Merge pull request #112 from sauagarwa/fix/unauthenticated-user

fix: order user id to use the same user for unauthenticated user and fix LangChain tool invocation

Author: yashoza19

packages/api/src/auth/middleware.py

@@ -289,10 +289,10 @@ async def get_test_user(email: str, session: AsyncSession) -> dict:
 
 async def get_dev_fallback_user(session: AsyncSession) -> dict:
     """Get fallback dev user (first user or mock) - current behavior"""
-    # Try to get first user from database
+    # Try to get first user from database (ordered by ID for consistency)
     if session and User:
         try:
-            result = await session.execute(select(User).limit(1))
+            result = await session.execute(select(User).order_by(User.id).limit(1))
             db_user = result.scalar_one_or_none()
 
             if db_user:

packages/api/src/services/alerts/generate_alert_graph.py

@@ -43,12 +43,10 @@ def generate_alert(state):
     RunnableLambda(
         lambda state: {
             **state,
-            'sql_query': parse_alert_to_sql_with_context(
-                {
-                    'transaction': state['transaction'],
-                    'alert_text': state['alert_text'],
-                    'alert_rule': state['alert_rule'],
-                }
+            'sql_query': parse_alert_to_sql_with_context.func(
+                state['transaction'],
+                state['alert_text'],
+                state['alert_rule'],
             ),
         }
     ),
@@ -58,7 +56,7 @@ def generate_alert(state):
 graph.add_node(
     'execute_sql',
     RunnableLambda(
-        lambda state: {**state, 'query_result': execute_sql(state['sql_query'])}
+        lambda state: {**state, 'query_result': execute_sql.func(state['sql_query'])}
     ),
 )
 
@@ -82,14 +80,12 @@ def generate_alert(state):
     RunnableLambda(
         lambda state: {
             **state,
-            'alert_message': generate_alert_message(
-                {
-                    'transaction': state['transaction'],
-                    'query_result': state['query_result'],
-                    'alert_text': state['alert_text'],
-                    'alert_rule': state['alert_rule'],
-                    'user': state['user'],
-                }
+            'alert_message': generate_alert_message.func(
+                state['transaction'],
+                state['query_result'],
+                state['alert_text'],
+                state['alert_rule'],
+                state['user'],
             )
             if state.get('alert_triggered')
             else '',

packages/api/src/services/alerts/parse_alert_graph.py

@@ -1,4 +1,3 @@
-# app.py
 from langchain_core.runnables import RunnableLambda
 from langgraph.graph import StateGraph
 
@@ -25,12 +24,10 @@ class AppState(dict):
     RunnableLambda(
         lambda state: {
             **state,
-            'sql_query': parse_alert_to_sql_with_context(
-                {
-                    'transaction': state['transaction'],
-                    'alert_text': state['alert_text'],
-                    'alert_rule': state['alert_rule'],
-                }
+            'sql_query': parse_alert_to_sql_with_context.func(
+                state['transaction'],
+                state['alert_text'],
+                state['alert_rule'],
             ),
         }
     ),
@@ -52,7 +49,7 @@ class AppState(dict):
 graph.add_node(
     'execute_sql',
     RunnableLambda(
-        lambda state: {**state, 'query_result': execute_sql(state['sql_query'])}
+        lambda state: {**state, 'query_result': execute_sql.func(state['sql_query'])}
     ),
 )
 

packages/api/src/services/alerts/validate_rule_graph.py

@@ -41,19 +41,17 @@ def parse_alert_node(state):
     """Parse alert text to SQL query"""
     return {
         **state,
-        'sql_query': parse_alert_to_sql_with_context.invoke(
-            {
-                'transaction': state['transaction'],
-                'alert_text': state['alert_text'],
-                'alert_rule': state['alert_rule'],
-            }
+        'sql_query': parse_alert_to_sql_with_context.func(
+            state['transaction'],
+            state['alert_text'],
+            state['alert_rule'],
         ),
     }
 
 
 def execute_sql_node(state):
     """Execute SQL query to validate it works"""
-    return {**state, 'query_result': execute_sql.invoke(state['sql_query'])}
+    return {**state, 'query_result': execute_sql.func(state['sql_query'])}
 
 
 def validate_sql_node(state):

packages/ui/src/routes/_protected/index.tsx

@@ -38,6 +38,15 @@ function Index() {
   };
 
   const calculateChange = (current: number, previous: number) => {
+    // Handle division by zero
+    if (previous === 0) {
+      if (current === 0) {
+        return { value: '0.0', isPositive: true };
+      }
+      // If previous was 0 and current is not, show as 100% increase
+      return { value: '100.0', isPositive: true };
+    }
+
     const change = ((current - previous) / previous) * 100;
     return {
       value: Math.abs(change).toFixed(1),

packages/ui/src/services/transaction.ts

@@ -235,6 +235,19 @@ export class TransactionService {
     userId: string,
   ): Promise<Transaction> {
     // Transform form data to backend API format
+    // Create transaction_date: use selected date but with current time (not midnight)
+    // Parse date in local timezone to avoid timezone conversion issues
+    const [year, month, day] = formData.date.split('-').map(Number);
+    const now = new Date();
+    const selectedDate = new Date(
+      year,
+      month - 1, // JavaScript months are 0-indexed
+      day,
+      now.getHours(),
+      now.getMinutes(),
+      now.getSeconds(),
+      now.getMilliseconds(),
+    );
     const backendPayload = {
       id: globalThis.crypto.randomUUID(), // Generate client-side ID
       user_id: userId,
@@ -244,7 +257,7 @@ export class TransactionService {
       description: formData.description,
       merchant_name: formData.merchant || 'Unknown Merchant',
       merchant_category: formData.category,
-      transaction_date: new Date(formData.date).toISOString(),
+      transaction_date: selectedDate.toISOString(),
       transaction_type: formData.type === 'credit' ? 'REFUND' : 'PURCHASE',
       status: 'PENDING',
       // Optional fields

podman-compose.yml

@@ -9,10 +9,6 @@ services:
     container_name: postgres
     env_file:
       - .env.development
-    environment:
-      POSTGRES_DB: ${POSTGRES_DB:-spending-monitor}
-      POSTGRES_USER: ${POSTGRES_USER:-user}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
     ports:
       - "${DB_PORT:-5432}:5432"
     volumes:
@@ -54,9 +50,8 @@ services:
     platform: linux/amd64
     container_name: spending-monitor-keycloak-setup
     working_dir: /app
-    environment:
-      - KEYCLOAK_URL=http://keycloak:8080
-      - DATABASE_URL=postgresql+asyncpg://user:password@postgres:5432/spending-monitor
+    env_file:
+      - .env.development
     volumes:
       - ./packages/auth/scripts:/app/scripts
       - ./data:/app/data
@@ -69,7 +64,7 @@ services:
         echo 'Keycloak port is open, waiting 20 more seconds for full startup...' &&
         sleep 20 &&
         pip install --quiet requests sqlalchemy asyncpg psycopg2-binary pyyaml &&
-        python /app/scripts/setup_keycloak.py
+        python /app/scripts/setup_keycloak_with_db_users.py
       "
     depends_on:
       - keycloak
@@ -113,30 +108,8 @@ services:
     container_name: spending-monitor-api
     env_file:
       - .env.development
-    environment:
-      - DATABASE_URL=${DATABASE_URL:-postgresql+asyncpg://user:password@postgres:5432/spending-monitor}
-      - SMTP_HOST=${SMTP_HOST:-smtp4dev}
-      - SMTP_PORT=${SMTP_PORT:-25}
-      - SMTP_USERNAME=${SMTP_USERNAME:-}
-      - SMTP_PASSWORD=${SMTP_PASSWORD:-}
-      - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL:-spending-monitor@localhost}
-      - SMTP_USE_TLS=${SMTP_USE_TLS:-false}
-      - SMTP_USE_SSL=${SMTP_USE_SSL:-false}
-      - ENVIRONMENT=${ENVIRONMENT:-development}
-      - BYPASS_AUTH=${BYPASS_AUTH:-false}
-      - API_PORT=${API_PORT:-8000}
-      - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-http://localhost:3000,http://localhost:8080}
-      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-http://localhost:3000,http://localhost:8080}
-      - ALLOWED_HOSTS=${ALLOWED_HOSTS:-http://localhost:5173}
-      - BASE_URL=${BASE_URL:-https://api.openai.com/v1}
-      - API_KEY=${API_KEY:-your-openai-api-key-here}
-      - MODEL=${MODEL:-gpt-3.5-turbo}
-      - LLAMASTACK_BASE_URL=${LLAMASTACK_BASE_URL:-http://llamastack:8321}
-      - LLM_PROVIDER=${LLM_PROVIDER:-openai}
-      - NODE_ENV=${NODE_ENV:-development}
-      - KEYCLOAK_URL=${KEYCLOAK_URL:-http://keycloak:8080}
-      - KEYCLOAK_REALM=${KEYCLOAK_REALM:-spending-monitor}
-      - KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:-spending-monitor}
+
+
     ports:
       - "8000:8000"
     depends_on:
@@ -165,13 +138,6 @@ services:
       - api
     networks:
       - spending-monitor
-    environment:
-      - VITE_API_BASE_URL=${VITE_API_BASE_URL:-/api}
-      - VITE_BYPASS_AUTH=${VITE_BYPASS_AUTH:-false}
-      - VITE_ENVIRONMENT=${VITE_ENVIRONMENT:-staging}
-      # UI needs public Keycloak URL (accessible from browser), not internal container hostname
-      - VITE_KEYCLOAK_URL=${VITE_KEYCLOAK_URL:-http://localhost:8080/realms/spending-monitor}
-      - VITE_KEYCLOAK_CLIENT_ID=${VITE_KEYCLOAK_CLIENT_ID:-spending-monitor}
 
   # Nginx reverse proxy to serve UI and proxy API
   nginx: