append('ffprobe timed out after 30s')
except Exception as exc:
report.setdefault('errors', []).append(f'video inspection failed: {exc}')
return report
def inspect(file_path: str) -> Dict[str, Any]:
"""Inspect any uploaded asset. Never raises."""
report: Dict[str, Any] = {
'kind': 'unknown',
'mime_type': None,
'file_size_bytes': None,
'file_size_mb': None,
'errors': [],
}
if not os.path.exists(file_path):
report['errors'].append(f'file not found: {file_path}')
return report
try:
size_bytes = os.path.getsize(file_path)
report['file_size_bytes'] = size_bytes
report['file_size_mb'] = round(size_bytes / (1024 * 1024), 3)
except OSError as exc:
report['errors'].append(f'stat failed: {exc}')
ext = os.path.splitext(file_path)[1].lower()
report['mime_type'] = MIME_BY_EXT.get(ext)
if ext in IMAGE_EXTENSIONS:
report.update(_inspect_image(file_path))
elif ext in PDF_EXTENSIONS:
report.update(_inspect_pdf(file_path))
elif ext in VIDEO_EXTENSIONS:
report.update(_inspect_video(file_path))
else:
report['errors'].append(f'unsupported extension: {ext}')
hints = parse_filename_specs(os.path.basename(file_path))
if hints:
report['filename_hints'] = hints
verdict = compare_filename_to_actual(hints, report)
if verdict is not None:
report['filename_match'] = verdict
return report
def format_for_llm_prompt(report: Dict[str, Any]) -> str:
"""Render the technical report as a short Markdown block for LLM prompts."""
lines = ['**Technical metadata (machine-inspected, pre-LLM):**']
kind = report.get('kind', 'unknown')
lines.append(f'- File kind: {kind}')
size_mb = report.get('file_size_mb')
if size_mb is not None:
lines.append(f'- File size: {size_mb} MB')
dims = report.get('dimensions')
if dims:
lines.append(f"- Dimensions: {dims['width']} × {dims['height']}")
dpi = report.get('dpi')
if dpi:
lines.append(f'- DPI: {dpi[0]} × {dpi[1]}')
pc = report.get('page_count')
if pc is not None:
lines.append(f'- Pages: {pc}')
duration = report.get('duration_seconds')
if duration is not None:
lines.append(f'- Duration: {duration}s')
codec = report.get('video_codec')
if codec:
lines.append(f'- Video codec: {codec}')
fonts = report.get('embedded_fonts')
if fonts:
suffix = '' if len(fonts) > 8 else ''
lines.append(f"- Embedded fonts: {', '.join(fonts[:8])}{suffix}")
fm = report.get('filename_match')
if fm:
verdict = 'MATCHES filename' if fm['match'] else 'DOES NOT match filename'
lines.append(f"- Filename check: {verdict} ({fm['detail']})")
if report.get('errors'):
lines.append(f"- Inspection notes: {'; '.join(report['errors'])}")
return '\n'.join(lines)

82
backend/visual_qc_apps/boots_brand_name_accuracy/app.py
View file

@ -18,14 +18,34 @@ class BootsBrandNameAccuracyApp(FlaskAppTemplate):
SCOPE: Check compliance and technical specs ONLY. Do NOT assess creative quality, aesthetics, or subjective design choices.
IMPORTANT: Brand names must appear EXACTLY as shown in the approved lists below. Pay close attention to:
- Accent marks (é, è, ô, â, ï, etc.)
- Apostrophes and their placement (Burt's, Palmer's, Johnson's)
- Hyphens (Bio-Oil, Anti-Hist, La Roche-Posay)
- Internal capitalisation / casing (BaByliss, SkinActive, MacuShield, SlimFast, DenTek)
- Ampersands vs "and" (Soap & Glory, Baylis & Harding)
- Dots, colons, special characters (e.l.f., A.Vogel, So...?, L;ft)
- ALL CAPS vs mixed case (SEVENTEEN, NARS, LEGO, JUUL, VITHIT)
IMPORTANT: Brand names must match the approved lists below in spelling and structure, but several common retail-artwork conventions are EXPLICITLY ACCEPTABLE and must NOT be flagged as errors. See the "ACCEPTABLE RENDERING CONVENTIONS" section below before scoring.
What you MUST flag (real spelling/structure errors):
- Wrong accent marks (é, è, ô, â, ï, etc. missing or substituted)
- Wrong apostrophes or their placement (Burt's, Palmer's, Johnson's)
- Wrong hyphens (Bio-Oil, Anti-Hist, La Roche-Posay substituted with spaces or omitted)
- Wrong internal capitalisation in a way that ALTERS LETTER STRUCTURE (e.g. `Babyliss` vs `BaByliss` the second `B` is intentional and structural; getting it wrong is a real error)
- Wrong ampersands vs "and" (Soap & Glory Soap and Glory)
- Wrong dots, colons, special characters (e.l.f., A.Vogel, So...?, L;ft)
ACCEPTABLE RENDERING CONVENTIONS DO NOT flag these as errors:
1. **ALL-CAPS RETAIL CONVENTION**: Brand names commonly appear in ALL CAPS on retail artwork (shelf-edge fins, headlines, packaging mockups) for visual impact. If the brand on the approved list is shown in ALL CAPS on the asset, this is acceptable as long as the LETTER STRUCTURE matches. Examples:
- `L'OREAL` is an acceptable rendering of `L'Oreal` (apostrophe still required)
- `ESTEE LAUDER` is an acceptable rendering of `Estee Lauder`
- `MAYBELLINE` is an acceptable rendering of `Maybelline` (if it were on the list)
- `LANCOME` is an acceptable rendering of `Lancome`
- `BABYLISS` is **NOT** an acceptable rendering of `BaByliss` the structural intercap `B` is lost when forced to ALL CAPS, BUT this is unavoidable in caps-only contexts and should be flagged as `manual_review_recommended` rather than a Fail.
The principle: ALL CAPS is a typographic choice, not a spelling error. Score normally if the ALL CAPS version preserves all letters, accents, hyphens, apostrophes, and special characters. Only flag if those structural elements are missing or wrong.
2. **STYLIZED BRAND LOGOTYPES**: Some approved brands use a known logomark that differs from their textual spelling. When you see the brand's recognised logotype, this is the brand's official mark and is a Pass not a misspelling. Examples:
- `17` (numeral) is the official logomark for `SEVENTEEN` accept as Pass.
- `&SISTERS` may appear with a stylised or oversized ampersand accept.
- `So...?` may appear with the dots and question mark stylised accept.
- `e.l.f.` may appear with varying dot weights or kerning accept as long as the dots are present.
When in doubt about whether something is a stylised logotype vs a misspelling, set `manual_review_recommended=true` and do NOT fail the score.
APPROVED BRAND NAMES:
Accu-Chek, Acnecide + Purifide, AlcoSense, Alka-Seltzer, Anais Anais, Anti-Hist, Avene, A.Vogel, BaByliss, Baylis & Harding, Beaba, BetterYou, BioGaia, Bio-Kult, Bio-Oil, Bio&Me, Biore, BlanX, Boucleme, Burt's Bees, CanesBiotics, CanesMeno, CeraVe, Ciate, Chilly's, Chloe, Coca-Cola, ColdZyme, Cow & Gate, Curel, DenTek, DioraHydrate, Dr Teal's, DulcoEase, e.l.f., Embr Wave, Estee Lauder, EVOLUTION_18, Filter by Molly-Mae, FyboCalm, GAVINatura, Glaceau, Gu, Hermes, Hismile, InStyler, Isoclean, iWhite, Jack N' Jill, Johnson's, JUUL, Kiehl's, King C. Gillette, Kool 'n' Soothe, La Roche-Posay, Lancome, Lil-Lets, LEGO, L'Oreal, MAC Cosmetics, MacuShield, McCoy's, Montblanc, MyOva, Myprotein, Nala's Baby, NARS, Natures Aid, Nature's Bounty, NicAssist, Nice'n Easy, NiQuitin, Nestle, Nuby, NytEase, NYX Professional Makeup, O'Keeffe's, Oral-B, O.R.S, PaediaSure, Palmer's, Parla, Physicians Formula, Pre-Seed, ProVen, Purdey's, Ray-Ban, Reese's, SanDisk, SEVENTEEN, Shot2go, Sleek MakeUP, SlimFast, Soap & Glory, Solpa-Extra, So...?, Sterimar, St. Moriz, St.Tropez, TePe, The INKEY List, TheraTears, Tiffany & Co., Toni & Guy, Tony's Chocolonely, Tresemme, ViDrate, VITHIT, VitSpritz, VO5, WaterWipes, WetBrush, Wet n Wild, WoodWick, Woody's, WooWoo, Wrigley's, XLS-Medical, YourGoodSkin, Zarbee's, &SISTERS, 7UP
@ -57,38 +77,54 @@ ActivScan (Braun), Acqua Di Gio (Armani), AquaRelease (No7), BabyRub (Vicks), Ba
NOTE ON PRODUCT NAME ACCENTS: Many product names also require accent marks on actual artwork:
- Acqua Di Gio Acqua Di Giò, Extreme Extrême, Feria Féria, Gelee Gelée, Genifique Génifique, Hypnose Hypnôse, Ideal Idéal, Idealia Idéalia, Idole Idôle, Intensement Intensément, Irresistible Irrésistible, Legere Légère, Lumiere Lumière, Memoire Mémoire, Mineral Minéral, Olympea Olympéa, Plenitude Plénitude, Preference Préférence, Prive Privé, Purete Pureté, Recital Récital, Renergie Rénergie, Romer Römer, Si , Silk-epil Silk-épil, Slow Age Slow Âge, Sucre Sucré, Tolerance Tolérance, Touche Eclat Touche Éclat, Tresor Trésor
IMPORTANT: HOW TO HANDLE BRANDS NOT ON THE APPROVED LIST
The approved lists above are CLOSED-WORLD reference lists provided by the Boots brand team. They are known to be incomplete third-party brands that are legitimately stocked by Boots (for example: Remington, Imodium, Nicorette, Maybelline, Grenade, Shaken Udder, Napralief) may legitimately appear in artwork without being on the lists. **An absence from the list is NOT proof of error.**
Therefore:
- A brand name that IS on the approved list and is spelled CORRECTLY Pass (high score).
- A brand name that IS on the approved list but is spelled INCORRECTLY (wrong casing, missing accent, wrong hyphen, etc.) Fail (low score). This is the failure mode this check exists to catch.
- A brand name that is NOT on the approved list treat as **not applicable** (N/A neutral). Surface it in `names_not_on_list` and set `manual_review_recommended=true` so a human can confirm whether it's a legitimate Boots-stocked brand or a genuine compliance issue. Do NOT fail the check on this basis alone.
STEPS TO EVALUATE:
1. Read all text visible in the asset and identify any brand names or product names.
2. For each name found, compare against the approved lists above.
3. Check spelling, casing, hyphens, apostrophes, ampersands, and special characters.
4. Where possible, check for correct accent marks (note: this may be difficult to verify visually for subtle marks).
5. Flag any name that does not match the approved spelling.
6. If no brand or product names are visible, score 7/10 as neutral (not applicable).
2. For each name found, compare against the approved lists above (case-insensitively to identify the brand, then check structural elements).
3. For names that ARE on the approved list, verify ONLY the structural elements that matter: accent marks, hyphens, apostrophes, ampersands, special characters, and intercap structure (where preserved). Do NOT flag pure casing differences (ALL CAPS vs title case) those are acceptable retail conventions per the section above.
4. For known brand logotypes (e.g. `17` for SEVENTEEN), accept as Pass these are the brand's official marks.
5. For names that are NOT on the approved list, note them in `names_not_on_list` for manual review do not flag as misspelled.
6. If no brand or product names are visible at all, score 7/10 as neutral (not applicable).
SCORING GUIDANCE:
- Score 9-10: All visible brand/product names match approved spellings exactly.
- Score 7-8: Names mostly correct, one minor issue (e.g., a subtle accent mark that's hard to verify visually).
- Score 7: No brand or product names visible in the asset (not applicable neutral score).
- Score 5-6: One clear spelling error (wrong casing, missing hyphen, wrong apostrophe placement).
- Score 3-4: Multiple spelling errors or a critical brand name misspelled.
- Score 1-2: Major brand name errors throughout the asset (fundamentally wrong spellings).
- Score 9-10: Every approved-list brand found has correct structural elements (accents, hyphens, apostrophes, special characters). Casing differences in retail context are acceptable.
- Score 7-8: All listed names structurally correct; one or more names are off-list (manual review needed) OR a brand logotype is used (e.g. `17` for SEVENTEEN) but no errors against the approved list.
- Score 7: No brand or product names visible OR all visible names are off-list (not applicable neutral score, manual review recommended).
- Score 5-6: One clear structural error against an approved-list brand (missing accent, missing hyphen, wrong apostrophe placement).
- Score 3-4: Multiple structural errors against approved-list brands.
- Score 1-2: Major structural errors throughout the asset (fundamentally wrong spellings letters substituted, accents missing across multiple brands).
DO NOT lower the score because:
- A brand is missing from the approved list (use names_not_on_list instead)
- A brand is rendered in ALL CAPS when the list shows title case (acceptable retail convention)
- A brand uses a known stylised logotype like `17` for SEVENTEEN (these are Pass)
YOUR OUTPUT:
Format your response as JSON:
{
"brand_name_check": "Pass" or "Fail" or "N/A",
"names_found": ["list of brand/product names identified in the asset"],
"names_verified_correct": ["list of names that match approved spelling"],
"names_verified_correct": ["list of names that ARE on the approved list AND match approved spelling"],
"names_with_issues": [
{
"found": "name as it appears in asset",
"expected": "correct approved spelling",
"issue": "description of the discrepancy"
"issue": "description of the discrepancy — only STRUCTURAL errors (missing/wrong accents, hyphens, apostrophes, special characters). DO NOT include casing-only differences (ALL CAPS vs title case) or known brand logotypes like '17' for SEVENTEEN."
}
],
"names_not_on_list": ["list of brand/product names found on the asset that are NOT on the approved lists — for manual review, NOT counted as failures"],
"logotype_observations": ["list of acceptable stylised logotypes observed (e.g. '17' rendered as SEVENTEEN's logomark). For transparency in the report; not counted against the score."],
"manual_review_recommended": true or false,
"accent_marks_verifiable": true or false,
"issues_found": ["list of specific issues, empty array if none"],
"explanation": "Detailed description of brand name accuracy assessment",
"issues_found": ["list of specific spelling issues against approved-list brands, empty array if none"],
"explanation": "Detailed description of brand name accuracy assessment, distinguishing approved-list mismatches from off-list names that need human verification.",
"recommendations": ["List specific recommendations if applicable, else an empty array"]
}"""

38
backend/visual_qc_apps/boots_caveat_compliance/app.py
View file

@ -38,12 +38,29 @@ If the asset uses multiple different caveat symbols, they MUST follow this order
3. CRITICAL RULE NO SUPERSCRIPT:
Caveats must NEVER be rendered as superscript. They should sit on the baseline or be vertically centred within the text, but must NOT be raised/shrunk as superscript formatting. This is a critical compliance failure if violated.
IMPORTANT VISION-LLM LIMITATION ON SUPERSCRIPT DETECTION:
The asterisk (`*`) glyph naturally sits HIGH in its line by typographic design most fonts position the asterisk near the cap height or x-height level rather than on the baseline. Daggers (, ) similarly sit high. Do NOT confuse the natural high glyph position with actual superscript formatting.
Real superscript has TWO distinguishing features that you must BOTH observe before flagging:
(a) The mark is visibly RAISED above where the same character would naturally sit relative to the surrounding text (i.e. the mark's BOTTOM is well above the cap height of the adjacent letters), AND
(b) The mark is visibly SMALLER than the surrounding text size typically around 50-60% of the body text size, not just slightly smaller.
If you only observe one of these two features, OR if the rendering is ambiguous at the small text sizes typical of T&C copy, treat it as `needs_manual_check` and populate the `superscript_caveat` field do NOT auto-flag as superscript. Do NOT score the asset 1-2/10 on a single ambiguous superscript observation.
When you genuinely see both (a) and (b) and especially when the asterisk or dagger is the size of typical web superscript like 5pt against 10pt body text flag it as a real critical violation.
4. SIZE CONSISTENCY:
The caveat mark in the main copy must NOT be smaller than its matching reference in the T&Cs section. If the T&Cs caveat is a certain size, the one in the headline/body that references it must be at least that size or larger (following the sizing rules above).
IMPORTANT VISION-LLM LIMITATION ON SIZE COMPARISON:
Comparing the size of a single asterisk in a roundel against the size of an asterisk in T&C copy on a rendered page image is approximate. A 1-2 point size difference is BELOW the reliable detection threshold of vision-LLM analysis. Only flag size violations when the size difference is OBVIOUS and PRONOUNCED (e.g. caveat in the roundel is roughly half the size or smaller than the T&Cs caveat, or vice versa). For borderline cases where the sizes look "similar but not identical", set `sizing_compliant: "needs_manual_check"` and populate `sizing_caveat` do NOT score the asset as a sizing violation on a borderline observation.
5. FONT WEIGHT MATCHING:
The caveat symbol and its matching T&Cs reference must use the same font weight. If the T&Cs use a Light weight, the caveat in the headline must also use Light weight (not Bold or Regular).
IMPORTANT VISION-LLM LIMITATION ON WEIGHT MATCHING (mirrors the T&C wording check):
Vision-LLM analysis cannot reliably distinguish Boots Sharp Light from Boots Sharp Regular at the small point sizes typical of caveats and T&C copy. The visual difference between Light and Regular at 5-7pt is below the reliable detection threshold. Only flag weight mismatches when the difference is OBVIOUS (e.g. caveat is clearly Bold against a clearly Light T&C reference). For Light vs Regular distinctions or any borderline weight comparison, set `weight_matching: "needs_manual_check"` and populate `weight_caveat` do NOT score the asset as a weight violation on a borderline observation.
STEPS TO EVALUATE:
1. Identify all caveat/reference marks visible in the asset (*, , **, , , , or any other marks used as caveats).
2. If multiple different caveat types are used, verify they follow the mandatory ordering sequence.
@ -55,11 +72,13 @@ STEPS TO EVALUATE:
SCORING GUIDANCE:
- Score 9-10: All caveats follow correct order, sizing rules met per context, no superscript, weights match.
- Score 7-8: Caveats mostly correct, minor sizing inconsistency that doesn't affect compliance.
- Score 7-8: Caveats mostly correct AND/OR ambiguous observations flagged for manual check. Set `*_detected: "needs_manual_check"` for any borderline superscript / sizing / weight observation. This is the correct band when the LLM is uncertain do NOT default to a lower score.
- Score 7: No caveats present in the asset (not applicable neutral score).
- Score 5-6: One noticeable sizing or ordering issue, but no superscript.
- Score 3-4: Multiple sizing/ordering violations, or font weight mismatch between caveat and T&Cs.
- Score 1-2: Caveats rendered as superscript (critical failure), or completely wrong ordering across the asset.
- Score 5-6: One CLEAR, OBVIOUS sizing or ordering issue (e.g. roundel asterisk visibly half the size of T&C asterisk), OR an orphan caveat (asterisk in T&Cs with no matching reference in the main copy).
- Score 3-4: Multiple CLEAR, OBVIOUS sizing/ordering/weight violations reserve for cases where the violations are pronounced and confidently observable, not borderline.
- Score 1-2: Caveats UNAMBIGUOUSLY rendered as superscript (both raised AND shrunk per the strict criteria above not just visually high), or completely wrong ordering across the asset. Reserve this band for clear-cut critical violations only.
SCORING PRINCIPLE when in doubt, prefer 7-8 with manual_check flags over a lower confident-violation score. The Boots team needs accurate signal, not noise. A borderline observation surfaced for manual review is more valuable than a confident-but-wrong Fail.
YOUR OUTPUT:
Format your response as JSON:
@ -68,10 +87,13 @@ Format your response as JSON:
"caveats_present": true or false,
"caveat_types_found": ["list of caveat symbols found, e.g. '*', '', '**'"],
"ordering_correct": true or false or "single_type_only",
"superscript_detected": true or false,
"sizing_compliant": true or false or "not_applicable",
"weight_matching": true or false or "not_applicable",
"issues_found": ["list of specific issues, empty array if none"],
"superscript_detected": true or false or "needs_manual_check",
"superscript_caveat": "Free-text note when superscript_detected is 'needs_manual_check' — describe what you observed and why you weren't confident. Empty string otherwise.",
"sizing_compliant": true or false or "needs_manual_check" or "not_applicable",
"sizing_caveat": "Free-text note when sizing_compliant is 'needs_manual_check' — describe the borderline size observation. Empty string otherwise.",
"weight_matching": true or false or "needs_manual_check" or "not_applicable",
"weight_caveat": "Free-text note when weight_matching is 'needs_manual_check' — describe the borderline weight observation (e.g. Light vs Regular distinction at small size). Empty string otherwise.",
"issues_found": ["list of specific issues, empty array if none — only include items you are confident are violations, not ambiguous observations"],
"explanation": "Detailed description of caveat compliance assessment",
"recommendations": ["List specific recommendations if applicable, else an empty array"]
}"""

105
backend/visual_qc_apps/boots_colour_palette/app.py Normal file
View file

@ -0,0 +1,105 @@
import os
import sys
# Add parent directory to path to import shared modules
sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
from visual_qc_apps.flask_app_template import FlaskAppTemplate
class BootsColourPaletteApp(FlaskAppTemplate):
"""
Boots - Colour Palette Compliance Check
Two distinct evaluation modes:
Creative-guidance / palette pages: verify the printed CMYK / RGB / Hex
spec values match the canonical Boots palette (Boots Blue #05054b,
Health Primary Blue #5dc4e9, Offer Red #d3072a). Mismatched specs
are a hard fail.
Artwork pages: verify the dominant brand colours used in the layout
are visually consistent with the canonical palette. Best-effort
exact colour-picking from a rasterised page is not reliable.
The LLM decides which mode applies based on what is visible on the page.
"""
def __init__(self):
prompt = """You are performing a visual quality-control check on a Boots retail promotional asset. Your task is to verify that the colour palette in use matches Boots' approved brand colours.
SCOPE: Check brand colour compliance ONLY. Do NOT assess creative quality.
CANONICAL BOOTS COLOUR PALETTE (the source of truth verify against these):
1. BOOTS BLUE
- Hex: #05054b
- CMYK: 100 / 095 / 004 / 042
- RGB: 005 / 005 / 075
- Use: primary brand colour, master logo, headers, brand backgrounds.
2. HEALTH PRIMARY BLUE
- Hex: #5dc4e9
- CMYK: 060 / 000 / 005 / 000
- RGB: 093 / 197 / 234
- Use: Health-category artwork accents.
3. OFFER RED
- Hex: #d3072a
- CMYK: 000 / 100 / 080 / 010
- RGB: 211 / 007 / 042
- Use: offer roundels, sale callouts, price highlights.
(Some packs also reference RICH BLACK CMYK 070 / 060 / 060 / 100 for premium/black artwork. This is an accepted secondary value.)
EVALUATION MODE which type of page is this?
MODE A CREATIVE GUIDANCE / COLOUR PALETTE PAGE
Indicators: page contains a "COLOUR PALETTE" or "Creative guidance" header, lists CMYK / RGB / Hexadecimal blocks, names colours like "Boots Blue", "Health Primary Blue", "Offer Red".
What to check: Each listed colour block's CMYK, RGB, and Hex values must EXACTLY match the canonical values above. Any mismatch is a hard fail (these are spec values being communicated to print, so accuracy is critical).
MODE B ARTWORK PAGE (offer roundel, T&Cs, product layout, etc.)
Indicators: visible offer mechanic (e.g. "2 FOR £6", "3FOR2"), price callouts, T&Cs ("Available through Click & Collect"), product imagery, retail layout.
What to check: The dominant brand-coloured elements (offer roundel background, header bar, key text) should visually match Boots Blue, Health Primary Blue, or Offer Red as appropriate. This is a best-effort visual check colour picking from a rendered raster is approximate. Flag obvious deviations only (e.g. an offer roundel in orange instead of red, a header in teal instead of Boots Blue).
MODE C NOT APPLICABLE
Indicators: page is a cover / brief / asset checklist / yellow notes page with no palette spec and no significant brand-coloured artwork elements.
What to check: nothing score 7/10 as neutral and report mode="not_applicable".
LIMITATIONS YOU MUST DISCLOSE:
- Visual colour assessment from a rasterised page image is approximate. Exact CMYK / RGB readings from print-ready files require dedicated tools and cannot be derived reliably here.
- For Mode A spec verification, read the printed values exactly as shown on the page; if any digit is unclear in the rendered image, flag it for manual verification rather than guessing.
SCORING GUIDANCE:
- Score 9-10: Mode A every spec value matches canonical exactly. Mode B dominant brand colours all visually correct. Mode C neutral 7/10.
- Score 7-8: Mode A one minor digit mismatch in a single channel (e.g. C 060 vs C 061). Mode B colours mostly correct with one borderline shade.
- Score 7: Mode C, not applicable.
- Score 5-6: Mode A one spec value clearly wrong (full hex mismatch). Mode B one obvious colour deviation (e.g. wrong red shade on the offer roundel).
- Score 3-4: Mode A multiple spec values wrong. Mode B multiple obvious colour deviations.
- Score 1-2: Mode A palette page is fundamentally wrong (different colour names, completely different values). Mode B almost no Boots brand colours present where expected.
YOUR OUTPUT:
Format your response as JSON:
{
"palette_check": "Pass" or "Fail" or "N/A",
"mode": "creative_guidance" or "artwork" or "not_applicable",
"named_colours_found": ["names of colours identified on the page, e.g. 'Boots Blue', 'Offer Red'"],
"spec_mismatches": [
{
"colour_name": "name as shown on page",
"channel": "CMYK" or "RGB" or "Hex",
"found": "value as shown on page",
"expected": "canonical Boots value",
"note": "any clarifying context"
}
],
"visual_deviations": ["list of obvious colour deviations on artwork pages, empty if none"],
"issues_found": ["list of specific issues, empty array if none"],
"explanation": "Detailed description of which mode applied and what was checked.",
"manual_verification_recommended": true or false,
"recommendations": ["List specific recommendations if applicable, else an empty array"]
}"""
super().__init__(__name__, prompt)
# Run the app if executed directly
if __name__ == "__main__":
app_instance = BootsColourPaletteApp()
app_instance.run()

109
backend/visual_qc_apps/boots_logo_compliance/app.py Normal file
View file

@ -0,0 +1,109 @@
import os
import sys
# Add parent directory to path to import shared modules
sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
from visual_qc_apps.flask_app_template import FlaskAppTemplate
class BootsLogoComplianceApp(FlaskAppTemplate):
"""
Boots - Logo Compliance Check (Option 1 derived from production-pack observation)
Note: A formal Boots brand-identity guideline (logo versions, clear space,
minimum size) was not supplied when this check was authored. The check is
therefore intentionally conservative it verifies the things that are
visually observable without a reference: presence, orientation, distortion,
recolouring, and reasonable clear space. Tighten this prompt once a
canonical Boots logo guideline becomes available.
"""
def __init__(self):
prompt = """You are performing a visual quality-control check on a Boots retail promotional asset. Your task is to verify that any Boots brand logo present on the asset is used correctly.
SCOPE: Check brand identity compliance ONLY. Do NOT assess creative quality or unrelated design choices.
WHAT THE BOOTS LOGO LOOKS LIKE:
- The Boots master wordmark is the lower-case word "boots" set in a custom rounded sans-serif (Boots Sharp). It is most commonly rendered in Boots Blue (#05054b) on a white or light background, or reversed out in white on a darker (often Boots Blue) background.
- It always reads horizontally, left-to-right. It must NOT appear rotated, mirrored, set vertically, or stylised in a different typeface.
- The wordmark must NEVER appear in a colour outside the Boots brand palette (e.g. red, green, gradient, photographic fill).
FIRST DECIDE WHAT YOU ARE EVALUATING:
A. **MASTER WORDMARK** the standalone "boots" lower-case rounded sans-serif logo, presented on its own as the primary brand identifier (e.g. on a retail aisle fin, shelf-edge strip, window vinyl, etc.). This is what the strict rules below apply to.
B. **PARTNER / AGENCY / PRODUCTION LOCK-UP** a composite signature line such as "OLIVER x BOOTS" in a footer, "Boots Advantage Card" branding, or a co-branded cell with a third-party brand. These lock-ups follow their own typographic conventions and ARE NOT REQUIRED to use the master wordmark's exact typeface, casing, or colour. Production-pack metadata strips ("OLIVER x BOOTS / Production Pack") are signature furniture, not the master logo.
C. **NO BOOTS BRANDING VISIBLE** possible on cover / brief pages or on co-branded artwork dominated by a third-party brand (e.g. Remington, Imodium). Score 7/10 N/A neutral.
If you see only B (partner / production lock-up) and no A (master wordmark), evaluate it under the LOCK-UP path below do NOT score it against master wordmark rules.
CHECKS TO PERFORM ON THE MASTER WORDMARK (path A):
1. LOGO PRESENCE Is a Boots master wordmark visible anywhere on the asset?
- On retail artwork (e.g. shelf-edge fins, aisle fins, window vinyls), a master wordmark is generally expected.
- If no master wordmark is visible but a partner lock-up IS present, drop to the LOCK-UP path below.
2. ORIENTATION Set horizontally, reading left-to-right? Tilted, rotated, vertical, or mirrored = clear violation.
3. DISTORTION Aspect ratio preserved? Letters not stretched/squashed. Letter shapes balanced and natural.
4. COLOUR Rendered in Boots Blue (#05054b) or white reversed out on a dark/branded background. Red, green, gradients, photographic fills, or non-brand colours = violation.
5. CLEAR SPACE Reasonable breathing room. Not crowded by text, prices, product imagery, or page edges. Best-effort visual judgement only.
6. SIZE Legible at viewing distance. Best-effort visual judgement only.
CHECKS TO PERFORM ON A PARTNER / PRODUCTION LOCK-UP (path B):
Partner lock-ups have **looser, separate rules**. The master wordmark spec does NOT apply. Only flag the following genuine violations:
- The lock-up text is **mirrored, rotated, or fundamentally illegible**.
- The lock-up appears to be **broken / cut off / overlapping other elements** in a way that suggests a layout error.
- The lock-up is in a colour that **clashes hard** with the rest of the artwork (e.g. fluorescent pink in a black-and-white production pack header).
Differences in typeface (e.g. uppercase "BOOTS" in a sans-serif rather than the lower-case Boots Sharp wordmark) and colour (e.g. black/grey production-pack furniture rather than Boots Blue) are **acceptable on partner / production lock-ups** and should NOT be scored as violations. These are conventions of the partner-lock-up format.
LIMITATIONS YOU MUST DISCLOSE:
- This check operates without a formal Boots logo guideline. Conclusions about clear space, minimum size, and exact colour values are best-effort visual estimates and may need manual verification by the Boots brand team.
- Partner / production lock-up assessment is intentionally lenient. If you suspect a lock-up violation that doesn't fit the explicit "genuine violation" list above, set `manual_verification_recommended=true` rather than failing the score.
SCORING GUIDANCE MASTER WORDMARK (path A):
- Score 9-10: Master wordmark present, correctly orientated, undistorted, in an approved colour, with reasonable clear space and size.
- Score 7-8: Master wordmark correct overall, one minor issue (slightly tight clear space, slightly small but still legible).
- Score 5-6: One clear issue (recoloured to an unapproved colour, OR visibly distorted, OR no clear space at all).
- Score 3-4: Multiple master-wordmark violations (e.g. wrong colour AND distorted, or rotated AND crowded).
- Score 1-2: Master wordmark fundamentally wrong wrong typeface, mirrored, replaced with placeholder, or in a non-brand colour throughout.
SCORING GUIDANCE PARTNER / PRODUCTION LOCK-UP (path B):
- Score 9-10: Lock-up legible, correctly placed, no obvious typographic or layout faults.
- Score 7-8: Lock-up legible with a minor visual quirk (e.g. slightly tight spacing) default score for any well-formed lock-up where the master wordmark spec doesn't apply.
- Score 5-6: Lock-up has a real issue per the "genuine violations" list above (e.g. cut-off text, illegible at intended viewing distance, hard-clashing colour).
- Score 1-4: Reserved for serious lock-up problems (mirrored, rotated, fundamentally broken). Do NOT use this band just because the lock-up isn't the master wordmark.
SCORING GUIDANCE NO BOOTS BRANDING (path C):
- Score 7: No Boots branding visible N/A neutral.
YOUR OUTPUT:
Format your response as JSON:
{
"logo_check": "Pass" or "Fail" or "N/A",
"evaluation_path": "master_wordmark" or "partner_lockup" or "none_visible",
"logo_present": true or false,
"orientation_correct": true or false or "not_applicable",
"aspect_ratio_correct": true or false or "not_applicable",
"colour_approved": true or false or "not_applicable",
"clear_space_reasonable": true or false or "not_applicable",
"size_reasonable": true or false or "not_applicable",
"lockup_observations": "Free-text note when path B applied — describe the lock-up you assessed and any minor observations (typeface differences, casing, colour) that are normal for lock-ups and were NOT counted as violations. Empty string for paths A and C.",
"issues_found": ["list of genuine violations per the path-specific rules, empty array if none"],
"explanation": "Detailed description of which path applied (master wordmark / partner lock-up / no branding) and what was checked.",
"manual_verification_recommended": true or false,
"recommendations": ["List specific recommendations if applicable, else an empty array"]
}"""
super().__init__(__name__, prompt)
# Run the app if executed directly
if __name__ == "__main__":
app_instance = BootsLogoComplianceApp()
app_instance.run()

6
backend/visual_qc_apps/boots_tandc_wording/app.py
View file

@ -97,6 +97,9 @@ When multiple T&Cs appear together, they follow this order:
1. Click & Collect T&Cs (FIRST in Boots Sharp Regular)
2. All other T&Cs (in Boots Sharp Light)
IMPORTANT LIMITATION ON FONT WEIGHT:
Vision-LLM analysis cannot reliably distinguish Boots Sharp Regular from Boots Sharp Light at the small point sizes typical of T&C copy. Treat any font-weight assessment (`click_collect_font_correct`, hierarchy weight reasoning) as a best-effort observation that should be confirmed by manual review. When you are not confident, set the font field to "needs_manual_check" rather than guessing and include a corresponding note in `font_weight_caveat` so the report surfaces this limitation to the user.
STEPS TO EVALUATE:
1. Identify all T&C text visible in the asset.
2. If multibuy offers are present, check for correct standard T&C wording (Section A).
@ -122,10 +125,11 @@ Format your response as JSON:
"tandc_sections_found": ["list of T&C types identified: 'offer', 'click_collect', 'advantage_card', 'parenting_club', 'price_advantage', 'pyramid', 'offer_dates'"],
"offer_tandc_correct": true or false or "not_applicable",
"click_collect_correct": true or false or "not_applicable",
"click_collect_font_correct": true or false or "not_applicable",
"click_collect_font_correct": true or false or "needs_manual_check" or "not_applicable",
"lockup_tandc_correct": true or false or "not_applicable",
"date_format_correct": true or false or "not_applicable",
"hierarchy_correct": true or false or "not_applicable",
"font_weight_caveat": "Free-text note flagging any font-weight observation that is best-effort and may need manual verification. Empty string if not relevant.",
"issues_found": ["list of specific issues, empty array if none"],
"explanation": "Detailed description of T&C wording compliance assessment",
"recommendations": ["List specific recommendations if applicable, else an empty array"]

0
backend/visual_qc_apps/hp_copy_review/__init__.py Normal file
View file

179
backend/visual_qc_apps/hp_copy_review/app.py Normal file
View file

@ -0,0 +1,179 @@
"""HP Copy Review — single-call LLM grader against canonical Source Messaging.
This check compares all visible copy on an HP marketing asset (claims,
headlines, body, disclaimers, footnotes, spec call-outs, brand mentions)
against the canonical Source Messaging summaries attached as reference
assets (.xlsx Markdown summary via excel_processor).
It returns a structured JSON object with a 0-10 score, a one-paragraph
summary, and a `findings` array (priority / category / quote / issue /
suggested_fix / source_reference). Empty findings on a clean asset is a
valid result (score 9-10). When no Source Messaging is attached, the
LLM is instructed to return score 0 with an explanatory message rather
than grade blind.
Reference assets and media-plan context (including `language`) are
injected by `process_single_check` in `api_server.py` this module
exposes only the static prompt template. A standalone `build_prompt()`
helper is provided for unit-style smoke tests and for any future caller
that wants to assemble the full prompt outside the production path.
"""
import os
import sys
from typing import Iterable, Mapping, Optional, Sequence, Tuple
# Add parent directory to path so we can import shared template
sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
from visual_qc_apps.flask_app_template import FlaskAppTemplate
# --- Canonical prompt template ------------------------------------------------
#
# The reference-asset summary block ("CANONICAL SOURCE MESSAGING") is
# prepended by `process_single_check` in `api_server.py` via
# `get_reference_asset_content()`. Likewise the media-plan context block
# ("=== MEDIA PLAN CONTEXT ===" with `- Language: <value>`) is appended
# by `process_single_check`. We embed instructions that *reference* both
# blocks so the LLM knows where to look.
HP_COPY_REVIEW_PROMPT = """You are a copy reviewer for HP marketing materials. Your job is to compare the marketing asset against the canonical Source Messaging that has been attached as a reference asset, and report every copy discrepancy as a structured finding.
WHAT YOU WILL BE GIVEN:
1. One or more canonical Source Messaging summaries, attached above as REFERENCE ASSET GUIDELINES. Each Source Messaging file (e.g. `messi_core.xlsx`, `messi_mainstream.xlsx`) has been pre-summarised into Markdown and is the single source of truth for product claims, KSPs, disclaimers, spec call-outs, variant naming, and approved tone.
2. A media-plan context block (appended below the prompt) which may include `- Language: <value>` and `- Country: <value>`. Treat the language value as the PRODUCT LANGUAGE the asset should be using (e.g. "UK English", "US English", "French (France)").
3. The marketing asset image itself.
WHAT TO DO:
For every claim, headline, body line, disclaimer, footnote, spec call-out, and brand mention visible on the asset, evaluate it against the canonical Source Messaging. Flag:
- Wording that disagrees with an approved KSP or claim.
- Missing or incorrect mandatory disclaimers / legal footnotes / asterisked notes.
- Spec call-outs that contradict the canonical spec (wrong number, wrong unit, wrong product variant).
- Variant / product-name errors (e.g. "OmniDesk Mini" vs "OmniDesk Mini Core").
- Tone / phrasing drift from the approved brand voice described in the source.
- Brand-name misuse (HP, sub-brand capitalisation, trademark glyph misuse).
- Language / locale mismatch against the media-plan PRODUCT LANGUAGE (e.g. "color" appearing in a UK English asset, or French copy on an asset specified as US English).
OUTPUT return ONE JSON object, and nothing else (no prose, no markdown fences outside the JSON code block). The shape:
```json
{
"score": <number 0-10>,
"summary": "<one-paragraph headline finding>",
"findings": [
{
"priority": "high" | "medium" | "low",
"category": "ksp" | "disclaimer" | "spec" | "variant" | "tone" | "brand-name" | "language" | "other",
"quote": "<exact quote from the asset>",
"issue": "<what's wrong>",
"suggested_fix": "<what it should say, citing the canonical source>",
"source_reference": "<where in the source messaging this comes from, e.g. file name + section heading>"
}
]
}
```
RULES:
- If no Source Messaging reference asset is attached (i.e. there is no "REFERENCE ASSET GUIDELINES" block above describing canonical HP messaging), return EXACTLY:
{"score": 0, "summary": "No HP Source Messaging reference was attached — cannot grade copy without a canonical source.", "findings": []}
Do not attempt to grade copy from prior knowledge.
- High-priority findings (factually-wrong claims, missing mandatory disclaimers, wrong product variant, wrong language) weight the score most heavily. A single high-priority finding should typically pull the score below 6.
- Medium-priority findings are wording drift that changes nuance but not meaning, or missing optional supporting copy.
- Low-priority findings are tone / style nits.
- An empty `findings` array is a valid and expected result for a clean asset in that case score 9 or 10 and write a short, positive summary.
- The `quote` field must be the EXACT visible text from the asset, including punctuation. If you can read it, quote it.
- `source_reference` should make it easy for a reviewer to verify the finding name the Source Messaging file and the section/heading you matched against.
- Return ONLY the JSON object inside a single ```json ... ``` code block. No surrounding prose, no explanations outside the JSON.
"""
def build_prompt(
reference_summaries: Optional[Sequence[Tuple[str, str]]] = None,
media_plan_row: Optional[Mapping[str, str]] = None,
base_prompt: str = HP_COPY_REVIEW_PROMPT,
) -> str:
"""Assemble a fully-rendered HP copy-review prompt for testing / inspection.
In production, `process_single_check` (api_server.py) does this
assembly itself: it prepends `get_reference_asset_content(...)` and
appends `build_media_plan_context(...)`. This helper mirrors that
flow so we can smoke-test the prompt assembly without running the
full server, and so callers that want to render the exact prompt
text for logging / debugging have a single entry point.
Args:
reference_summaries: List of (filename, markdown_summary) tuples,
one per attached Source Messaging .xlsx. Each summary is
already a Markdown string produced by `excel_processor`.
None or [] means "no canonical source attached" in that
case we still build the prompt but omit the canonical block,
and the LLM will fall back to the score-0 rule.
media_plan_row: Mapping with optional `language`, `country`,
`placement`, etc. Only `language` and `country` are
rendered into the prompt here; the production flow uses
`build_media_plan_context` and includes more fields.
base_prompt: Override for the canonical prompt template (used
in tests where we want to inject a shorter stub).
Returns:
The fully-assembled prompt string, with the canonical source
messaging block (if any) prepended, the media-plan language /
country line(s) appended, and the base template in between.
"""
parts = []
# 1. Canonical source messaging block — mirrors the shape of
# `get_reference_asset_content` so the LLM sees a consistent
# "REFERENCE ASSET GUIDELINES" heading whether it's running in
# production or via this helper.
if reference_summaries:
ref_lines = ["\n\n=== REFERENCE ASSET GUIDELINES ===",
"CANONICAL SOURCE MESSAGING:"]
for filename, summary in reference_summaries:
ref_lines.append(f"\n--- File: {filename} ---\n{summary}")
ref_lines.append("=== END REFERENCE ASSET GUIDELINES ===\n")
parts.append("\n".join(ref_lines))
# 2. The static prompt template itself.
parts.append(base_prompt)
# 3. Media-plan context (language / country). Production appends
# the full `build_media_plan_context` block; here we render just
# the language + country fields, which is what Step 5.6 asserts.
if media_plan_row:
mp_lines = ["\n=== MEDIA PLAN CONTEXT ==="]
if media_plan_row.get('language'):
mp_lines.append(f"- Language: {media_plan_row['language']}")
if media_plan_row.get('country'):
mp_lines.append(f"- Country: {media_plan_row['country']}")
mp_lines.append("=== END MEDIA PLAN CONTEXT ===")
parts.append("\n".join(mp_lines))
return "\n".join(parts)
class HpCopyReviewApp(FlaskAppTemplate):
"""HP Copy Review — single-call LLM copy grader against Source Messaging.
Subclasses `FlaskAppTemplate` so the check is auto-discovered by
`load_qc_apps()` in `api_server.py`. The class instance exposes
`self.prompt` (the canonical template plus the standard scoring
instructions appended by the template base class).
Reference asset summaries and media-plan context are injected at
runtime by `process_single_check` this class does NOT call Gemini
directly. Response parsing is handled by
`extract_json_from_response` / `extract_score_from_result` in
api_server.py, which will lift `score`, `summary`, and `findings`
out of the JSON code block returned by the LLM.
"""
def __init__(self):
super().__init__(__name__, HP_COPY_REVIEW_PROMPT)
# Allow running this check standalone for ad-hoc testing
if __name__ == "__main__":
app_instance = HpCopyReviewApp()
app_instance.run()

10
config.env
View file

@ -1,10 +0,0 @@
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
# Flask Security Configuration
FLASK_ENV=development
SECRET_KEY=your-secret-key-here-change-in-production

43
config/development.env
View file

@ -1,43 +0,0 @@
# Development Environment Configuration
# This file is used for local development testing
# OpenAI Configuration
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration (Development App Registration)
# NOTE: You'll need to create a separate app registration for development
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
AZURE_REDIRECT_URI=http://localhost:7183
# Flask Configuration
FLASK_ENV=development
SECRET_KEY=dev-secret-key-change-this-for-security
DEBUG_MODE=true
PORT=7183
# Application Configuration
ENVIRONMENT=development
BASE_URL=http://localhost:7183
UPLOAD_FOLDER=uploads-dev
OUTPUT_FOLDER=output-dev
# Development-specific settings
LOG_LEVEL=DEBUG
ENABLE_DEBUG_ENDPOINTS=true
# Mailgun / SMTP (for email notifications)
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_USER=twist@mail.dev.oliver.solutions
SMTP_PASSWORD=102115e9f3b9d7332d0cd1d4329bc0d4-77751bfc-ca066b71
SENDER_EMAIL=TWIST-UK-SERVER@oliver.agency
ERROR_EMAIL=nick.viljoen@brandtech.plus
REPORT_EMAILS=nick.viljoen@brandtech.plus
# Box.com OAuth (per-creator user authentication for automation folders)
# Redirect URI is computed from each request — no need to hardcode it per server.
# Set BOX_REDIRECT_URI here only as an override if request-based detection fails.
BOX_CLIENT_ID=o9zxyl6j917q0bkndrwfi2x5zbdeanh5
BOX_CLIENT_SECRET=yejdbWTeBOcdsDImpNQ7nvLJZad3e0Jm

42
config/production.env
View file

@ -1,42 +0,0 @@
# Production Environment Configuration
# This file is used for production deployment on the web server
# OpenAI Configuration
OPENAI_API_KEY=sk-svcacct-HSREzGYDnN-vCVGAh6LhYqlNcJVF2oefMrY9oCsdDsQFmyVJyHpLb1eSb_mp_vP4YPl4T3BlbkFJzKaOrPghIzx76_22K8VjwO6j2JnoDEvrYDrgfrnA4WjD5sTMnhOqGHXximwGXFhUoYgA
GOOGLE_API_KEY=AIzaSyDMWN_PAnyU7bPmtWcEKq4LJfiu1KuwUsU
# Azure AD / MSAL Authentication Configuration (Production)
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
AZURE_REDIRECT_URI=https://ai-sandbox.oliver.solutions/ai_qc/
# Flask Configuration
FLASK_ENV=production
SECRET_KEY=prod-ai-qc-oliver-solutions-2025-secure-key-9f8e7d6c5b4a3
DEBUG_MODE=false
PORT=7184
# Application Configuration
ENVIRONMENT=production
BASE_URL=https://ai-sandbox.oliver.solutions/ai_qc
UPLOAD_FOLDER=uploads
OUTPUT_FOLDER=output
# Production-specific settings
LOG_LEVEL=INFO
ENABLE_DEBUG_ENDPOINTS=false
# Mailgun / SMTP (for email notifications)
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_USER=twist@mail.dev.oliver.solutions
SMTP_PASSWORD=102115e9f3b9d7332d0cd1d4329bc0d4-77751bfc-ca066b71
SENDER_EMAIL=TWIST-UK-SERVER@oliver.agency
ERROR_EMAIL=nick.viljoen@brandtech.plus
REPORT_EMAILS=nick.viljoen@brandtech.plus
# Box.com OAuth (per-creator user authentication for automation folders)
# Redirect URI is computed from each request — no need to hardcode it per server.
# Set BOX_REDIRECT_URI here only as an override if request-based detection fails.
BOX_CLIENT_ID=o9zxyl6j917q0bkndrwfi2x5zbdeanh5
BOX_CLIENT_SECRET=yejdbWTeBOcdsDImpNQ7nvLJZad3e0Jm

535
docs/superpowers/plans/2026-05-14-phase1-remove-dow-jones.md Normal file
View file

@ -0,0 +1,535 @@
# Phase 1 — Remove Dow Jones Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Remove Dow Jones from Visual AI QC by archiving profiles, checks, and the per-client doc into `backend/_archive/dow_jones/` and stripping the client from active code paths. Implements the design in `docs/superpowers/specs/2026-05-14-phase1-remove-dow-jones-design.md`.
**Architecture:** Move-then-strip refactor on a feature branch already created (`feature/remove-dow-jones`, branched from `develop`). All filesystem moves use `git mv` to preserve history. Loader/discovery code requires no changes because the archive lives outside the directories that get scanned. Three logical commits: archive moves, client_config removal, doc updates.
**Tech Stack:** Bash, Python (verification probes via stdlib + `profile_config`/`client_config`), git.
---
### Task 1: Archive Dow Jones profiles, checks, and per-client doc
**Files:**
- Create dirs: `backend/_archive/dow_jones/`, `backend/_archive/dow_jones/profiles/`, `backend/_archive/dow_jones/visual_qc_apps/`
- Create: `backend/_archive/dow_jones/README.md`
- Move (via `git mv`): `CLAUDE_DOW_JONES.md`, 4 profile JSONs under `backend/profiles/`, 22 check directories under `backend/visual_qc_apps/`
- [ ] **Step 1: Verify clean working tree on feature branch**
Run:
```bash
git status
git branch --show-current
```
Expected:
- Branch: `feature/remove-dow-jones`
- Working tree: clean (the spec commit already landed)
If branch is wrong or working tree is dirty, stop and report — do not proceed.
- [ ] **Step 2: Create archive directory skeleton**
Run:
```bash
mkdir -p backend/_archive/dow_jones/profiles
mkdir -p backend/_archive/dow_jones/visual_qc_apps
ls -la backend/_archive/dow_jones/
```
Expected output: two directories listed (`profiles/`, `visual_qc_apps/`).
- [ ] **Step 3: Move the per-client doc**
Run:
```bash
git mv CLAUDE_DOW_JONES.md backend/_archive/dow_jones/CLAUDE_DOW_JONES.md
```
Expected: no output (silent success).
- [ ] **Step 4: Move the four profile JSONs**
Run:
```bash
git mv backend/profiles/dow_jones_static.json backend/_archive/dow_jones/profiles/
git mv backend/profiles/marketwatch_static.json backend/_archive/dow_jones/profiles/
git mv backend/profiles/wsj_static.json backend/_archive/dow_jones/profiles/
git mv backend/profiles/wsj_podcast.json backend/_archive/dow_jones/profiles/
ls backend/_archive/dow_jones/profiles/
```
Expected output (alphabetical):
```
dow_jones_static.json
marketwatch_static.json
wsj_podcast.json
wsj_static.json
```
- [ ] **Step 5: Move the 22 check directories**
Run:
```bash
for d in backend/visual_qc_apps/dj_* backend/visual_qc_apps/mw_* backend/visual_qc_apps/wsj_*; do
git mv "$d" "backend/_archive/dow_jones/visual_qc_apps/$(basename "$d")"
done
ls backend/_archive/dow_jones/visual_qc_apps/ | wc -l
```
Expected: `22`
If the count is not 22, stop and investigate — the survey identified exactly 22 directories (6 `dj_*` + 6 `mw_*` + 6 `wsj_*` non-podcast + 4 `wsj_podcast_*`).
- [ ] **Step 6: Confirm no `dj_`/`mw_`/`wsj_` directories remain under visual_qc_apps**
Run:
```bash
ls -d backend/visual_qc_apps/dj_* backend/visual_qc_apps/mw_* backend/visual_qc_apps/wsj_* 2>&1 | head -5
```
Expected: each glob expands to "No such file or directory" (zsh) or the literal glob (bash with nullglob off). No directories listed.
- [ ] **Step 7: Write the archive README**
Create `backend/_archive/dow_jones/README.md` with this exact content:
```markdown
# Dow Jones — Archived 2026-05-14
**Reason:** Client offboarded. No longer using Visual AI QC.
## Contents
- `CLAUDE_DOW_JONES.md` — per-client documentation (originally at repo root)
- `profiles/` — 4 brand profile JSONs (originally `backend/profiles/`)
- `dow_jones_static.json`
- `marketwatch_static.json`
- `wsj_static.json`
- `wsj_podcast.json`
- `visual_qc_apps/` — 22 QC check directories (originally `backend/visual_qc_apps/`)
- 6 × `dj_*` (corporate Dow Jones brand)
- 6 × `mw_*` (MarketWatch sub-brand)
- 6 × `wsj_*` (WSJ static)
- 4 × `wsj_podcast_*` (WSJ podcast variants)
## Restoring
If Dow Jones returns:
1. Move `profiles/*.json` back to `backend/profiles/`.
2. Move every `visual_qc_apps/<name>/` directory back to `backend/visual_qc_apps/<name>/`.
3. Move `CLAUDE_DOW_JONES.md` back to the repo root.
4. Re-add the client entry to `backend/client_config.py`:
```python
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'wsj_podcast', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
```
5. Re-add the Dow Jones row to the client table in `CLAUDE.md` (repo root).
6. Add `'dow_jones_static','marketwatch_static','wsj_static','wsj_podcast'` back to the inline profile list in the `CLAUDE.md` pre-session checklist.
7. Restart the server.
```
- [ ] **Step 8: Stage the README and confirm the full Task 1 staging area**
Run:
```bash
git add backend/_archive/dow_jones/README.md
git status --short | sort
```
Expected (28 staged changes — 1 new README, 1 renamed doc, 4 renamed profiles, 22 renamed check dirs):
- 1 line starting with `A` for the new README
- 27 lines starting with `R` (renames)
If the rename count is off, stop and investigate.
- [ ] **Step 9: Commit Task 1**
Run:
```bash
git commit -m "$(cat <<'EOF'
chore(dow-jones): archive profiles, checks, and per-client doc
Moves the Dow Jones / MarketWatch / WSJ profile JSONs (4), check apps
(22), and CLAUDE_DOW_JONES.md into backend/_archive/dow_jones/. All
moves use git mv so history follows. Adds a restore-instructions
README. No loader changes needed — the archive lives outside the
scanned directories.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EOF
)"
git log --oneline -2
```
Expected: new commit on top, message as above.
---
### Task 2: Remove `dow_jones` from `client_config.py`
**Files:**
- Modify: `backend/client_config.py:37-42`
- [ ] **Step 1: Confirm the current Dow Jones block**
Run:
```bash
sed -n '36,43p' backend/client_config.py
```
Expected output:
```python
},
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'wsj_podcast', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
'honda': {
```
If the block doesn't match this exactly, stop — the file has drifted since the design and the spec needs updating.
- [ ] **Step 2: Remove the `dow_jones` block**
Use the Edit tool. `old_string`:
```
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'wsj_podcast', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
'honda': {
```
`new_string`:
```
'honda': {
```
(Removes the entire `dow_jones` dict block including its trailing comma; the `'honda':` line is preserved as the anchor.)
- [ ] **Step 3: Verify client_config loads and Dow Jones is gone**
Run:
```bash
cd backend && python3 -c "
from client_config import get_all_clients
clients = get_all_clients()
assert 'dow_jones' not in clients, 'FAIL: dow_jones still in client_config'
assert len(clients) == 9, f'FAIL: expected 9 clients, got {len(clients)}'
for cid, c in clients.items():
print(f'OK {c[\"display_name\"]}: {c[\"profiles\"]}')
" && cd ..
```
Expected: 9 `OK <name>: [...]` lines, no AssertionError.
- [ ] **Step 4: Syntax check**
Run:
```bash
python -m py_compile backend/client_config.py
echo "exit code: $?"
```
Expected: `exit code: 0` (no compile output).
- [ ] **Step 5: Commit Task 2**
Run:
```bash
git add backend/client_config.py
git commit -m "$(cat <<'EOF'
chore(dow-jones): remove client_config entry
Drops the 'dow_jones' block from CLIENT_PROFILES. After this, the
client picker no longer renders Dow Jones; the four archived profiles
are unreachable from user flows. Nine clients remain.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EOF
)"
git log --oneline -3
```
---
### Task 3: Update main `CLAUDE.md`
**Files:**
- Modify: `CLAUDE.md` (repo root) — client/profile table (~line 102) and pre-session profile-load checklist (~line 200)
- [ ] **Step 1: Confirm the Dow Jones row in the client table**
Run:
```bash
grep -n "Dow Jones" CLAUDE.md
```
Expected: at least one line referencing Dow Jones in the table around line 102. Note the exact line number — confirms the file hasn't drifted.
- [ ] **Step 2: Remove the Dow Jones row from the client table**
Use the Edit tool. `old_string`:
```
| Dow Jones | `dow_jones_static` (5), `marketwatch_static` (6), `wsj_static` (6), `wsj_podcast` (7) | [CLAUDE_DOW_JONES.md](CLAUDE_DOW_JONES.md) |
```
`new_string`: (empty)
If Edit reports the string is not unique or not found, stop and grep for the actual current line — the row format may have drifted.
- [ ] **Step 3: Remove orphan blank line if one was left behind**
Run:
```bash
grep -n "^$" CLAUDE.md | head -20
sed -n '98,108p' CLAUDE.md
```
Visually confirm the table reads `Boots | ... | ...` then `AXA | ... | ...` with no double-blank between them. If there's a stray empty line where the Dow Jones row was, remove it with Edit on the surrounding context.
- [ ] **Step 4: Remove the four Dow Jones profile names from the pre-session checklist**
Use the Edit tool. `old_string`:
```
for p in ['general_check','static_general','unilever_key_visual','unilever_packaging','diageo_key_visual','diageo_packaging','loreal_static','amazon_static','boots_static','boots_ppack','inclusive_accessibility','dow_jones_static','marketwatch_static','wsj_static','wsj_podcast','video_general','axa_policy_document','axa_policy_document_diff','axa_accessibility']:
```
`new_string`:
```
for p in ['general_check','static_general','unilever_key_visual','unilever_packaging','diageo_key_visual','diageo_packaging','loreal_static','amazon_static','boots_static','boots_ppack','inclusive_accessibility','video_general','axa_policy_document','axa_policy_document_diff','axa_accessibility']:
```
- [ ] **Step 5: Verify the edits**
Run:
```bash
grep -c "Dow Jones" CLAUDE.md
grep -c "dow_jones_static\|marketwatch_static\|wsj_static\|wsj_podcast" CLAUDE.md
```
Expected: both `0`.
- [ ] **Step 6: Commit Task 3**
Run:
```bash
git add CLAUDE.md
git commit -m "$(cat <<'EOF'
docs(dow-jones): update CLAUDE.md after offboarding
Removes the Dow Jones row from the client/profile table and the four
Dow Jones profile names from the pre-session profile-load checklist
so the documentation matches the post-archive code state.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EOF
)"
git log --oneline -4
```
---
### Task 4: Full verification
**Files:** none modified. This task only runs the spec's verification commands plus a server-boot smoke test. No commit.
- [ ] **Step 1: Syntax-check the touched Python files**
Run:
```bash
python -m py_compile backend/api_server.py backend/client_config.py backend/profile_config.py
echo "exit code: $?"
```
Expected: `exit code: 0`.
- [ ] **Step 2: Client config loads correctly**
Run:
```bash
cd backend && python3 -c "
from client_config import get_all_clients
clients = get_all_clients()
assert 'dow_jones' not in clients, 'dow_jones still in client_config'
assert len(clients) == 9, f'expected 9 clients, got {len(clients)}'
for cid, c in clients.items(): print(f'OK {c[\"display_name\"]}: {c[\"profiles\"]}')
" && cd ..
```
Expected: 9 `OK` lines, no assertion errors.
- [ ] **Step 3: Remaining profiles still load**
Run:
```bash
cd backend && python3 -c "
from profile_config import get_profile
for p in ['general_check','static_general','unilever_key_visual','unilever_packaging',
'diageo_key_visual','diageo_packaging','loreal_static','amazon_static',
'boots_static','boots_ppack','inclusive_accessibility','video_general',
'axa_policy_document','axa_policy_document_diff','axa_accessibility']:
prof = get_profile(p); print(f'OK {prof.name} ({len(prof.get_enabled_checks())} checks)')
" && cd ..
```
Expected: 15 `OK <name> (N checks)` lines.
- [ ] **Step 4: Archived profiles are no longer loadable**
Run:
```bash
cd backend && python3 -c "
from profile_config import get_profile
for archived in ['dow_jones_static','marketwatch_static','wsj_static','wsj_podcast']:
try:
get_profile(archived)
print(f'FAIL: {archived} still loadable')
except Exception as e:
print(f'OK archived ({archived}): {type(e).__name__}')
" && cd ..
```
Expected: 4 `OK archived (<name>): <ExceptionType>` lines. No FAIL.
- [ ] **Step 5: Repo-level test-system script**
Run:
```bash
./scripts/test-system.sh
```
Expected: passes (per CLAUDE.md, this runs syntax + imports + profile load). If it complains about a Dow Jones profile, the move was incomplete — investigate.
- [ ] **Step 6: Local server smoke test**
Run:
```bash
./scripts/run-local.sh &
SERVER_PID=$!
sleep 4
curl -sf http://localhost:7183/health && echo " [health OK]"
curl -s http://localhost:7183/api/profiles 2>&1 | python3 -c "
import sys, json
data = json.load(sys.stdin)
names = [p.get('id') or p.get('name') for p in data] if isinstance(data, list) else []
banned = [n for n in names if n and any(x in n for x in ['dow_jones','marketwatch','wsj_'])]
print(f'profile count: {len(names)}, dow-jones leftovers: {banned}')
assert not banned, 'Dow Jones profile still surfaced via API'
"
kill $SERVER_PID 2>/dev/null
wait 2>/dev/null
```
Expected: `[health OK]` and `dow-jones leftovers: []`.
If any verification step fails, **do not proceed**. Investigate root cause, fix it, re-run the verification chain from Step 1. Do not push a broken branch.
---
### Task 5: Push branch and open PR — requires user confirmation
**Files:** none modified. Remote-affecting actions only.
**This task creates remote state. Each step requires explicit user confirmation before executing.**
- [ ] **Step 1: Show the user what will be pushed**
Run:
```bash
git log --oneline origin/develop..HEAD
git diff --stat origin/develop..HEAD | tail -5
```
Show output to user. Ask: "Push `feature/remove-dow-jones` to origin? (Y/n)"
Do not proceed until user explicitly approves.
- [ ] **Step 2: Push the branch (after user approval)**
Run:
```bash
git push -u origin feature/remove-dow-jones
```
Expected: branch created on remote, tracking set.
- [ ] **Step 3: Draft the PR body and confirm with user**
Show the user this draft and ask "Open PR with this body? (Y/n)":
```markdown
## Summary
- Removes Dow Jones from Visual AI QC (client offboarded).
- Archives 4 profile JSONs and 22 check apps under `backend/_archive/dow_jones/` (recoverable by moving folders back; no git surgery needed).
- Drops the `dow_jones` entry from `client_config.py` and the corresponding rows/lists from `CLAUDE.md`.
- Implements design in `docs/superpowers/specs/2026-05-14-phase1-remove-dow-jones-design.md`.
## Test plan
- [x] `python -m py_compile backend/api_server.py backend/client_config.py backend/profile_config.py`
- [x] `client_config.get_all_clients()` returns 9 clients, no `dow_jones`
- [x] All 15 non-Dow-Jones profiles load via `profile_config.get_profile`
- [x] All 4 archived profiles raise on load (proof archive isn't being scanned)
- [x] `./scripts/test-system.sh` passes
- [x] Local server boots, `/health` returns 200, `/api/profiles` has no Dow Jones leftovers
## Not touched
- `backend/usage_logs/*.jsonl` (audit history, immutable)
- Uploaded media plans and brand-guideline PDFs (user data)
- `backend/user_access.json` on dev/prod (stale `dow_jones` grants harmless; client no longer in picker)
```
- [ ] **Step 4: Open the PR (after user approval)**
Run:
```bash
gh pr create --base develop --title "Phase 1: remove Dow Jones" --body "$(cat <<'EOF'
## Summary
- Removes Dow Jones from Visual AI QC (client offboarded).
- Archives 4 profile JSONs and 22 check apps under `backend/_archive/dow_jones/` (recoverable by moving folders back; no git surgery needed).
- Drops the `dow_jones` entry from `client_config.py` and the corresponding rows/lists from `CLAUDE.md`.
- Implements design in `docs/superpowers/specs/2026-05-14-phase1-remove-dow-jones-design.md`.
## Test plan
- [x] `python -m py_compile backend/api_server.py backend/client_config.py backend/profile_config.py`
- [x] `client_config.get_all_clients()` returns 9 clients, no `dow_jones`
- [x] All 15 non-Dow-Jones profiles load via `profile_config.get_profile`
- [x] All 4 archived profiles raise on load (proof archive isn't being scanned)
- [x] `./scripts/test-system.sh` passes
- [x] Local server boots, `/health` returns 200, `/api/profiles` has no Dow Jones leftovers
## Not touched
- `backend/usage_logs/*.jsonl` (audit history, immutable)
- Uploaded media plans and brand-guideline PDFs (user data)
- `backend/user_access.json` on dev/prod (stale `dow_jones` grants harmless; client no longer in picker)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
EOF
)"
```
Expected: `gh` prints the PR URL. Report the URL to the user.
---
## Out-of-scope (deliberately deferred)
- Deploying to dev server (`./backend/scripts/deploy.sh dev`) — wait for PR review + merge.
- Cleaning up `backend/user_access.json` on live servers — harmless to leave; revisit if it ever causes confusion.
- Updating `MEMORY.md` (`project_state.md` mentions 10 clients) — opportunistic update after merge, not part of this PR.
- Promoting develop → main → prod — tracked separately; this PR only targets develop.

786
docs/superpowers/plans/2026-05-17-hp-cycle-1-onboarding.md Normal file
View file

@ -0,0 +1,786 @@
# HP Onboarding — Cycle 1 Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use `superpowers:subagent-driven-development` (recommended) or `superpowers:executing-plans` to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Implement the `hp_copy_review` check and its supporting infrastructure per `docs/superpowers/specs/2026-05-17-hp-cycle-1-onboarding-design.md`, replacing the deprecated `hp-copy` PHP/Make.com POC.
**Architecture:** New `excel_processor.py` mirrors `pdf_processor.py` to convert HP Source Messaging Excels into structured Markdown summaries at upload time. A single new `hp_copy_review` QC check assembles those summaries + media-plan language metadata + the asset image into one Gemini prompt and returns a structured findings list. HP gets a real client config entry, a dedicated profile, and routing for `.xlsx` uploads through the existing `/api/brand_guidelines` endpoint.
**Tech Stack:**
- openpyxl 3.x (existing dep, used by `media_plan_processor.py`)
- Gemini 2.5 Pro via `llm_config.py` (existing)
- Existing reference-asset / brand-guidelines flow
- Existing media-plan processor
- No new external dependencies
**Branch:** `feature/hp-cycle-1-onboarding` from `develop`.
**Testing posture:** This project does not use pytest. Verification matches `backend/scripts/test-system.sh`: `py_compile`, import checks, profile-load tests, and real-asset smoke runs on the dev server. Inline `python3 -c "..."` snippets stand in for unit tests where helpful.
---
## File Structure
**New files:**
- `backend/excel_processor.py` — Excel ingestion + Gemini summarisation
- `backend/profiles/hp_copy_review.json` — new profile
- `backend/visual_qc_apps/hp_copy_review/app.py` — new QC check
- `backend/visual_qc_apps/hp_copy_review/__init__.py` — empty module marker
**Modified files:**
- `backend/client_config.py` — HP entry promoted from placeholder
- `backend/api_server.py``.xlsx` dispatch on `/api/brand_guidelines` POST + findings-table rendering in both HTML generators
- `backend/media_plan_processor.py``language` column extraction + metadata surfacing
- `CLAUDE.md` — HP row updated from "_scope pending_" to the new doc reference (small)
**Test fixtures (placed manually on disk, not committed):**
- `backend/tests/fixtures/hp/messi_core_source_messaging.xlsx`
- `backend/tests/fixtures/hp/messi_mainstream_source_messaging.xlsx`
- `backend/tests/fixtures/hp/gaston_source_messaging.xlsx`
The user-provided originals live at `/Users/nickviljoen/Desktop/AI_QC_Bitbucket/hp/recieved_docs/excel/` — those get *copied* (not symlinked) into `backend/tests/fixtures/hp/` for repeatable local verification. The directory is gitignored.
---
### Task 1: Excel processor module
Implement `excel_processor.py` mirroring `pdf_processor.py`. This is the most foundational change and the largest single module of new code.
**Files:**
- Create: `backend/excel_processor.py`
- Create: `backend/tests/fixtures/hp/` (gitignored)
- Modify: `.gitignore` (add `backend/tests/fixtures/`)
- [ ] **Step 1.1: Set up the fixtures directory**
```bash
mkdir -p backend/tests/fixtures/hp
cp '/Users/nickviljoen/Desktop/AI_QC_Bitbucket/hp/recieved_docs/excel/26C2 Messi Core HP OmniDesk Mini Desktop PC Source Messaging 04-10 (1).xlsx' backend/tests/fixtures/hp/messi_core.xlsx
cp '/Users/nickviljoen/Desktop/AI_QC_Bitbucket/hp/recieved_docs/excel/26C2 Messi Mainstream HP OmniDesk Mini Desktop PC Source Messaging 04-10 (1).xlsx' backend/tests/fixtures/hp/messi_mainstream.xlsx
cp '/Users/nickviljoen/Desktop/AI_QC_Bitbucket/hp/recieved_docs/excel/HP AluminiumBook Source Messaging - Gaston 05-06.xlsx' backend/tests/fixtures/hp/gaston.xlsx
ls backend/tests/fixtures/hp/
```
Expected: three `.xlsx` files listed.
- [ ] **Step 1.2: Add gitignore rule for fixtures**
Add to `.gitignore` near the existing legacy-env block:
```
# Local test fixtures (real HP Source Messaging files; not for commit)
backend/tests/fixtures/
```
- [ ] **Step 1.3: Read `pdf_processor.py` as the pattern source**
```bash
wc -l backend/pdf_processor.py
```
Read the file end-to-end. Identify: public surface (`process_pdf_file`), helper for raw extraction, helper for LLM summarisation, file path conventions (`brand_guidelines/files/{file_id}_summary.txt`), error handling shape, retry pattern, return tuple `(summary_text, summary_path)`.
- [ ] **Step 1.4: Create `excel_processor.py` skeleton**
Create `backend/excel_processor.py` with:
```python
"""Excel reference-asset processor for HP Source Messaging files.
Mirrors pdf_processor.py: openpyxl extracts raw cell content from
every sheet, Gemini summarises the result into structured Markdown
under brand_guidelines/files/{file_id}_summary.md. The check
hp_copy_review pulls that Markdown into its prompt at QC time.
"""
import os
from typing import Tuple
from openpyxl import load_workbook
from llm_config import call_gemini_text # adjust to actual export name
BRAND_GUIDELINES_DIR = os.path.join(
os.path.dirname(os.path.abspath(__file__)), 'brand_guidelines', 'files'
)
# Cap raw extraction at ~50K chars to keep the summary prompt bounded.
# A 30-row, 12-column workbook is ~10-15K chars in practice; this leaves
# headroom for HP's larger source files without blowing the prompt budget.
_RAW_EXTRACTION_CAP = 50_000
def process_excel_file(file_path: str, file_id: str) -> Tuple[str, str]:
"""Extract + summarise an HP Source Messaging Excel.
Returns (summary_text, summary_path). Saves the summary as
{file_id}_summary.md under BRAND_GUIDELINES_DIR. Never raises —
on failure, writes a degraded summary containing the raw extraction
so the reference asset is still usable, and returns that.
"""
raw_text = _extract_workbook_text(file_path)
try:
summary = _summarise_with_gemini(raw_text, os.path.basename(file_path))
except Exception as e:
summary = (
f"# {os.path.basename(file_path)} (degraded — summary failed)\n\n"
f"Gemini summarisation failed: {type(e).__name__}: {e}\n\n"
f"## Raw extraction\n\n```\n{raw_text}\n```\n"
)
os.makedirs(BRAND_GUIDELINES_DIR, exist_ok=True)
summary_path = os.path.join(BRAND_GUIDELINES_DIR, f"{file_id}_summary.md")
with open(summary_path, 'w', encoding='utf-8') as f:
f.write(summary)
return summary, summary_path
```
- [ ] **Step 1.5: Implement `_extract_workbook_text`**
Append:
```python
def _extract_workbook_text(file_path: str) -> str:
"""Read every sheet, dump as 'Sheet: <name>\\n<tab-aligned rows>\\n\\n'."""
wb = load_workbook(file_path, data_only=True, read_only=True)
parts = []
total_chars = 0
for sheet in wb.worksheets:
parts.append(f"Sheet: {sheet.title}\n")
for row in sheet.iter_rows(values_only=True):
# Skip rows where every cell is None/empty
if not any((c is not None and str(c).strip()) for c in row):
continue
line = '\t'.join(('' if c is None else str(c)) for c in row)
parts.append(line + '\n')
total_chars += len(line) + 1
if total_chars >= _RAW_EXTRACTION_CAP:
parts.append(f"\n[truncated — exceeded {_RAW_EXTRACTION_CAP}-char cap]\n")
return ''.join(parts)
parts.append('\n')
wb.close()
return ''.join(parts)
```
- [ ] **Step 1.6: Implement `_summarise_with_gemini`**
Append:
```python
_SYSTEM_PROMPT = """You're processing an HP Source Messaging Excel into a structured Markdown reference. Output these sections exactly, in this order:
## Product / Variant
(brand, product line, variant if any — e.g. "HP OmniDesk Mini — Core")
## Key Selling Points (KSPs)
For each KSP: heading, value proposition, supporting body copy, message-length variants (ultra-short / short / medium / long if present in the source).
## Disclaimers / Footnotes
Numbered list, exact wording, what claim each footnote anchors to.
## Approved Brand and Product Names
Exact spellings, including trademark glyphs (™, ®, ©).
## Variant Notes / Watch-outs
Anything explicitly marked variant-specific (e.g. "Mainstream only", "Core only", "must not appear in entry tier").
## Verboten Phrasing
Any explicitly disallowed or deprecated phrasing called out in the source.
Be exhaustive but concise. Quote exactly where the source is explicit. If a section has no content in this source, write 'None specified' under it — do not omit the section heading."""
def _summarise_with_gemini(raw_text: str, source_filename: str) -> str:
user_prompt = (
f"Source filename: {source_filename}\n\n"
f"Raw cell content:\n\n```\n{raw_text}\n```"
)
# call_gemini_text is the existing text-only Gemini wrapper in llm_config.
# If the actual export name differs, adjust in Step 1.7 verification.
return call_gemini_text(
system_prompt=_SYSTEM_PROMPT,
user_prompt=user_prompt,
model='gemini-2.5-pro',
)
```
- [ ] **Step 1.7: Verify llm_config exports a usable text-only Gemini wrapper**
```bash
grep -nE "def (call_gemini|gemini_text|generate.*gemini)" backend/llm_config.py | head -20
```
If `call_gemini_text` doesn't exist under that name, find the closest analogue (look at how `pdf_processor.py` calls Gemini) and update the import + call site in `excel_processor.py` accordingly.
- [ ] **Step 1.8: Syntax + import verification**
```bash
cd backend && python3 -m py_compile excel_processor.py && python3 -c "import excel_processor; print('OK', excel_processor.BRAND_GUIDELINES_DIR)"
```
Expected: `OK <path>/brand_guidelines/files`
- [ ] **Step 1.9: Run the processor against the Messi-Core fixture**
```bash
cd backend && python3 -c "
import os, sys
sys.path.insert(0, '.')
from excel_processor import process_excel_file
summary, path = process_excel_file('tests/fixtures/hp/messi_core.xlsx', 'test-messi-core')
print('summary_path:', path)
print('summary_len:', len(summary))
print('first 800 chars:')
print(summary[:800])
"
```
Expected: summary is 15004000 chars, contains `## Key Selling Points`, `## Disclaimers`, `## Approved Brand and Product Names`, and at least one KSP-level content snippet referencing "OmniDesk" or "Mini".
- [ ] **Step 1.10: Commit Task 1**
```bash
git add backend/excel_processor.py .gitignore
git commit -m "feat(excel-processor): add openpyxl + Gemini summary pipeline for HP Source Messaging
Mirrors pdf_processor.py — public process_excel_file() reads any HP
Source Messaging Excel, extracts cells via openpyxl (skipping empty
rows, capped at 50K chars), and summarises into structured Markdown
via Gemini 2.5 Pro. Output saved as brand_guidelines/files/{file_id}_summary.md.
On Gemini failure the processor writes a degraded summary containing
the raw extraction so the reference asset stays usable. Test fixtures
(real HP Excels) live under backend/tests/fixtures/hp/ and are gitignored."
```
---
### Task 2: `.xlsx` dispatch on the reference asset upload endpoint
Wire `excel_processor.process_excel_file` into the `/api/brand_guidelines` POST handler at `backend/api_server.py:4771` so `.xlsx` uploads route correctly.
**Files:**
- Modify: `backend/api_server.py` (around the existing `/api/brand_guidelines` POST handler near line 4771)
- [ ] **Step 2.1: Read the existing handler to find the PDF dispatch**
```bash
sed -n '4760,4900p' backend/api_server.py
```
Identify: where the extension is checked, where `pdf_processor.process_pdf_file` is called, and what's returned to the client.
- [ ] **Step 2.2: Add the `.xlsx` branch**
Edit the POST handler to dispatch by extension. The exact change depends on the existing code shape — pattern is:
- Where the handler currently checks for `.pdf` and calls `pdf_processor.process_pdf_file(...)`, add an `elif filename.lower().endswith('.xlsx')` branch that imports `excel_processor` and calls `excel_processor.process_excel_file(...)` with the same arg signature.
- The DB record / response shape should be identical to the PDF path — same `file_id`, same `status`, same return JSON.
- Cover image: PDF has one; Excel doesn't. If the DB record assigns a `cover_path`, set it to `None` for Excels.
- [ ] **Step 2.3: Syntax + import verification**
```bash
cd backend && python3 -m py_compile api_server.py && python3 -c "import api_server; print('api_server OK')"
```
- [ ] **Step 2.4: Commit Task 2**
```bash
git add backend/api_server.py
git commit -m "feat(brand-guidelines): route .xlsx uploads to excel_processor
The /api/brand_guidelines POST handler now dispatches by extension:
.pdf → pdf_processor.process_pdf_file (existing), .xlsx →
excel_processor.process_excel_file (new). Same DB record shape;
cover image is null for Excel since there's no first-page analogue."
```
---
### Task 3: Media plan `language` column
Add `language` to the media-plan column extraction and surface it into the prompt context.
**Files:**
- Modify: `backend/media_plan_processor.py`
- [ ] **Step 3.1: Locate the column-extraction logic**
```bash
grep -n -E "country|placement|vendor|dimensions" backend/media_plan_processor.py | head -10
```
These are the existing matched-row metadata fields. The `language` field will live alongside them.
- [ ] **Step 3.2: Add `language` to the case-insensitive header match list**
Edit the column-mapping section to recognise `Language` / `language` / `LANGUAGE` headers and store the value in the matched-row dict under the key `language`.
- [ ] **Step 3.3: Surface `language` in the prompt context block**
Locate where the matched-row dict is rendered as text injected into check prompts (the function that returns the "media plan context" string used by `process_single_check`). Add a line:
```python
if row.get('language'):
lines.append(f"Language: {row['language']}")
```
— preserving the existing structure (no line if absent).
- [ ] **Step 3.4: Syntax + import verification**
```bash
cd backend && python3 -m py_compile media_plan_processor.py && python3 -c "import media_plan_processor; print('OK')"
```
- [ ] **Step 3.5: Quick functional test with a synthetic plan**
```bash
cd backend && python3 -c "
# Mock test: build a minimal row dict with a language field and confirm the
# prompt-context formatter emits 'Language: <value>'. Exact function name to
# locate during Step 3.3 — adjust below.
from media_plan_processor import format_matched_row_for_prompt # adjust if named differently
row = {'country': 'UK', 'language': 'UK English', 'placement': 'eTail tile'}
print(format_matched_row_for_prompt(row))
"
```
Expected: output includes a line `Language: UK English`.
- [ ] **Step 3.6: Commit Task 3**
```bash
git add backend/media_plan_processor.py
git commit -m "feat(media-plan): extract and surface 'language' column
Adds case-insensitive 'language' header recognition to the media-plan
column mapper. When present in a matched row, the value flows into
the prompt context block as 'Language: <value>'. Absent → no line
(graceful no-op for clients whose plans don't include the field).
Enables multilingual support for hp_copy_review (Cycle 1) and any
future check that wants to reason about asset language."
```
---
### Task 4: HP client config + profile
Promote HP from placeholder. Create the `hp_copy_review` profile JSON. Ensure the profile loader picks it up.
**Files:**
- Modify: `backend/client_config.py`
- Create: `backend/profiles/hp_copy_review.json`
- [ ] **Step 4.1: Update the HP entry in `CLIENT_PROFILES`**
Edit `backend/client_config.py`. Replace the existing `'hp'` entry with:
```python
'hp': {
'name': 'HP',
'profiles': ['hp_copy_review', 'static_general', 'video_general'],
'display_name': 'HP',
'description': 'HP marketing copy QC graded against canonical Source Messaging',
'default_profile': 'hp_copy_review',
},
```
- [ ] **Step 4.2: Create the profile JSON**
Create `backend/profiles/hp_copy_review.json`:
```json
{
"name": "HP Copy Review",
"description": "Marketing copy graded against canonical HP Source Messaging",
"mode": "asset",
"visibility": "client_specific",
"visible_to_clients": ["hp"],
"checks": {
"hp_copy_review": {
"weight": 10.0,
"llm": "gemini",
"enabled": true
}
}
}
```
- [ ] **Step 4.3: Verify client config**
```bash
cd backend && python3 -c "
from client_config import get_client_profiles, get_default_profile
print('profiles:', get_client_profiles('hp'))
print('default:', get_default_profile('hp'))
"
```
Expected:
```
profiles: ['hp_copy_review', 'static_general', 'video_general']
default: hp_copy_review
```
- [ ] **Step 4.4: Verify profile load**
```bash
cd backend && python3 -c "
from profile_config import get_profile
p = get_profile('hp_copy_review')
print('name:', p.name)
print('mode:', getattr(p, 'mode', 'asset'))
print('enabled checks:', p.get_enabled_checks())
print('strict_grade:', getattr(p, 'strict_grade', False))
"
```
Expected: profile loads, mode is `asset`, enabled_checks lists `['hp_copy_review']`. (The check itself doesn't exist yet → may emit a "Loaded profile" line but the check loader fails for `hp_copy_review`; that's expected at this task boundary.)
- [ ] **Step 4.5: Commit Task 4**
```bash
git add backend/client_config.py backend/profiles/hp_copy_review.json
git commit -m "feat(hp): promote HP client + add hp_copy_review profile
HP is no longer a placeholder. The client gets a new hp_copy_review
profile (single weighted check, client-specific visibility) as its
default, plus the generic static_general and video_general profiles
it already had visibility into."
```
---
### Task 5: `hp_copy_review` check module
The actual QC check — single LLM call per asset.
**Files:**
- Create: `backend/visual_qc_apps/hp_copy_review/__init__.py` (empty)
- Create: `backend/visual_qc_apps/hp_copy_review/app.py`
- [ ] **Step 5.1: Read `flask_app_template.py` and a comparable real check**
```bash
ls backend/flask_app_template.py 2>/dev/null && wc -l backend/flask_app_template.py
ls backend/visual_qc_apps/boots_tandc_wording/app.py && wc -l backend/visual_qc_apps/boots_tandc_wording/app.py
```
Read both. The boots_tandc_wording check is the closest analogue (copy-against-reference, image input, structured findings output). Use it as the implementation pattern.
- [ ] **Step 5.2: Create the directory + empty `__init__.py`**
```bash
mkdir -p backend/visual_qc_apps/hp_copy_review
touch backend/visual_qc_apps/hp_copy_review/__init__.py
```
- [ ] **Step 5.3: Create `app.py` with the standard check skeleton**
Copy the structure from `boots_tandc_wording/app.py` (Flask blueprint pattern, `run_check(...)` or equivalent entry point, the reference-asset summary injection, the media-plan context injection). Adapt the prompt to:
```
You are a copy reviewer for HP marketing materials. Compare the
marketing asset against the canonical Source Messaging provided.
PRODUCT LANGUAGE: <from media plan, or "not specified">
CANONICAL SOURCE MESSAGING:
<one or more Markdown summaries from attached Excel reference assets,
concatenated, each preceded by a header like "--- File: messi_core.xlsx ---">
MARKETING ASSET:
[image]
For every claim, headline, body line, disclaimer, footnote, spec
call-out, and brand mention visible on the asset, evaluate against
the canonical source. Output a JSON object with this shape:
{
"score": <number 0-10>,
"summary": "<one-paragraph headline finding>",
"findings": [
{
"priority": "high" | "medium" | "low",
"category": "ksp" | "disclaimer" | "spec" | "variant" | "tone" | "brand-name" | "language" | "other",
"quote": "<exact quote from the asset>",
"issue": "<what's wrong>",
"suggested_fix": "<what it should say, citing the canonical source>",
"source_reference": "<where in source messaging this comes from>"
}
]
}
Rules:
- If no Source Messaging is attached, return {"score": 0, "summary": "No HP Source Messaging reference was attached — cannot grade copy without a canonical source.", "findings": []}
- High-priority findings weight the score most heavily
- Empty findings (clean asset) is a valid result; score 9-10
- Return ONLY the JSON object, no surrounding prose
```
- [ ] **Step 5.4: Implement response parsing**
The check function must parse the LLM's JSON response. Handle:
- Valid JSON with the expected shape → extract `score`, `summary`, `findings` and return them in the standard check result shape (`{'score': ..., 'response': ..., 'findings': ...}` — match the existing checks' return shape so the report renderer can pick up `findings` later).
- Malformed JSON → score 0, response = raw LLM text, findings = `[]`, summary = "Failed to parse check output".
- The `findings` array gets attached to the check result dict so the report renderer in Task 6 can detect it.
- [ ] **Step 5.5: Syntax + import + profile load verification**
```bash
cd backend && python3 -m py_compile visual_qc_apps/hp_copy_review/app.py && python3 -c "
from profile_config import get_profile
from app_discovery import discover_qc_apps # or the actual loader path
apps = discover_qc_apps()
print('hp_copy_review in apps:', 'hp_copy_review' in apps)
p = get_profile('hp_copy_review')
print('profile enabled checks:', p.get_enabled_checks())
"
```
Expected: `hp_copy_review in apps: True`, profile lists it as enabled.
- [ ] **Step 5.6: Dry-run prompt-assembly test (no LLM call)**
```bash
cd backend && python3 -c "
# Smoke test: instantiate the check, call its prompt-assembly helper
# (without invoking Gemini) with mock reference summaries and a mock
# media-plan row including language='UK English'. Confirm output prompt
# contains 'Language: UK English', 'CANONICAL SOURCE MESSAGING', and
# the findings-format instructions.
from visual_qc_apps.hp_copy_review.app import build_prompt # adjust if named differently
prompt = build_prompt(
reference_summaries=[('messi_core.xlsx', '## Product\nHP OmniDesk Mini Core')],
media_plan_row={'language': 'UK English', 'country': 'UK'},
)
assert 'Language: UK English' in prompt, 'language missing from prompt'
assert 'CANONICAL SOURCE MESSAGING' in prompt
assert 'findings' in prompt
print('prompt assembly OK')
"
```
- [ ] **Step 5.7: Commit Task 5**
```bash
git add backend/visual_qc_apps/hp_copy_review/
git commit -m "feat(hp_copy_review): single-check LLM grader against Source Messaging
Single Gemini call per asset. Prompt assembles attached Source
Messaging summaries + media-plan language context + the asset image.
Returns structured JSON with score, summary, and a findings array
(priority, category, quote, issue, suggested fix, source reference).
Empty findings = clean asset; missing reference → score 0 with a
clear message rather than running blind."
```
---
### Task 6: Findings-table rendering in both HTML report generators
Both HTML generators need a small case to render `findings` as a table.
**Files:**
- Modify: `backend/api_server.py` (`generate_html_content` and `generate_comprehensive_html_report` — see [[feedback_multi_html_generators]])
- [ ] **Step 6.1: Locate both generators**
```bash
grep -n "def generate_html_content\|def generate_comprehensive_html_report" backend/api_server.py
```
Expected: two function definitions, both render check results to HTML.
- [ ] **Step 6.2: Identify where each renders a per-check response**
In each generator, find the section that renders the per-check `response` text (often inside an expandable `<details>` block). The new case goes *before* that fallback: if the check's result dict contains a `findings` array, render the table; else fall back to the text response.
- [ ] **Step 6.3: Implement a shared helper `_render_findings_table(findings)`**
Add near the existing CSS/render helpers in `api_server.py`:
```python
def _render_findings_table(findings):
"""Render an hp_copy_review-style findings array as an HTML table."""
if not findings:
return '<p class="muted">No findings — copy is clean.</p>'
rows = []
for f in findings:
priority = f.get('priority', 'low')
pri_class = {'high': 'score-bad', 'medium': 'score-ok', 'low': 'score-good'}.get(priority, 'muted')
rows.append(
f'<tr>'
f'<td><span class="score-pill {pri_class}">{priority.upper()}</span></td>'
f'<td><code>{f.get("category", "")}</code></td>'
f'<td><code>{(f.get("quote") or "")[:200]}</code></td>'
f'<td>{f.get("issue", "")}</td>'
f'<td>{f.get("suggested_fix", "")}</td>'
f'<td class="muted">{f.get("source_reference", "")}</td>'
f'</tr>'
)
return (
'<table class="findings-table"><thead><tr>'
'<th>Priority</th><th>Category</th><th>Quote</th>'
'<th>Issue</th><th>Suggested fix</th><th>Source</th>'
'</tr></thead><tbody>'
+ ''.join(rows) + '</tbody></table>'
)
```
- [ ] **Step 6.4: Wire the helper into both generators**
In each generator, where it renders a check's response block, add (in pseudocode):
```python
findings = check_result.get('findings')
if findings is not None:
body_html += _render_findings_table(findings)
else:
body_html += render_response_text(check_result.get('response', ''))
```
Match the exact variable names and HTML scaffolding used by each generator.
- [ ] **Step 6.5: Syntax verification + manual HTML inspection**
```bash
cd backend && python3 -m py_compile api_server.py && python3 -c "
from api_server import _render_findings_table
html = _render_findings_table([
{'priority': 'high', 'category': 'disclaimer', 'quote': 'must be linked to a boots.com account', 'issue': 'Wrong account type', 'suggested_fix': '...linked to an Advantage Card account...', 'source_reference': 'Messi Core T&Cs row 18'},
{'priority': 'low', 'category': 'tone', 'quote': 'a tiny powerhouse', 'issue': 'Not approved phrasing', 'suggested_fix': 'Use \"compact and capable\"', 'source_reference': 'KSP 1'},
])
with open('/tmp/findings_preview.html', 'w') as f:
f.write('<!DOCTYPE html><html><head><style>table{border-collapse:collapse}td,th{border:1px solid #ddd;padding:6px}</style></head><body>' + html + '</body></html>')
print('wrote /tmp/findings_preview.html')
"
open /tmp/findings_preview.html
```
Eye-check: table renders, priority pills coloured correctly, quote in monospace.
- [ ] **Step 6.6: Commit Task 6**
```bash
git add backend/api_server.py
git commit -m "feat(report): render hp_copy_review findings as a structured table
Both HTML report generators (generate_html_content and
generate_comprehensive_html_report) get a small case: when a check
result has a 'findings' array, render it as a priority-coloured
table with quote/issue/suggested-fix/source columns instead of the
default response-text block. Fallback to text rendering when
findings is absent — every existing check is unaffected."
```
---
### Task 7: Dev smoke test + deployment
End-to-end verification on the dev server with real assets and real LLM calls.
- [ ] **Step 7.1: Run the full pre-session checklist**
```bash
cd backend && python3 -c "
from profile_config import get_profile
for p in ['general_check','static_general','unilever_key_visual','unilever_packaging','diageo_key_visual','diageo_packaging','loreal_static','amazon_static','boots_static','boots_ppack','inclusive_accessibility','video_general','axa_policy_document','axa_policy_document_diff','axa_accessibility','hp_copy_review']:
prof = get_profile(p)
print(f'OK {prof.name} ({len(prof.get_enabled_checks())} checks)')
"
cd .. && python3 -m py_compile backend/**/*.py
python3 -c "
import sys; sys.path.insert(0, 'backend')
import api_server, llm_config, profile_config, jwt_validator, auth_middleware
print('all imports OK')
"
```
Expected: every profile (including new `hp_copy_review`) loads; all syntax + imports green.
- [ ] **Step 7.2: Push the feature branch**
```bash
git push -u origin feature/hp-cycle-1-onboarding
```
- [ ] **Step 7.3: Open PR `feature/hp-cycle-1-onboarding → develop` via Bitbucket**
URL: `https://bitbucket.org/zlalani/ai_qc/pull-requests/new?source=feature/hp-cycle-1-onboarding&t=1`. Destination = `develop`. Title: "feat(hp): cycle 1 — hp_copy_review check + excel processor + language field". Body links to the spec.
- [ ] **Step 7.4: Merge PR, then deploy to dev**
SSH to `optical-production-dev`:
```bash
cd /opt/ai_qc
backend/scripts/deploy.sh dev
sudo journalctl -u ai-qc -n 30 --no-pager
```
Confirm clean deploy + service healthy.
- [ ] **Step 7.5: Manually upload Source Messaging fixtures to dev**
Via the UI at `optical-dev.oliver.solutions/ai_qc/`:
1. Sign in (admin).
2. Settings → Reference Assets (for client `hp`).
3. Upload `messi_core.xlsx`, `messi_mainstream.xlsx`, `gaston.xlsx` (from the original locations under `~/Desktop/AI_QC_Bitbucket/hp/recieved_docs/excel/`).
4. Watch the status badge — each should flip to `ready` within 60s. If degraded, inspect the saved `_summary.md` to see what failed.
- [ ] **Step 7.6: Run an HP marketing asset through `hp_copy_review`**
1. From the HP team, get a real Messi or Gaston marketing image (PNG/JPG).
2. Open a QC session as client `hp`, profile `hp_copy_review`.
3. Attach the relevant Source Messaging reference (e.g. `messi_core` for a Core-targeted asset).
4. (Optional) Upload a media plan with a `language` column populated so the prompt picks it up.
5. Run the QC.
6. Inspect the report: confirm findings table renders, priority pills coloured correctly, quotes are real text from the asset.
If output structure is wrong (e.g. LLM returns prose instead of JSON), iterate the prompt — small follow-up PRs against `develop`.
- [ ] **Step 7.7: PR `develop → main` and tag**
Once HP-side smoke testing confirms the output is useful:
```bash
# (laptop) sync local develop, open PR via Bitbucket UI:
# https://bitbucket.org/zlalani/ai_qc/pull-requests/new?source=develop&dest=main&t=1
```
After merge:
```bash
git fetch origin
git tag -a v1.4.0 origin/main -m "v1.4.0 — HP onboarding cycle 1 (hp_copy_review check + excel processor + media-plan language field)"
git push origin v1.4.0
git rev-parse v1.4.0^{commit}; git rev-parse origin/main # should match
```
- [ ] **Step 7.8: Deploy v1.4.0 to prod**
SSH to `optical-production`:
```bash
cd /opt/ai_qc
backend/scripts/deploy.sh prod v1.4.0
sudo journalctl -u ai-qc -n 30 --no-pager
```
No env-file backup dance needed — env files are now permanently gitignored (since v1.3.2).
- [ ] **Step 7.9: Upload Source Messaging files to prod**
Repeat Step 7.5 against the prod UI (`optical-prod.oliver.solutions/ai_qc/`). Source Messaging files are *per-server* — they live in `brand_guidelines/files/` on disk and don't sync between dev and prod.
- [ ] **Step 7.10: Hand off to HP team**
Confirm HP has access (via per-user client access — `Nick.Viljoen@oliver.agency` adds the HP team's email(s)). Walk them through:
1. Where to upload Source Messaging files (Settings → Reference Assets).
2. How to run a QC (select hp_copy_review, attach the right reference).
3. What feedback to send back (findings missed, findings wrong, output format suggestions).
Collect first-week feedback before opening Cycle 2 (Word/PPT processor).

190
docs/superpowers/specs/2026-05-14-phase1-remove-dow-jones-design.md Normal file
View file

@ -0,0 +1,190 @@
# Phase 1 — Remove Dow Jones from Visual AI QC
**Date:** 2026-05-14
**Author:** Nick Viljoen (design via Claude Code brainstorm)
**Status:** Approved, ready for implementation plan
## Goal
Dow Jones is no longer a Visual AI QC client. Remove the client entry, the four Dow Jones brand profiles, and the 22 supporting QC check apps from the live code paths. Preserve everything on disk inside `backend/_archive/dow_jones/` so any of it can be revived later by moving folders back to their original locations — no git surgery needed.
This is a self-contained cleanup. No behavioural changes to any other client.
## Non-goals
- Not touching `backend/usage_logs/*.jsonl` — those events are immutable audit history.
- Not touching uploaded media plans or uploaded brand-guideline PDFs on dev/prod servers.
- Not modifying `backend/user_access.json` on the live servers — stale `dow_jones` grants are harmless once the client disappears from the picker.
- Not removing any QC check that lives **outside** the dj_/mw_/wsj_/wsj_podcast_ namespaces (even if it looks Dow-Jones-adjacent — none were found).
## Archive layout
Single archive root at the backend, organized by departed client:
```
backend/_archive/
└── dow_jones/
├── README.md
├── CLAUDE_DOW_JONES.md
├── profiles/
│ ├── dow_jones_static.json
│ ├── marketwatch_static.json
│ ├── wsj_podcast.json
│ └── wsj_static.json
└── visual_qc_apps/
├── dj_color_palette/
├── dj_file_naming/
├── dj_logo_compliance/
├── dj_photography_style/
├── dj_square_motif/
├── dj_typography_hierarchy/
├── mw_art_direction/
├── mw_color_palette/
├── mw_image_treatment/
├── mw_layout_composition/
├── mw_logo_compliance/
├── mw_typography_hierarchy/
├── wsj_capitalization_punctuation/
├── wsj_color_usage/
├── wsj_imagery_expression/
├── wsj_layout_composition/
├── wsj_logo_compliance/
├── wsj_podcast_format_compliance/
├── wsj_podcast_headline_layout/
├── wsj_podcast_logo_placement/
├── wsj_podcast_safe_area/
└── wsj_typography_hierarchy/
```
**Why this layout**
- `backend/_archive/` is outside `backend/profiles/` and `backend/visual_qc_apps/`, so the existing profile loader (`profile_config.py`) and check discovery code do not scan it. **No loader-side code changes needed** — moving the files is sufficient to deactivate them.
- One client per subfolder under `_archive/` makes the pattern reusable for any future client offboarding.
- Inside the client subfolder, the original `profiles/` and `visual_qc_apps/` directory names are preserved verbatim, so restoring is a `git mv` back into place.
## File moves
All moves performed with `git mv` so history is preserved (`git log --follow` keeps working).
### Repo-root doc → archive
| From | To |
|---|---|
| `CLAUDE_DOW_JONES.md` | `backend/_archive/dow_jones/CLAUDE_DOW_JONES.md` |
### Profile JSONs → archive
| From | To |
|---|---|
| `backend/profiles/dow_jones_static.json` | `backend/_archive/dow_jones/profiles/dow_jones_static.json` |
| `backend/profiles/marketwatch_static.json` | `backend/_archive/dow_jones/profiles/marketwatch_static.json` |
| `backend/profiles/wsj_podcast.json` | `backend/_archive/dow_jones/profiles/wsj_podcast.json` |
| `backend/profiles/wsj_static.json` | `backend/_archive/dow_jones/profiles/wsj_static.json` |
### Check directories → archive
22 directories under `backend/visual_qc_apps/`:
- `dj_color_palette/`, `dj_file_naming/`, `dj_logo_compliance/`, `dj_photography_style/`, `dj_square_motif/`, `dj_typography_hierarchy/`
- `mw_art_direction/`, `mw_color_palette/`, `mw_image_treatment/`, `mw_layout_composition/`, `mw_logo_compliance/`, `mw_typography_hierarchy/`
- `wsj_capitalization_punctuation/`, `wsj_color_usage/`, `wsj_imagery_expression/`, `wsj_layout_composition/`, `wsj_logo_compliance/`, `wsj_typography_hierarchy/`
- `wsj_podcast_format_compliance/`, `wsj_podcast_headline_layout/`, `wsj_podcast_logo_placement/`, `wsj_podcast_safe_area/`
Each moves to `backend/_archive/dow_jones/visual_qc_apps/<dir>/` keeping its internal structure (typically `app.py` and any prompt/config files) intact.
### New file
A one-page `backend/_archive/dow_jones/README.md` written to record:
- Date archived (2026-05-14)
- One-line reason ("Client offboarded — no longer using Visual AI QC")
- Restore instructions ("Move `profiles/*.json` back to `backend/profiles/`, move `visual_qc_apps/*` back to `backend/visual_qc_apps/`, re-add the client entry to `backend/client_config.py`, restart the server.")
## Code edits
### `backend/client_config.py`
Remove the `"dow_jones": {...}` block. No other consumers of the file reference it (verified via project survey). After the edit, `get_all_clients()` must return 9 clients (Diageo, Unilever, L'Oreal, Amazon, Boots, Honda, AXA, Rank, General).
### `CLAUDE.md` (repo root)
Two edits:
1. **Client/profile table** — delete the Dow Jones row:
```
| Dow Jones | `dow_jones_static` (5), `marketwatch_static` (6), `wsj_static` (6), `wsj_podcast` (7) | [CLAUDE_DOW_JONES.md](CLAUDE_DOW_JONES.md) |
```
2. **Pre-Session Completion Checklist** (item 5, "Profile load") — drop the four Dow Jones profile names from the inline list. The remaining list keeps loading every other profile.
No edits needed to `profile_config.py`, `api_server.py`, `auth_middleware.py`, `usage_tracker.py`, `media_plan_processor.py`, `pdf_processor.py`, or any other backend module. The archive lives outside the scanned directories, so loaders ignore it without code changes.
## Things explicitly NOT touched
| Surface | Reason |
|---|---|
| `backend/usage_logs/*.jsonl` | Immutable audit trail. Removing Dow Jones events would falsify history and break date-range reports. |
| Uploaded media plans (`backend/media_plans/`) | User data. Belongs to historical analyses. |
| Uploaded brand guideline PDFs (`backend/brand_guidelines/`) | User data. Same as above. |
| `backend/user_access.json` on dev + prod | Gitignored, per-server. Stale `dow_jones` entries are harmless because the client no longer exists in `client_config.py` — the picker won't render it. Cleaning these requires SSH and is not worth the risk for zero functional benefit. |
| Memory file `project_state.md` | Will update opportunistically once Phase 1 ships, not as part of the change. |
## Verification
Run after the moves + edits, before commit:
```bash
# 1. Syntax
python -m py_compile backend/api_server.py backend/client_config.py backend/profile_config.py
# 2. Client config: Dow Jones gone, 9 clients remain
cd backend && python3 -c "
from client_config import get_all_clients
clients = get_all_clients()
assert 'dow_jones' not in clients, 'dow_jones still in client_config'
assert len(clients) == 9, f'expected 9 clients, got {len(clients)}'
for cid, c in clients.items(): print(f'OK {c[\"display_name\"]}: {c[\"profiles\"]}')
"
# 3. All remaining profiles still load (Dow Jones four dropped)
cd backend && python3 -c "
from profile_config import get_profile
for p in ['general_check','static_general','unilever_key_visual','unilever_packaging',
'diageo_key_visual','diageo_packaging','loreal_static','amazon_static',
'boots_static','boots_ppack','inclusive_accessibility','video_general',
'axa_policy_document','axa_policy_document_diff','axa_accessibility']:
prof = get_profile(p); print(f'OK {prof.name} ({len(prof.get_enabled_checks())} checks)')
"
# 4. Archived profiles no longer loadable
cd backend && python3 -c "
from profile_config import get_profile
for archived in ['dow_jones_static','marketwatch_static','wsj_static','wsj_podcast']:
try:
get_profile(archived)
print(f'FAIL: {archived} still loadable')
except Exception as e:
print(f'OK archived ({archived}): {type(e).__name__}')
"
# 5. Server boots
./scripts/test-system.sh
```
All five must pass before the implementation is considered complete.
## Commit hygiene
- One commit per logical group makes review easy:
1. `chore(dow-jones): archive profiles and check apps`
2. `chore(dow-jones): remove client_config entry`
3. `docs(dow-jones): update CLAUDE.md after offboarding + add archive README`
- All file moves use `git mv` so `git log --follow` continues to work on any moved file.
- Branch off `develop` as `feature/remove-dow-jones`, PR into `develop`, then deploy to dev via `backend/scripts/deploy.sh dev` per the standard flow.
## Open risks
| Risk | Likelihood | Mitigation |
|---|---|---|
| A profile JSON outside the four named ones still references a dj_/mw_/wsj_ check | Low | Verification step 3 catches it — the remaining profiles fail to load if a referenced check directory has been moved out from under them. |
| Live server `user_access.json` references Dow Jones in a way that crashes the access middleware once the client is gone | Low | `auth_middleware.py` access checks are keyed by client_id; an absent client just returns "not granted." Confirmed during design survey. |
| `git mv` of 22 directories produces a noisy PR | Certain | Expected. The PR will show 22 renames plus a few small edits. Reviewer can use `git log --follow` on any moved file for history. |

293
docs/superpowers/specs/2026-05-17-database-design.md Normal file
View file

@ -0,0 +1,293 @@
# AI QC Database Design
**Goal:** Introduce a PostgreSQL database to the AI QC app, dual-written alongside the existing JSONL usage logs, to support a future exec + drill-down dashboard.
**Architecture:** Postgres 16 in a Docker container on each of the two app VMs (`optical-production-dev`, `optical-production`), accessed by the Flask app via SQLAlchemy + psycopg. Alembic for schema migrations. Every analysis write goes to BOTH the existing JSONL log AND the database; JSONL remains source-of-truth for this cycle. A daily `pg_dump → GCS` job protects against VM loss. After dual-write has run for ~1 week and parity is verified, a one-shot script backfills historical JSONL data.
**Tech stack:** PostgreSQL 16, SQLAlchemy 2.x, psycopg 3, Alembic, Docker / docker-compose, `gsutil` (for backups).
**Status:** Phase 5 of Nick's roadmap, cycle 1 of 3 (DB → Docker → Dashboard). Cycles 2 and 3 are out of scope here.
---
## Context
Today, the AI QC app records every analysis event as a line in `backend/usage_logs/YYYY-MM-DD.jsonl`. Readers of those files include `backend/generate_usage_report.py` (CLI), the `/api/client_usage_stats` endpoint (powering the "Reporting" tab), and the audit trail for `access_change` / `access_request` events. The JSONL store is battle-tested but limits us in three ways that motivate moving to a relational DB:
1. **Querying** — anything beyond simple per-client/per-day aggregates means writing one-off scripts. A dashboard with filters, drill-down, and trending will not scale on flat files.
2. **Cross-event joins** — "for this analysis, list all checks that scored below 6" requires correlating multiple JSONL events. Trivial in SQL.
3. **Schema evolution** — JSONL is shape-free; the DB makes us define what we record and forces consistency across writers.
The dashboard itself is cycle 3 of Phase 5 — out of scope for this cycle. This cycle just lands the data.
---
## Scope
### In scope (this cycle)
1. Postgres 16 container running on each VM under compose project name `ai-qc`, with a named volume for data persistence.
2. Schema: two tables (`analyses`, `analysis_checks`) plus indexes — design locked during brainstorm (see "Schema" below).
3. SQLAlchemy models, a thin repository module for typed writes, an engine factory that reads `DB_URL` from env.
4. Alembic baseline migration; the deploy script learns to run `alembic upgrade head` before restarting the service.
5. Dual-write integration at every analysis event site in `api_server.py` (UI upload flow, document-mode flow, Box webhook flow, per-check writes, completion writes).
6. Feature flag `DB_DUAL_WRITE_ENABLED` (env var) — defaults to `true`. If set to `false`, the app skips DB writes entirely and behaves exactly as it does today. This is the rollback escape hatch.
7. Daily `pg_dump → GCS` backup via a systemd timer on each VM. 30-day retention via a GCS bucket lifecycle policy.
8. Parity verification script (`verify_dual_write_parity.py`) that compares JSONL records vs DB records for a given date range.
9. One-shot backfill script (`backfill_from_jsonl.py`) — idempotent — to populate the DB with historical JSONL records once dual-write parity has been confirmed.
### Out of scope (handled in follow-up cycles or follow-up tasks)
- Containerising the Flask app itself (Phase 5 cycle 2 — Docker).
- Building the dashboard UI (Phase 5 cycle 3 — Dashboard).
- Migrating `generate_usage_report.py` and `/api/client_usage_stats` to read from the DB. This is the natural follow-up to this cycle but ships separately, once the DB has proven itself.
- Replicating access events (`access_change`, `access_request`, `access_denied`) to the DB. Stays in JSONL for now.
- Moving to managed Cloud SQL. Reasonable future move, but it's a procurement + GCP-admin conversation, not a code change.
- Connection pooling, HA / read replicas, encryption-at-rest beyond Docker volume defaults — all defer until we have a real need.
---
## Schema
Two tables, plus indexes. JSON columns are PostgreSQL `jsonb` (queryable, indexable later if needed). All timestamps are `timestamptz` (UTC). The `analyses.id` reuses the existing in-pipeline `session_id` (a UUID generated at upload time) so JSONL and DB rows share the same primary key.
### `analyses`
One row per QC run.
| column | type | nullable | notes |
|---|---|---|---|
| `id` | `uuid` (pk) | no | matches pipeline `session_id` |
| `client_id` | `text` | no | e.g. `loreal`, `boots` |
| `user_email` | `text` | yes | `null` for Box webhook runs |
| `source_origin` | `text` | no | `ui_upload` \| `box_webhook` |
| `profile_id` | `text` | no | e.g. `loreal_static` |
| `mode` | `text` | no | `asset` \| `document` \| `document_diff` |
| `source_file_name` | `text` | no | original filename |
| `source_file_size_bytes` | `bigint` | yes | |
| `source_file_type` | `text` | yes | `image` / `video` / `pdf` / etc. |
| `started_at` | `timestamptz` | no | |
| `completed_at` | `timestamptz` | yes | |
| `status` | `text` | no | `pending` \| `running` \| `success` \| `failed` |
| `overall_score` | `numeric` | yes | 100-pt scale (120 for Unilever KV) |
| `overall_verdict` | `text` | yes | `pass` \| `fail` |
| `technical_report` | `jsonb` | yes | Phase 3 output (file inspection result) |
| `media_plan_match` | `jsonb` | yes | matched row from media plan if any |
| `total_tokens` | `bigint` | yes | sum across all checks |
| `estimated_cost_usd` | `numeric` | yes | |
| `report_html_path` | `text` | yes | on-disk path to the generated report |
| `box_report_file_id` | `text` | yes | Box file id when uploaded back |
| `error_message` | `text` | yes | populated when `status = 'failed'` |
### `analysis_checks`
One row per check executed. Cascade-delete with the parent analysis.
| column | type | nullable | notes |
|---|---|---|---|
| `id` | `uuid` (pk) | no | |
| `analysis_id` | `uuid` (fk → `analyses.id`, on delete cascade) | no | |
| `check_name` | `text` | no | e.g. `brand_logo_check` |
| `llm_provider` | `text` | no | `gemini` \| `openai` |
| `status` | `text` | no | `success` \| `failed` |
| `score` | `numeric` | yes | |
| `weight` | `numeric` | no | profile-defined weight |
| `tokens_used` | `integer` | yes | |
| `duration_ms` | `integer` | yes | |
| `details` | `jsonb` | no | full LLM response — supports drill-down |
| `started_at` | `timestamptz` | no | |
| `completed_at` | `timestamptz` | yes | |
The `details` column is the heaviest field by far; it preserves the whole structured LLM response so future drill-down views need no schema change. PostgreSQL TOAST compression handles the storage cost; we can prune the column later if it becomes a problem.
### Indexes
- `analyses(client_id, started_at desc)` — primary index for client-scoped chronological queries (the exec dashboard's main shape).
- `analyses(user_email, started_at desc)` — for user-scoped views.
- `analyses(started_at desc)` — for global trending queries.
- `analysis_checks(analysis_id)` — drill-down lookups.
---
## Components
### `backend/db/` (new module)
- `__init__.py` — public surface: `get_session()` (context manager), `init_engine()`.
- `engine.py` — engine factory. Reads `DB_URL` from env. Singleton engine across the Flask app.
- `models.py` — SQLAlchemy ORM models for `Analysis` and `AnalysisCheck`.
- `repository.py` — typed write helpers, the only surface `api_server.py` touches:
- `record_analysis_start(session, *, analysis_id, client_id, user_email, ...) -> Analysis`
- `record_analysis_complete(session, analysis_id, *, overall_score, overall_verdict, status, total_tokens, ...) -> None`
- `record_analysis_failed(session, analysis_id, *, error_message) -> None`
- `record_check_result(session, analysis_id, *, check_name, llm_provider, status, score, weight, details, ...) -> AnalysisCheck`
- `parity.py` — pure helpers consumed by both `verify_dual_write_parity.py` and `backfill_from_jsonl.py`. Parses a JSONL line into the same shape the repository functions accept.
### `backend/migrations/` (new Alembic env)
Standard Alembic layout. Baseline revision creates both tables + indexes.
### `backend/scripts/` (additions)
- `backfill_from_jsonl.py` — one-shot, idempotent. Reads `usage_logs/*.jsonl`, looks up each `session_id` in `analyses`, inserts when missing. Per-row try/except so a single malformed line doesn't abort the run. Logs a summary at the end (read / inserted / skipped / errored).
- `verify_dual_write_parity.py` — for a given date range, counts events in JSONL vs rows in DB and surfaces drift. Exits non-zero when drift is detected.
- `pg_backup_to_gcs.sh``pg_dump` of the AI QC database, gzip, `gsutil cp` to the configured GCS bucket under `pgdumps/<env>/<date>.sql.gz`. Logs to journal via systemd.
### `deploy/docker-compose.db.yml` (new)
```yaml
name: ai-qc
services:
db:
image: postgres:16
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- pgdata:/var/lib/postgresql/data
ports:
- "127.0.0.1:5432:5432" # not exposed externally
volumes:
pgdata:
name: ai-qc-pgdata
```
The top-level `name: ai-qc` and the explicit volume `name:` are belt-and-braces against the CLAUDE.md compose-collision warning, even though the AI QC VMs are dedicated.
### `backend/config/*.env` additions
Both `development.env` and `production.env` (gitignored) get:
```
# Database
DB_URL=postgresql+psycopg://aiqc:<password>@127.0.0.1:5432/aiqc
POSTGRES_USER=aiqc
POSTGRES_PASSWORD=<generated>
POSTGRES_DB=aiqc
DB_DUAL_WRITE_ENABLED=true
# Backups
BACKUP_GCS_BUCKET=ai-qc-pg-backups-<env> # name to be confirmed when bucket is provisioned
```
### `api_server.py` modifications
Five touchpoints, all dual-write. The pattern at every site:
```python
from db import get_session
from db.repository import record_analysis_start
# After the existing JSONL write:
if os.environ.get("DB_DUAL_WRITE_ENABLED", "true").lower() == "true":
try:
with get_session() as db_session:
record_analysis_start(db_session, analysis_id=session_id, ...)
except Exception:
logger.exception("DB write failed (analysis_id=%s); JSONL is authoritative", session_id)
```
Touchpoints:
1. `/api/start_analysis` (asset analysis kickoff) — `record_analysis_start`.
2. `/api/document/start_analysis` (document-mode kickoff) — `record_analysis_start` with `mode='document'`.
3. `_run_box_triggered_analysis` (Box webhook flow) — `record_analysis_start` with `source_origin='box_webhook'`, `user_email=None`.
4. `process_single_check` (per-check completion path) — `record_check_result`.
5. Analysis completion / failure paths — `record_analysis_complete` or `record_analysis_failed`. (Note: per the [[feedback_multi_html_generators]] memory, there are parallel HTML generators; both completion paths need wiring.)
### Backup setup (per VM, manual one-off)
- Create GCS bucket `ai-qc-pg-backups-dev` and `ai-qc-pg-backups-prod` (or names agreed with infra).
- Apply a 30-day lifecycle deletion rule on each bucket.
- Create a GCP service account with `roles/storage.objectCreator` on its corresponding bucket. Key file at `/etc/ai-qc/gcs-backup-sa.json`, chmod 600, owned by the service user.
- Install `pg_backup_to_gcs.sh` to `/opt/ai_qc/backend/scripts/`.
- Create systemd unit `ai-qc-pg-backup.service` + timer `ai-qc-pg-backup.timer` firing daily at 02:00 UTC.
The bucket creation and IAM steps depend on Nick's boss / infra owner (Nick isn't a GCP admin). The script and systemd units are in code and reusable across the two envs.
---
## Data Flow
**Normal asset analysis (UI upload):**
1. User uploads → `/api/start_analysis`.
2. JSONL: write `{event: "analysis_start", session_id, client_id, user_email, profile_id, ...}` to today's log file.
3. DB: insert row in `analyses` (`status='pending'`, `started_at=now`, all metadata fields populated; `overall_score` / `completed_at` left null).
4. Pipeline runs checks in batches. For each check completion:
- JSONL: write `{event: "check_complete", session_id, check_name, status, score, ...}`.
- DB: insert row in `analysis_checks` (full `details` jsonb, score, tokens, duration).
5. All checks done, final scoring + report generation:
- JSONL: write `{event: "analysis_complete", session_id, overall_score, overall_verdict, total_tokens, ...}`.
- DB: update the `analyses` row (`status='success'`, `completed_at`, `overall_score`, `overall_verdict`, `total_tokens`, `report_html_path`).
**Document mode and Box webhook flows:** Same dual-write pattern; different entry points. `source_origin` and (for Box) `user_email=None` differentiate the rows.
**DB write failure (any step):** caught, logged with `exc_info`, swallowed. JSONL has already succeeded; the analysis continues normally and produces the same user-visible output it does today.
---
## Error Handling and Rollback
- **DB connection failure on any single write** — caught, logged, swallowed. JSONL is authoritative.
- **DB connection unavailable at app startup** — app still boots. The engine is initialised lazily; any DB write will fail-and-log per the rule above. This means a misconfigured DB never takes the production service down.
- **Schema migration failure during deploy**`deploy.sh` runs `alembic upgrade head` *before* restarting the systemd unit. If migration fails, deploy aborts before restart, and the existing app keeps running on the unmigrated DB (which it doesn't read from yet, so no harm). Existing rollback logic in `deploy.sh` already handles `git reset --hard` of the app code.
- **Rollback escape hatch** — flip `DB_DUAL_WRITE_ENABLED=false` and restart the service. The app reverts to the exact pre-cycle behaviour (JSONL only). This is the no-code-changes-required panic button.
- **Backup script failure** — logged to journal. No automated alerting in this cycle (see "Out of scope"). Weekly manual spot-check that the latest dump exists in the bucket.
- **Parity drift detected**`verify_dual_write_parity.py` exits non-zero and prints a diff. We investigate manually before proceeding with the backfill.
---
## Testing
Tests run against a dedicated `ai-qc-test` database, brought up via the same docker-compose with a separate database name. No SQLite in tests (per CLAUDE.md Postgres-only policy).
- **Unit tests** for repository functions — each test creates and tears down its rows in a transaction.
- **Migration tests**`alembic upgrade head` followed by `alembic downgrade base` should both succeed cleanly on an empty DB.
- **Dual-write integration test** — mock a fake analysis end-to-end with the DB enabled; assert that both the JSONL file and the DB rows reflect the expected events, and that they agree.
- **Parity test** — feed a known JSONL fixture into the backfill script against an empty DB; assert the resulting DB rows match expectations.
- **Failure-resilience test** — point `DB_URL` at an unreachable host and run an analysis. Verify the analysis still completes successfully and that the failure is logged.
---
## Deployment
Deploys land in this order on each VM:
1. Update env file with new variables (`DB_URL`, `POSTGRES_*`, `DB_DUAL_WRITE_ENABLED`, `BACKUP_GCS_BUCKET`).
2. Bring up the Postgres container: `docker compose -f deploy/docker-compose.db.yml -p ai-qc up -d`.
3. `alembic upgrade head` against the new DB (run from the app venv).
4. Deploy the new app code via existing `deploy.sh dev` / `deploy.sh prod <tag>`. Existing flow already runs `pip install` on `requirements.txt` change.
5. Smoke-test: trigger one analysis via the UI; confirm the row appears in both `backend/usage_logs/<today>.jsonl` and `analyses`.
6. Set up the GCS bucket + service account + systemd timer for backups (per "Backup setup" above) — can be done in parallel with the above once bucket is provisioned.
7. Let dual-write run for ~1 week. Run `verify_dual_write_parity.py --last-days 7`. If clean, proceed to step 8; if drift, debug and re-run.
8. Run `backfill_from_jsonl.py` once. Re-run `verify_dual_write_parity.py` over the full historical range to confirm.
The follow-up cycle (migrating the readers to query the DB instead of JSONL) starts only after step 8 lands cleanly on prod.
---
## Definition of Done
- Both VMs running Postgres 16 in a Docker container under `name: ai-qc` with a named volume.
- Alembic migrations applied; both tables and all indexes present.
- App dual-writing on every analysis touchpoint; failures swallowed and logged.
- `DB_DUAL_WRITE_ENABLED=false` confirmed to restore pre-cycle behaviour.
- Daily backup job running on both VMs and producing readable dumps in GCS.
- Parity script clean over the last 7 days of live traffic.
- Historical JSONL backfilled into the DB and parity-verified across the full history.
- This spec + the implementation plan committed under `docs/superpowers/`.
---
## Deferred decisions (worth surfacing at resume)
- **GCS bucket naming + provisioning** — depends on infra owner.
- **Backup verification automation** — manual spot-check is fine to start; if we add alerting, this is where it goes.
- **Connection pooling tuning** — defaults are fine; revisit if the app gets containerised + scaled out (cycle 2 of Phase 5).
- **Move to Cloud SQL** — eventual win on managed backups + encryption at rest; out of scope until a clear procurement decision is made.
- **Replicating access events to DB** — would let the dashboard surface access history; defer until the dashboard cycle is being scoped.

280
docs/superpowers/specs/2026-05-17-hp-cycle-1-onboarding-design.md Normal file
View file

@ -0,0 +1,280 @@
# HP Onboarding — Cycle 1: `hp_copy_review` Check
**Goal:** Onboard HP onto the AI QC platform with a Source-Messaging-grounded copy review check, replacing the existing `hp-copy` PHP/Make.com POC tool.
**Architecture:** Single new QC check `hp_copy_review` grades an HP marketing asset's on-asset copy against canonical Source Messaging Excel files uploaded as reference assets. A new `excel_processor.py` mirrors `pdf_processor.py`: openpyxl extracts raw cell content at upload time, Gemini summarises into structured Markdown, saved alongside the file under `brand_guidelines/files/`. At QC time the check prompt assembles the Markdown summary(s) + media-plan language metadata + the asset image and returns a structured findings list. HP gets a real client config entry plus the generic profiles it already has visibility into.
**Tech stack:** openpyxl 3.x (already a project dep — used by `media_plan_processor.py`), existing `llm_config.py` Gemini integration, existing brand-guidelines flow, existing media-plan processor. **No new external dependencies.**
**Status:** Cycle 1 of 3 in HP onboarding. Cycles 2 (Word/PPT ingestion) and 3 (Box file picker) are independent and ship later. This cycle is independently shippable.
---
## Context
HP's existing `hp-copy` is a PHP UI wrapping a Make.com webhook (opaque). The PM raised seven concerns; Dave's decision is to deprecate the POC and migrate HP onto AI QC. Of the seven concerns:
- **Solved natively by AI QC today:** stability, configurable rule sets, accuracy (LLM + reference assets eliminate the false-positives-on-brand-names class of bugs because the canonical source list comes from the Excels), bulk processing (local upload supports multi-file out of the box).
- **Cycle 1 (this spec) addresses:** the HP-specific check, the Source-Messaging Excel ingestion pipeline, and multilingual via a media-plan `language` field.
- **Other cycles:** Word/PPT support (Cycle 2), Box file picker (Cycle 3).
The user-visible flow Day 1 after this cycle ships:
1. HP user uploads Source Messaging `.xlsx` files (Messi-Core, Messi-Mainstream, Gaston) once via Settings → Reference Assets.
2. HP user uploads marketing asset(s) via local upload — same UX as Boots/AXA/LOREAL.
3. HP user selects the `hp_copy_review` profile and attaches the relevant Source Messaging reference(s).
4. The check returns a structured findings table matching the Messi Copy Review document format (priority, quote, issue, suggested fix, source citation).
## Scope
### In scope (this cycle)
1. **HP client config** promoted from `_scope pending_` to a real entry with `hp_copy_review` as the default profile.
2. **`hp_copy_review` profile JSON** — single weighted check, client-specific visibility.
3. **`hp_copy_review` QC check** at `backend/visual_qc_apps/hp_copy_review/app.py`.
4. **`backend/excel_processor.py`** — new module mirroring `pdf_processor.py`. openpyxl extraction → Gemini summary → Markdown saved as `{file_id}_summary.md`.
5. **Reference-asset upload routing**`.xlsx` uploads route to `excel_processor.process_excel_file`. Existing endpoints (`POST /api/brand_guidelines`, `GET /api/brand_guidelines/<id>/status`, `POST .../reprocess`) work without modification beyond the dispatch line.
6. **Media plan `language` field** — free-form text column; surfaced in matched-row metadata; included in the check prompt when present; absent → graceful no-op.
7. **Report rendering** — small case in the two HTML report generators so the findings JSON renders as a priority-coloured table instead of a wall of text.
8. **Unit + smoke tests** as listed under Testing.
### Out of scope (other cycles or deferred)
- Word / PPT ingestion as reference assets — Cycle 2.
- Box file picker UI — Cycle 3.
- HP master brand guidelines reference — HP hasn't provided one yet.
- Briefs (`.pptx`) as reference assets — depends on Cycle 2.
- Multi-language Source Messaging variants — HP currently has English-only files. If they later provide Spanish / Dutch versions, no code change is needed; they upload as separate reference assets.
- Strict-grade enforcement — the HP Copy Review is a nuanced priority-tiered (High / Medium / Low) review, not pass/fail. Standard 0100 weighted scoring.
- Replacing or modifying the existing `hp-copy` PHP tool. We leave it running; HP migrates traffic at their own pace.
---
## Components
### `backend/client_config.py` — HP entry
Promote HP from placeholder to a real entry. Add `hp_copy_review` to the profile list, set as default:
```python
'hp': {
'name': 'HP',
'profiles': ['hp_copy_review', 'static_general', 'video_general'],
'display_name': 'HP',
'description': 'HP marketing copy QC graded against canonical Source Messaging',
'default_profile': 'hp_copy_review',
},
```
`box_folder_id` / `box_reports_folder_id` deferred to Cycle 3.
### `backend/profiles/hp_copy_review.json` — new profile
```json
{
"name": "HP Copy Review",
"description": "Marketing copy graded against canonical HP Source Messaging",
"mode": "asset",
"visibility": "client_specific",
"visible_to_clients": ["hp"],
"checks": {
"hp_copy_review": {
"weight": 10.0,
"llm": "gemini",
"enabled": true
}
}
}
```
Total weight = 10.0 → scoring uses the `weighted_score × 10` path, max 100. Single check carries the whole score. No `strict_grade`.
### `backend/visual_qc_apps/hp_copy_review/app.py` — new check
Standard QC app module following `flask_app_template.py`. Single Gemini call. Returns: `score` (010), `summary` (one-paragraph headline), and `findings` (JSON list).
**Prompt structure** (starting point — expect tuning during smoke testing):
```
You are a copy reviewer for HP marketing materials. Compare the
marketing asset against the canonical Source Messaging provided.
PRODUCT LANGUAGE: <from media plan, or "not specified">
CANONICAL SOURCE MESSAGING:
<one or more Markdown summaries from attached Excel reference assets,
concatenated with a `---` separator and a file-name header>
MARKETING ASSET:
<image>
For every claim, headline, body line, disclaimer, footnote, spec
call-out, and brand mention visible on the asset, evaluate against
the canonical source. Output a structured findings array:
[
{
"priority": "high" | "medium" | "low",
"category": "ksp" | "disclaimer" | "spec" | "variant" |
"tone" | "brand-name" | "language" | "other",
"quote": "<exact quote from the asset>",
"issue": "<what's wrong>",
"suggested_fix": "<what it should say, citing the canonical source>",
"source_reference": "<where in source messaging this comes from,
e.g. 'Core sheet row 12 KSP 3'>"
},
...
]
Then provide a score from 010 reflecting overall copy quality
(10 = no issues, 0 = severe and pervasive issues). Score should
weight high-priority issues most heavily.
If no Source Messaging is attached, return score 0 with a clear
summary explaining that no canonical source was provided.
```
**Empty-findings case** (clean asset): valid result — score 910, `findings: []`, summary "no issues identified".
**No-reference-attached case**: check returns score 0 with the explanatory message, rather than running blind against an empty source.
### `backend/excel_processor.py` — new module
Mirrors `pdf_processor.py`. Public surface:
- `process_excel_file(file_path, file_id) -> tuple[str, str]` — reads `.xlsx`, returns `(summary_text, summary_path)`. Saves `{file_id}_summary.md` under `brand_guidelines/files/`.
Internal helpers:
- `_extract_workbook_text(path) -> str` — openpyxl, iterates all sheets, dumps as `"Sheet: <name>\n<row-by-row tab-aligned cell values>\n\n"`. Skips empty rows. Caps at a reasonable cell budget (e.g. 50K chars) to bound prompt size.
- `_summarise_with_gemini(raw_text, source_filename) -> str` — Gemini 2.5 Pro call with HP-tuned system prompt (below) producing a structured Markdown summary, ~15003000 words.
**Summary prompt** (Excel-specific):
```
You're processing an HP Source Messaging Excel into a structured
Markdown reference. Output these sections:
## Product / Variant
(brand, product line, variant if any — e.g. "HP OmniDesk Mini — Core")
## Key Selling Points (KSPs)
For each KSP: heading, value proposition, supporting body copy,
message-length variants (ultra-short / short / medium / long if
present in the source).
## Disclaimers / Footnotes
Numbered list, exact wording, what claim each footnote anchors to.
## Approved Brand and Product Names
Exact spellings, including trademark glyphs (™, ®, ©).
## Variant Notes / Watch-outs
Anything explicitly marked variant-specific (e.g. "Mainstream only",
"Core only", "must not appear in entry tier").
## Verboten Phrasing
Any explicitly disallowed or deprecated phrasing called out in the source.
Be exhaustive but concise. Quote exactly where the source is explicit.
```
No cover image (Excel has no analogous concept). The reference-asset DB record schema already permits a null `cover_path`.
### `backend/media_plan_processor.py``language` column
When parsing media-plan Excel sheets, extract `language` (case-insensitive header match: `language`, `Language`, `LANGUAGE`) into the matched-row metadata dict. The existing media-plan-context block injected into prompts gains a `Language: <value>` line when the field is present; if absent, the line is omitted entirely (graceful no-op for clients whose media plans don't include language).
### `api_server.py` — reference asset upload routing
Existing `/api/brand_guidelines` POST routes `.pdf``pdf_processor.process_pdf_file`. Extend the dispatch: `.xlsx``excel_processor.process_excel_file`. Reuse the existing DB-record shape and the existing `GET .../<id>/status` and `POST .../<id>/reprocess` endpoints unchanged — they're agnostic to processor type.
### Report rendering — findings table
Per the [[feedback_multi_html_generators]] memory, there are two HTML generators (`generate_html_content` and `generate_comprehensive_html_report`). Both need a small case for `hp_copy_review`: when the check response contains a `findings` array, render as a table with columns for **Priority** (red/amber/green pill), **Category** (pill), **Quote** (monospace), **Issue**, **Suggested fix**, **Source**. Falls back to the existing plain-text response renderer if `findings` is absent (e.g. malformed LLM response).
---
## Data Flow
**Reference asset upload (one-time per Source Messaging file):**
1. HP user uploads `.xlsx` via Settings → Reference Assets.
2. `api_server.py` routes by extension to `excel_processor.process_excel_file`.
3. openpyxl extracts raw cell content from all sheets.
4. Gemini summarises into structured Markdown via the HP-specific summary prompt.
5. Summary saved at `brand_guidelines/files/{file_id}_summary.md`.
6. DB record updated; status flips to `ready`.
**QC run (per analysis):**
1. HP user uploads marketing asset (image).
2. Selects `hp_copy_review` profile.
3. Selects one or more Source Messaging reference assets (Core / Mainstream / Gaston as applicable).
4. (Optional) The asset's filename matches a media plan row containing a `language` value.
5. `process_single_check` for `hp_copy_review` assembles the prompt: system instructions + concatenated Markdown summaries + media-plan context (with language if present) + asset image.
6. Single Gemini call returns score + summary + findings JSON.
7. Report renderer presents findings as a Messi-Review-style table.
---
## Error Handling
- **Excel parse failure** (corrupt file, password-protected, etc.) — processor returns an error; DB status = `failed`; user sees the error in the reference-assets list. No app crash.
- **Gemini summarisation failure at upload** — retry once with exponential backoff; if still failing, save the raw extraction as the summary and mark status = `degraded`. The check can still use a degraded summary (lower fidelity) rather than blocking.
- **Check-time LLM failure or malformed findings JSON** — existing `process_single_check` exception handling captures and records a score-0 result with the error in the response. Standard pattern, no new surface.
- **Empty findings** (clean asset) — valid result; score 910, `findings: []`, summary "no issues identified".
- **No reference asset attached** — check returns score 0 with a clear message ("No HP Source Messaging reference selected — attach a Source Messaging Excel to compare against"). Doesn't run blind.
- **Excel processing concurrency** — uploads are independent files; `pdf_processor.py` already handles concurrent uploads safely (per-file_id artefact paths). Same pattern applies.
---
## Testing
Tests run against the project's existing pytest setup. Real Source Messaging Excels live under `tests/fixtures/hp/` (copied from the user-provided originals).
- **Unit tests**`excel_processor`:
- Happy path: Messi-Core / Messi-Mainstream / Gaston Excels each yield a non-empty `.md` summary containing the expected section headers (`## Key Selling Points`, `## Disclaimers / Footnotes`, etc.) and at least one KSP-level content snippet.
- Corrupt file: error returned, no crash.
- Empty workbook: graceful degradation with a sensible message.
- **Unit tests**`hp_copy_review/app.py`:
- Prompt assembly: given mock reference summaries and a mock media-plan row with `language: "UK English"`, assert the assembled prompt contains the language line, the source-messaging block delimiter, and the findings-format instructions.
- Response parsing: given a known Gemini-shape JSON response (fixture), assert findings list extracted correctly with all six fields per finding.
- Empty references: score 0 + the explanatory message.
- **Integration smoke test**: end-to-end with a real Messi asset (sample PNG of an OmniDesk eTail tile) + the Messi-Core Source Messaging reference attached. Assert the check runs to completion, returns a valid score, returns at least one finding (the Messi Copy Review found 34 — Gemini should surface at least 3 in the deterministic ones).
- **Profile load** in the pre-session checklist: add `hp_copy_review` to the loader test.
---
## Deployment
Code-only changes — no infrastructure work, no requirements changes (openpyxl already installed).
1. PR `feature/hp-cycle-1-onboarding → develop`. Deploy to dev via `deploy.sh dev`.
2. **One-time data step on dev:** HP team (or Nick on their behalf) uploads the three Source Messaging Excel files (Messi-Core, Messi-Mainstream, Gaston-v2) via the UI. These land in `brand_guidelines/files/` on dev only — uploads are not synced between dev and prod; the prod uploads happen separately.
3. Dev smoke test: run an HP marketing image through `hp_copy_review` with the Messi-Core reference attached. Verify output structure mirrors the Messi Copy Review doc.
4. PR `develop → main`. Tag `v1.4.0` (minor — new client capability). Deploy to prod via `deploy.sh prod v1.4.0`.
5. HP team uploads Source Messaging files on prod, runs first real QC, provides feedback. Prompt tuning iterations are post-deploy LLM-prompt changes — small follow-up PRs as needed, no spec changes.
---
## Definition of Done
- `hp_copy_review` profile loads cleanly (pre-session checklist passes with the new profile in the loader script).
- `client_config.get_client_profiles('hp')` returns `['hp_copy_review', 'static_general', 'video_general']`.
- `client_config.get_default_profile('hp')` returns `'hp_copy_review'`.
- Uploading a Source Messaging `.xlsx` produces a non-empty `_summary.md` within 60s of upload.
- Running `hp_copy_review` on a known Messi asset with the Messi-Core reference attached returns findings overlapping with at least 3 of the 34 issues in the HP-provided Messi Copy Review doc (rough qualitative bar — Gemini scoring varies run-to-run, but the major issues should be detected).
- Report renders the findings as a structured table, not free-text.
- Media plan parsing extracts `language` when present; the check prompt includes a `Language:` line in that case.
- Standard pre-session checklist all green on develop tip.
---
## Deferred decisions (worth surfacing at follow-up)
- **Strict-grade for HP?** Not in V1. If HP wants any High-priority finding to force overall Fail, add `strict_grade: true` to the profile and extend the scoring path (small retrofit).
- **HP master brand guidelines** — none today. Whenever HP provides a master brand guide PDF (colour palette, logo usage, typography), it can be attached as an additional reference asset alongside Source Messaging. No code change.
- **Prompt template tuning** — the templates above are starting points. Live HP usage will surface what to refine. Iterate via small prompt-only PRs.
- **Non-English Source Messaging** — if HP later provides Spanish / Dutch versions, they upload as separate reference assets and select the relevant one(s) per QC run. Works without code change.
- **Findings-output schema versioning** — if HP wants additional fields per finding (e.g. screenshot crop region, suggested approval routing), add to the JSON shape and bump renderer.
- **Briefs as reference assets** — depends on Cycle 2 (Word/PPT ingestion). Once that lands, HP can attach Gaston/Messi `.pptx` briefs alongside the Excel sources.

202
web_ui.html
View file

@ -2993,6 +2993,7 @@
'<button class="tab-btn" onclick="showTab(\'assets\')">Reference Assets</button>' +
'<button class="tab-btn" onclick="showTab(\'tools\')">QC Tools</button>' +
'<button class="tab-btn" onclick="showTab(\'mediaplan\')">Media Plan</button>' +
'<button class="tab-btn" onclick="showTab(\'defaults\')">Default Profile</button>' +
'</div>' +
'<div id="existing-tab" class="tab-content active">' +
'<div style="margin-bottom: 15px;">' +
@ -3112,6 +3113,21 @@
'<div id="mediaPlanFileInfo" style="margin-top: 15px; padding: 10px; background: #d4edda; border-radius: 6px; display: none;"></div>' +
'</div>' +
'</div>' +
'<div id="defaults-tab" class="tab-content">' +
'<div style="margin-bottom: 20px;">' +
'<h4 style="color: #495057; margin-bottom: 10px;">Default Profile</h4>' +
'<p style="color: #6c757d; font-size: 0.9em; margin-bottom: 0;">Used for unattended QC runs — e.g. files arriving via the Box webhook. Pick one of this client\\\'s profiles as the default. Admin only.</p>' +
'</div>' +
'<div id="defaultProfileClientContext" style="margin-bottom: 12px; color: #495057; font-size: 0.95em;"></div>' +
'<div id="defaultProfileList" style="border: 1px solid #dee2e6; border-radius: 8px; padding: 15px; background: #fafafa;">' +
'<p style="text-align: center; color: #6c757d; margin: 0;">Loading...</p>' +
'</div>' +
'<div style="margin-top: 15px;">' +
'<button id="setDefaultProfileBtn" onclick="saveDefaultProfile()" disabled style="background: #28a745; color: white; border: none; padding: 10px 20px; border-radius: 6px; cursor: pointer; font-weight: 600; margin-right: 10px;">Set as default</button>' +
'<button id="clearDefaultOverrideBtn" onclick="clearDefaultProfileOverride()" style="background: #6c757d; color: white; border: none; padding: 10px 16px; border-radius: 6px; cursor: pointer; display: none;">Revert to static default</button>' +
'</div>' +
'<div id="defaultProfileMessage" style="margin-top: 15px; padding: 10px; border-radius: 6px; display: none;"></div>' +
'</div>' +
'<div style="text-align: right; padding-top: 15px; border-top: 1px solid #dee2e6;">' +
'<button onclick="saveProfile()" id="saveProfileBtn" style="background: #28a745; color: white; border: none; padding: 10px 20px; border-radius: 6px; cursor: pointer; margin-right: 10px;">Save Profile</button>' +
'<button onclick="deleteProfile()" id="deleteProfileBtn" style="background: #dc3545; color: white; border: none; padding: 10px 20px; border-radius: 6px; cursor: pointer; margin-right: 10px; display: none;">Delete Profile</button>' +
@ -3533,6 +3549,11 @@
loadMediaPlanStatus();
setupMediaPlanFileInput();
}
// Load default-profile settings when that tab is shown
if (tabName === 'defaults') {
loadDefaultProfileSettings();
}
}
// Populate the read-only QC Tools reference list
@ -3607,6 +3628,187 @@
}
}
// --- Default Profile per client (admin-managed override; used by Box webhook) ---
function showDefaultProfileMessage(text, kind) {
const el = document.getElementById('defaultProfileMessage');
if (!el) return;
el.textContent = text;
const palette = kind === 'error'
? { bg: '#f8d7da', color: '#721c24', border: '#f5c6cb' }
: { bg: '#d4edda', color: '#155724', border: '#c3e6cb' };
el.style.background = palette.bg;
el.style.color = palette.color;
el.style.border = '1px solid ' + palette.border;
el.style.display = 'block';
setTimeout(() => { el.style.display = 'none'; }, 6000);
}
function _setSimpleMessage(parent, text, color) {
// Helper: replace `parent` content with a single message paragraph. Pure text, no HTML.
while (parent.firstChild) parent.removeChild(parent.firstChild);
const p = document.createElement('p');
p.textContent = text;
p.style.textAlign = 'center';
p.style.color = color || '#6c757d';
p.style.margin = '0';
parent.appendChild(p);
}
async function loadDefaultProfileSettings() {
const listEl = document.getElementById('defaultProfileList');
const contextEl = document.getElementById('defaultProfileClientContext');
const setBtn = document.getElementById('setDefaultProfileBtn');
const clearBtn = document.getElementById('clearDefaultOverrideBtn');
if (!listEl) return;
if (!selectedClient) {
contextEl.textContent = '';
_setSimpleMessage(listEl, 'Pick a client first.');
setBtn.disabled = true;
clearBtn.style.display = 'none';
return;
}
_setSimpleMessage(listEl, 'Loading...');
try {
const resp = await fetch(`${BASE_PATH}api/clients/${encodeURIComponent(selectedClient)}/default_profile`, { credentials: 'include' });
if (!resp.ok) {
const errBody = await resp.json().catch(() => ({ message: resp.statusText }));
_setSimpleMessage(listEl, 'Failed to load: ' + (errBody.message || resp.status), '#dc3545');
setBtn.disabled = true;
clearBtn.style.display = 'none';
return;
}
const data = await resp.json();
const profiles = data.profiles || [];
const effective = data.default_profile;
const staticDefault = data.static_default;
const isOverridden = effective && staticDefault && effective !== staticDefault;
// Build context line with safe DOM construction
while (contextEl.firstChild) contextEl.removeChild(contextEl.firstChild);
const clientStrong = document.createElement('strong');
clientStrong.textContent = 'Client: ';
contextEl.appendChild(clientStrong);
contextEl.appendChild(document.createTextNode(String(selectedClient)));
if (staticDefault) {
contextEl.appendChild(document.createTextNode(' · static default in code: '));
const code = document.createElement('code');
code.textContent = staticDefault;
contextEl.appendChild(code);
}
if (isOverridden) {
const overrideNote = document.createElement('span');
overrideNote.style.color = '#0c5460';
overrideNote.textContent = ' · currently overridden';
contextEl.appendChild(overrideNote);
}
if (!profiles.length) {
_setSimpleMessage(listEl, 'This client has no profiles configured.');
setBtn.disabled = true;
clearBtn.style.display = 'none';
return;
}
while (listEl.firstChild) listEl.removeChild(listEl.firstChild);
profiles.forEach(pid => {
const label = document.createElement('label');
label.style.cssText = 'display:flex;align-items:center;padding:8px 6px;border-radius:6px;cursor:pointer;';
const isDefault = pid === effective;
const isStatic = pid === staticDefault;
if (isDefault) label.style.background = '#e8f5e9';
const radio = document.createElement('input');
radio.type = 'radio';
radio.name = 'defaultProfileChoice';
radio.value = pid;
radio.style.marginRight = '10px';
if (isDefault) {
radio.checked = true;
radio.setAttribute('data-current', '1'); // sentinel for onDefaultProfileChange comparison
}
radio.addEventListener('change', onDefaultProfileChange);
label.appendChild(radio);
const code = document.createElement('code');
code.textContent = pid;
code.style.fontSize = '0.95em';
label.appendChild(code);
if (isDefault) {
const badge = document.createElement('span');
badge.textContent = 'CURRENT DEFAULT';
badge.style.cssText = 'background:#28a745;color:white;padding:2px 8px;border-radius:10px;font-size:0.75em;margin-left:8px;';
label.appendChild(badge);
} else if (isStatic) {
const badge = document.createElement('span');
badge.textContent = 'static';
badge.style.cssText = 'background:#6c757d;color:white;padding:2px 8px;border-radius:10px;font-size:0.75em;margin-left:8px;';
label.appendChild(badge);
}
listEl.appendChild(label);
});
clearBtn.style.display = isOverridden ? 'inline-block' : 'none';
setBtn.disabled = true; // re-enabled by onDefaultProfileChange when user picks a different value
} catch (err) {
_setSimpleMessage(listEl, 'Error: ' + err.message, '#dc3545');
setBtn.disabled = true;
clearBtn.style.display = 'none';
}
}
function onDefaultProfileChange() {
const setBtn = document.getElementById('setDefaultProfileBtn');
const chosen = document.querySelector('input[name="defaultProfileChoice"]:checked');
const currentDefault = document.querySelector('input[name="defaultProfileChoice"][data-current="1"]');
setBtn.disabled = !chosen || (currentDefault && chosen.value === currentDefault.value);
}
async function saveDefaultProfile() {
const chosen = document.querySelector('input[name="defaultProfileChoice"]:checked');
if (!chosen || !selectedClient) return;
try {
const resp = await fetch(`${BASE_PATH}api/clients/${encodeURIComponent(selectedClient)}/default_profile`, {
method: 'PUT',
credentials: 'include',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ profile_id: chosen.value }),
});
const data = await resp.json().catch(() => ({}));
if (!resp.ok) {
showDefaultProfileMessage('Failed: ' + (data.message || resp.statusText), 'error');
return;
}
showDefaultProfileMessage('Default profile for ' + selectedClient + ' set to ' + data.default_profile, 'ok');
loadDefaultProfileSettings();
} catch (err) {
showDefaultProfileMessage('Error: ' + err.message, 'error');
}
}
async function clearDefaultProfileOverride() {
if (!selectedClient) return;
try {
const resp = await fetch(`${BASE_PATH}api/clients/${encodeURIComponent(selectedClient)}/default_profile`, {
method: 'DELETE',
credentials: 'include',
});
const data = await resp.json().catch(() => ({}));
if (!resp.ok) {
showDefaultProfileMessage('Failed: ' + (data.message || resp.statusText), 'error');
return;
}
showDefaultProfileMessage('Override cleared. Default reverted to ' + (data.default_profile || '(none)'), 'ok');
loadDefaultProfileSettings();
} catch (err) {
showDefaultProfileMessage('Error: ' + err.message, 'error');
}
}
async function loadMediaPlanStatus() {
const container = document.getElementById('mediaPlanCurrent');
if (!container || !selectedClient) return;