Fix Flask-Login user loader to support cookie fallback

Fix cookie setting by serving index directly

Fix session persistence with backup auth cookies

Optimize endpoint authentication requirements

Fix API endpoint errors

Fix session persistence by serving index directly

Force session cookie persistence for login

Fix login redirect loop for all browsers

Fix Safari login redirect issue

Update API endpoints to use gpt-4o-mini model

Fix SSE message format causing frontend parsing issues

Fix 'read of closed file' error in ImageProcessingAgent

Debug: Add detailed logging for SSE messages and final results

Fix: Update streaming response handling for blank screen issue

UI: Remove default values from login form

Debug: Add file system debugging to identify missing product_comparison.py

Debug: Add emergency import test when coordinator is None

Debug: Add startup import debugging to identify exact failure point

Debug: Add comprehensive debugging to start analysis endpoint

Fix Hugging Face Spaces login redirect loop

Update vision LLM agent with React Product Comparison integration

Fix IndentationError in stream_product_comparison by removing stray mis-indented block

Frontend build copied to static, add 5 test images, update API integration; ignore static backup folders

Add default user credentials to login form

Security enhancement: Move user authentication credentials to environment variables

Update api.py

feat(api): add debug logging to vision_rag_query (VRAG)

feat(vision-rag): add LangChain deps and verify .venv; vision_rag_query uses ChatOpenAI; set default OPENAI_MODEL to gpt-4o

fix(frontend): constrain preview image to container and improve OpenAI chat error logging; rebuild and sync CRA assets

fix(api): serve CRA build assets from nested static/static paths to avoid 404s

chore: rebuild frontend and sync to static

Add OpenAI model listing to chat API for debugging

Fix static file routing by adding explicit handlers for JS files

Add dedicated static file route handler to fix 404 errors for JS files

chore(api): add no-cache headers to serve_static to prevent stale frontend assets

feat(openai): add OpenAI Chat UI and backend via official OpenAI SDK; integrate built React assets; update requirements and env pins

Do not modify session in serve_index_html to avoid extending expiry; honor absolute 2-min expiry

Idle auto-logout: add 2-min client-side inactivity timer that redirects to /logout; keep session heartbeat redirect detection

Heartbeat fix: detect redirect on expired session using fetch redirect:'manual' and redirected/url checks; auto-redirect to /login

Fix redirect loop: show login page if session is authenticated but not fresh; only redirect to index when fresh

Redirect to login instead of 401 on unauthorized/not-fresh sessions (Flask-Login handlers)

Redirect-on-expiry: fresh required on /api/status and injected heartbeat in index.html responses to auto-redirect to /login when session expires

Security/session hardening: absolute 2-min expiry (SESSION_REFRESH_EACH_REQUEST=False), disable remember, anti-autofill login form, no-store cache on protected routes, clear session on logout

Enforce 2-minute session expiry: set PERMANENT_SESSION_LIFETIME=120s via timedelta and disable remember-login

Adjust session cookie SameSite=None and set PERMANENT_SESSION_LIFETIME=120s for testing

Use SameSite=None for session/remember cookies (iframe compatibility on Spaces)

Fix login redirect loop with improved session handling and debugging

Fix login redirect loop with improved session persistence

Fix Flask-Session permission error by using temp directory

Fix login redirect loop with Flask-Session and improved routing