Update admin_routes.py

admin_routes.py

@@ -1,80 +1,36 @@
+"""Admin API endpoints for Flare
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Provides authentication, project, version, and API management endpoints.
 """
-Flare Admin API Routes
-~~~~~~~~~~~~~~~~~~~~~
-Admin UI için gerekli tüm endpoint'ler
-"""
-import time
-import threading
+
 import os
-import json
+import sys
 import hashlib
-import secrets
-import commentjson
-import bcrypt
-from datetime import datetime, timedelta
-from typing import Dict, List, Optional, Any
+import json
+import jwt
+from datetime import datetime, timedelta, timezone
+from typing import Optional, List, Dict, Any
 from pathlib import Path
-from fastapi import APIRouter, HTTPException, Depends, Header
+import threading
+import time
+import bcrypt
+
+from fastapi import APIRouter, HTTPException, Depends, Body, Query
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from pydantic import BaseModel, Field
-import jwt
-from jwt.exceptions import ExpiredSignatureError, InvalidTokenError
-from utils import log
-from config_provider import ConfigProvider
-
-# Activity log retention policy (keep last 30 days)
-ACTIVITY_LOG_RETENTION_DAYS = 30
-ACTIVITY_LOG_MAX_ENTRIES = 10000
 
-# Activity log cleanup fonksiyonunu thread-safe yap
-def cleanup_activity_log():
-    """Cleanup old activity log entries - runs in background thread"""
-    while True:
-        try:
-            config = load_config()
-            
-            if "activity_log" in config:
-                # Calculate cutoff date
-                cutoff_date = datetime.utcnow() - timedelta(days=ACTIVITY_LOG_RETENTION_DAYS)
-                
-                # Filter recent entries
-                original_count = len(config["activity_log"])
-                config["activity_log"] = [
-                    log_entry for log_entry in config["activity_log"]
-                    if datetime.fromisoformat(log_entry["timestamp"].replace("Z", "+00:00")) > cutoff_date
-                ]
-                
-                # Also limit by max entries
-                if len(config["activity_log"]) > ACTIVITY_LOG_MAX_ENTRIES:
-                    config["activity_log"] = config["activity_log"][-ACTIVITY_LOG_MAX_ENTRIES:]
-                
-                # Save if anything was removed
-                removed_count = original_count - len(config["activity_log"])
-                if removed_count > 0:
-                    save_config(config)
-                    log(f"🧹 Cleaned up {removed_count} old activity log entries")
-            
-        except Exception as e:
-            log(f"❌ Activity log cleanup error: {e}")
-        
-        # Run cleanup once per day
-        time.sleep(86400)  # 24 hours
-
-# Start cleanup task when module loads
-def start_cleanup_task():
-    thread = threading.Thread(target=cleanup_activity_log, daemon=True)
-    thread.start()
+from utils import log
 
-# ===================== Dynamic Config Loading =====================
+# ===================== JWT Config =====================
 def get_jwt_config():
-    """Get JWT configuration based on work_mode"""
-    cfg = ConfigProvider.get()
+    """Get JWT configuration based on environment"""
+    work_mode = os.getenv("WORK_MODE", "on-premise")
     
-    if cfg.global_config.is_cloud_mode():
-        # Cloud mode - use HuggingFace Secrets
+    if work_mode == "hfcloud":
+        # Cloud mode - use secrets from environment
         jwt_secret = os.getenv("JWT_SECRET")
         if not jwt_secret:
-            log("❌ JWT_SECRET not found in HuggingFace Secrets!")
+            log("⚠️  WARNING: JWT_SECRET not found in environment, using fallback")
             jwt_secret = "flare-admin-secret-key-change-in-production"  # Fallback
     else:
         # On-premise mode - use .env file
@@ -113,6 +69,8 @@ class EnvironmentUpdate(BaseModel):
 class ProjectCreate(BaseModel):
     name: str
     caption: Optional[str] = ""
+    icon: Optional[str] = "folder"
+    description: Optional[str] = ""
 
 class ProjectUpdate(BaseModel):
     caption: str
@@ -188,109 +146,112 @@ def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security))
         raise HTTPException(status_code=401, detail="Invalid token")
         
 def hash_password(password: str, salt: str = None) -> tuple[str, str]:
-    """Hash password with bcrypt. Returns (hash, salt)"""
+    """Hash password with bcrypt.
+    Returns (hashed_password, salt)"""
     if salt is None:
-        # Generate new salt
-        salt_bytes = bcrypt.gensalt()
-        salt = salt_bytes.decode('utf-8')
-    else:
-        # Convert string salt to bytes
-        salt_bytes = salt.encode('utf-8')
+        salt = bcrypt.gensalt().decode('utf-8')
+    
+    # Ensure salt is bytes
+    salt_bytes = salt.encode('utf-8') if isinstance(salt, str) else salt
     
     # Hash the password
-    hashed = bcrypt.hashpw(password.encode('utf-8'), salt_bytes).decode('utf-8')
+    hashed = bcrypt.hashpw(password.encode('utf-8'), salt_bytes)
     
-    return hashed, salt
+    return hashed.decode('utf-8'), salt
 
-def verify_password(password: str, stored_hash: str, salt: str = None) -> bool:
-    """Verify password against hash - supports both bcrypt and SHA256"""
-    # First try bcrypt
-    if salt and len(stored_hash) == 60:  # bcrypt hash length
-        try:
-            return bcrypt.checkpw(password.encode('utf-8'), stored_hash.encode('utf-8'))
-        except:
-            pass
-    
-    # Fallback to SHA256 for backward compatibility
-    sha256_hash = hashlib.sha256(password.encode()).hexdigest()
-    return sha256_hash == stored_hash
-    
-def load_config() -> Dict[str, Any]:
+def verify_password(password: str, hashed: str, salt: str = None) -> bool:
+    """Verify password against hash"""
+    try:
+        # For bcrypt hashes (they contain salt)
+        if hashed.startswith('$2b$') or hashed.startswith('$2a$'):
+            return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
+        
+        # For legacy SHA256 hashes
+        return hashlib.sha256(password.encode()).hexdigest() == hashed
+    except Exception as e:
+        log(f"Password verification error: {e}")
+        return False
+
+def load_config():
     """Load service_config.jsonc"""
     config_path = Path("service_config.jsonc")
+    if not config_path.exists():
+        return {"config": {}, "projects": [], "apis": []}
+    
     with open(config_path, 'r', encoding='utf-8') as f:
-        return commentjson.load(f)
-
-def save_config(config: Dict[str, Any]):
-    """Save service_config.jsonc with pretty formatting"""
-    config_path = Path("service_config.jsonc")
-    with open(config_path, 'w', encoding='utf-8') as f:
-        # Convert to JSON string with proper formatting
-        json_str = json.dumps(config, indent=2, ensure_ascii=False)
-        f.write(json_str)
-
-def get_timestamp() -> str:
-    """Get current ISO timestamp"""
-    return datetime.utcnow().isoformat() + "Z"
-
-def add_activity_log(config: Dict[str, Any], user: str, action: str, entity_type: str,
-                   entity_id: Any, entity_name: str, details: str = ""):
-    """Add entry to activity log"""
+        content = f.read()
+        # Remove comments for JSON parsing
+        lines = []
+        for line in content.split('\n'):
+            stripped = line.strip()
+            if not stripped.startswith('//'):
+                lines.append(line)
+        clean_content = '\n'.join(lines)
+        return json.loads(clean_content)
+
+def save_config(config: dict):
+    """Save config back to service_config.jsonc"""
+    with open("service_config.jsonc", 'w', encoding='utf-8') as f:
+        json.dump(config, f, indent=2, ensure_ascii=False)
+        
+def get_timestamp():
+    """Get current timestamp in ISO format with milliseconds"""
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"
+
+def add_activity_log(config: dict, username: str, action: str, 
+                    entity_type: str, entity_id: Any, entity_name: str,
+                    details: str = ""):
+    """Add activity log entry"""
     if "activity_log" not in config:
         config["activity_log"] = []
-
-    log_entry = {
-        "id": len(config["activity_log"]) + 1,
+    
+    # Get next ID
+    log_id = max([log.get("id", 0) for log in config["activity_log"]], default=0) + 1
+    
+    config["activity_log"].append({
+        "id": log_id,
         "timestamp": get_timestamp(),
-        "user": user,
+        "user": username,
         "action": action,
         "entity_type": entity_type,
         "entity_id": entity_id,
         "entity_name": entity_name,
         "details": details
-    }
-
-    config["activity_log"].append(log_entry)
-
-    # Keep only last 100 entries
-    if len(config["activity_log"]) > 100:
-        config["activity_log"] = config["activity_log"][-100:]
+    })
+    
+    # Keep only last 1000 entries
+    if len(config["activity_log"]) > 1000:
+        config["activity_log"] = config["activity_log"][-1000:]
 
 # ===================== Auth Endpoints =====================
 @router.post("/login", response_model=LoginResponse)
 async def login(request: LoginRequest):
-    """User login"""
+    """Authenticate user and return JWT token"""
     config = load_config()
-    jwt_config = get_jwt_config()
-
-    # Find user
     users = config.get("config", {}).get("users", [])
+    
+    # Find user
     user = next((u for u in users if u["username"] == request.username), None)
-
     if not user:
         raise HTTPException(status_code=401, detail="Invalid credentials")
-
-    # Verify password with bcrypt
-    if user.get("salt"):
-        # New bcrypt format
-        if not verify_password(request.password, user["password_hash"], user["salt"]):
-            raise HTTPException(status_code=401, detail="Invalid credentials")
-    else:
-        # Legacy SHA256 format
-        if hashlib.sha256(request.password.encode()).hexdigest() != user["password_hash"]:
-            raise HTTPException(status_code=401, detail="Invalid credentials")
-
-    # Create JWT token
-    expire = datetime.utcnow() + timedelta(hours=jwt_config["expiration_hours"])
+    
+    # Verify password
+    if not verify_password(request.password, user["password_hash"], user.get("salt")):
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+    
+    # Generate JWT token
+    jwt_config = get_jwt_config()
+    
     payload = {
         "sub": request.username,
-        "exp": expire
+        "exp": datetime.now(timezone.utc) + timedelta(hours=jwt_config["expiration_hours"])
     }
+    
     token = jwt.encode(payload, jwt_config["secret"], algorithm=jwt_config["algorithm"])
-
+    
     log(f"✅ User '{request.username}' logged in")
     return LoginResponse(token=token, username=request.username)
-    
+
 @router.post("/change-password")
 async def change_password(
     request: ChangePasswordRequest,
@@ -298,74 +259,74 @@ async def change_password(
 ):
     """Change user password"""
     config = load_config()
-    
-    # Find user
     users = config.get("config", {}).get("users", [])
-    user_index = next((i for i, u in enumerate(users) if u["username"] == username), None)
     
-    if user_index is None:
+    # Find user
+    user = next((u for u in users if u["username"] == username), None)
+    if not user:
         raise HTTPException(status_code=404, detail="User not found")
     
-    user = users[user_index]
-    
     # Verify current password
-    if not verify_password(request.current_password, user["password_hash"], user.get("salt", "")):
+    if not verify_password(request.current_password, user["password_hash"], user.get("salt")):
         raise HTTPException(status_code=401, detail="Current password is incorrect")
     
-    # Generate new hash with new salt
+    # Hash new password
     new_hash, new_salt = hash_password(request.new_password)
-    
-    # Update user
-    users[user_index]["password_hash"] = new_hash
-    users[user_index]["salt"] = new_salt
+    user["password_hash"] = new_hash
+    user["salt"] = new_salt
     
     # Save config
     save_config(config)
     
-    # Add activity log
-    add_activity_log(config, username, "CHANGE_PASSWORD", "user", username, username, "Password changed")
-    save_config(config)
-    
     log(f"✅ Password changed for user '{username}'")
-    return {"success": True, "message": "Password changed successfully"}
-    
+    return {"success": True}
+
 # ===================== Environment Endpoints =====================
 @router.get("/environment")
 async def get_environment(username: str = Depends(verify_token)):
     """Get environment configuration"""
     config = load_config()
     env_config = config.get("config", {})
-
+    
     return {
-        "work_mode": env_config.get("work_mode", "hfcloud"),
+        "work_mode": env_config.get("work_mode", "on-premise"),
         "cloud_token": env_config.get("cloud_token", ""),
-        "spark_endpoint": env_config.get("spark_endpoint", "")
+        "spark_endpoint": env_config.get("spark_endpoint", "http://localhost:7861")
     }
 
 @router.put("/environment")
-async def update_environment(env: EnvironmentUpdate, username: str = Depends(verify_token)):
+async def update_environment(
+    update: EnvironmentUpdate,
+    username: str = Depends(verify_token)
+):
     """Update environment configuration"""
     config = load_config()
-
+    
     # Update config
-    config["config"]["work_mode"] = env.work_mode
-    config["config"]["cloud_token"] = env.cloud_token if env.work_mode != "on-premise" else ""
-    config["config"]["spark_endpoint"] = env.spark_endpoint
+    config["config"]["work_mode"] = update.work_mode
+    config["config"]["cloud_token"] = update.cloud_token or ""
+    config["config"]["spark_endpoint"] = update.spark_endpoint
     config["config"]["last_update_date"] = get_timestamp()
     config["config"]["last_update_user"] = username
-
-    # Save
-    save_config(config)
-
+    
     # Add activity log
-    add_activity_log(config, username, "UPDATE_ENVIRONMENT", "config", 0, "environment",
-                    f"Work mode: {env.work_mode}")
+    add_activity_log(config, username, "UPDATE_ENVIRONMENT", "config", "environment", 
+                    "environment", f"Changed to {update.work_mode}")
+    
+    # Save
     save_config(config)
-
-    log(f"✅ Environment updated by {username}")
+    
+    log(f"✅ Environment updated to {update.work_mode} by {username}")
     return {"success": True}
 
 # ===================== Project Endpoints =====================
+@router.get("/projects/names")
+def list_enabled_projects():
+    """Get list of enabled project names for chat"""
+    cfg = load_config()
+    projects = cfg.get("projects", [])
+    return [p["name"] for p in projects if p.get("enabled", False) and not p.get("deleted", False)]
+
 @router.get("/projects")
 async def list_projects(
     include_deleted: bool = False,
@@ -374,18 +335,13 @@ async def list_projects(
     """List all projects"""
     config = load_config()
     projects = config.get("projects", [])
-
+    
     # Filter deleted if needed
     if not include_deleted:
         projects = [p for p in projects if not p.get("deleted", False)]
-
+    
     return projects
 
-@router.get("/projects/names")
-def list_enabled_projects():
-    cfg = ConfigProvider.get()
-    return [p.name for p in cfg.projects if p.enabled]
-
 @router.get("/projects/{project_id}")
 async def get_project(
     project_id: int,
@@ -395,13 +351,13 @@ async def get_project(
     try:
         config = load_config()
         projects = config.get("projects", [])
-
+        
         project = next((p for p in projects if p.get("id") == project_id), None)
         if not project or project.get("deleted", False):
             raise HTTPException(status_code=404, detail="Project not found")
-
+        
         return project
-
+        
     except HTTPException:
         raise
     except Exception as e:
@@ -415,11 +371,11 @@ async def create_project(
     username: str = Depends(verify_token)
 ):
     cfg = load_config()
-
-    # 1️⃣  Yeni proje ID’si
+    
+    # 1️⃣  Yeni proje ID'si
     project_id = cfg["config"].get("project_id_counter", 0) + 1
     cfg["config"]["project_id_counter"] = project_id
-
+    
     # 2️⃣  Proje gövdesi
     new_project = {
         "id": project_id,
@@ -433,10 +389,10 @@ async def create_project(
         "created_by": username,
         "last_update_date": datetime.utcnow().isoformat(),
         "last_update_user": username,
-
+        
         # *** Versiyon sayaçları ***
         "version_id_counter": 1,
-
+        
         # *** İlk versiyon (no = 1) ***
         "versions": [{
             "id": 1,
@@ -468,14 +424,14 @@ async def create_project(
             "published_by": None
         }]
     }
-
+    
     cfg.setdefault("projects", []).append(new_project)
     save_config(cfg)
-
+    
     add_activity_log(cfg, username, "CREATE_PROJECT",
                      "project", project_id, new_project["name"])
     save_config(cfg)
-
+    
     return new_project # 201 CREATED
 
 @router.put("/projects/{project_id}")
@@ -486,27 +442,27 @@ async def update_project(
 ):
     """Update project"""
     config = load_config()
-
+    
     # Find project
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     # Check race condition
     if project.get("last_update_date") != update.last_update_date:
         raise HTTPException(status_code=409, detail="Project was modified by another user")
-
+    
     # Update
     project["caption"] = update.caption
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "UPDATE_PROJECT", "project", project_id, project["name"])
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ Project '{project['name']}' updated by {username}")
     return project
 
@@ -514,101 +470,165 @@ async def update_project(
 async def delete_project(project_id: int, username: str = Depends(verify_token)):
     """Delete project (soft delete)"""
     config = load_config()
-
+    
     # Find project
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     # Soft delete
     project["deleted"] = True
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "DELETE_PROJECT", "project", project_id, project["name"])
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ Project '{project['name']}' deleted by {username}")
     return {"success": True}
 
 @router.patch("/projects/{project_id}/toggle")
 async def toggle_project(project_id: int, username: str = Depends(verify_token)):
-    """Enable/disable project"""
+    """Toggle project enabled status"""
     config = load_config()
-
+    
     # Find project
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     # Toggle
-    project["enabled"] = not project.get("enabled", True)
+    project["enabled"] = not project.get("enabled", False)
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     action = "ENABLE_PROJECT" if project["enabled"] else "DISABLE_PROJECT"
     add_activity_log(config, username, action, "project", project_id, project["name"])
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ Project '{project['name']}' {'enabled' if project['enabled'] else 'disabled'} by {username}")
     return {"enabled": project["enabled"]}
 
 # ===================== Version Endpoints =====================
+@router.get("/projects/{project_id}/versions")
+async def list_versions(
+    project_id: int,
+    include_deleted: bool = False,
+    username: str = Depends(verify_token)
+):
+    """List project versions"""
+    config = load_config()
+    
+    # Find project
+    project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
+    if not project:
+        raise HTTPException(status_code=404, detail="Project not found")
+    
+    versions = project.get("versions", [])
+    
+    # Filter deleted if needed
+    if not include_deleted:
+        versions = [v for v in versions if not v.get("deleted", False)]
+    
+    return versions
+
 @router.post("/projects/{project_id}/versions")
 async def create_version(
     project_id: int,
-    version: VersionCreate,
+    version_data: VersionCreate,
     username: str = Depends(verify_token)
 ):
-    """Create new version from existing version"""
+    """Create new version"""
     config = load_config()
-
+    
     # Find project
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
-    # Check if there's unpublished version
-    unpublished = [v for v in project.get("versions", []) if not v.get("published", False)]
-    if unpublished:
-        raise HTTPException(status_code=400, detail="There is already an unpublished version")
-
-    # Find source version
-    source = next((v for v in project.get("versions", []) if v["id"] == version.source_version_id), None)
-    if not source:
-        raise HTTPException(status_code=404, detail="Source version not found")
-
-    # Create new version
-    project["version_id_counter"] = project.get("version_id_counter", 0) + 1
-    new_version = source.copy()
-    new_version["id"] = project["version_id_counter"]
-    new_version["caption"] = version.caption
-    new_version["published"] = False
-    new_version["created_date"] = get_timestamp()
-    new_version["created_by"] = username
-    new_version["last_update_date"] = get_timestamp()
-    new_version["last_update_user"] = username
-    new_version["publish_date"] = None
-    new_version["published_by"] = None
-
+    
+    # Get next version ID
+    version_id = project.get("version_id_counter", 0) + 1
+    project["version_id_counter"] = version_id
+    
+    # Get next version number
+    existing_versions = [v for v in project.get("versions", []) if not v.get("deleted", False)]
+    version_no = max([v.get("no", 0) for v in existing_versions], default=0) + 1
+    
+    # Create base version
+    new_version = {
+        "id": version_id,
+        "no": version_no,
+        "caption": version_data.caption,
+        "description": f"Version {version_no}",
+        "published": False,
+        "deleted": False,
+        "created_date": get_timestamp(),
+        "created_by": username,
+        "last_update_date": get_timestamp(),
+        "last_update_user": username,
+        "publish_date": None,
+        "published_by": None
+    }
+    
+    # Copy from source version if specified
+    if version_data.source_version_id:
+        source_version = next(
+            (v for v in project.get("versions", []) if v["id"] == version_data.source_version_id),
+            None
+        )
+        if source_version:
+            # Copy configuration from source
+            new_version.update({
+                "general_prompt": source_version.get("general_prompt", ""),
+                "default_api": source_version.get("default_api", ""),
+                "llm": source_version.get("llm", {}).copy(),
+                "intents": [intent.copy() for intent in source_version.get("intents", [])],
+                "parameters": [param.copy() for param in source_version.get("parameters", [])]
+            })
+    else:
+        # Empty template
+        new_version.update({
+            "general_prompt": "",
+            "default_api": "",
+            "llm": {
+                "repo_id": "",
+                "generation_config": {
+                    "max_new_tokens": 512,
+                    "temperature": 0.7,
+                    "top_p": 0.95,
+                    "top_k": 50,
+                    "repetition_penalty": 1.1
+                },
+                "use_fine_tune": False,
+                "fine_tune_zip": ""
+            },
+            "intents": [],
+            "parameters": []
+        })
+    
+    # Add to project
+    if "versions" not in project:
+        project["versions"] = []
     project["versions"].append(new_version)
+    
+    # Update project timestamp
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
-    add_activity_log(config, username, "CREATE_VERSION", "version", new_version["id"],
-                    f"{project['name']} v{new_version['id']}")
-
+    add_activity_log(config, username, "CREATE_VERSION", "version", version_id,
+                    f"{project['name']} v{version_no}")
+    
     # Save
     save_config(config)
-
-    log(f"✅ Version {new_version['id']} created for project '{project['name']}' by {username}")
+    
+    log(f"✅ Version {version_no} created for project '{project['name']}' by {username}")
     return new_version
 
 @router.put("/projects/{project_id}/versions/{version_id}")
@@ -616,51 +636,48 @@ async def update_version(
     project_id: int,
     version_id: int,
     update: VersionUpdate,
-    force: bool = False,  # Add force parameter
     username: str = Depends(verify_token)
 ):
     """Update version"""
     config = load_config()
-
+    
     # Find project and version
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     version = next((v for v in project.get("versions", []) if v["id"] == version_id), None)
     if not version:
         raise HTTPException(status_code=404, detail="Version not found")
-
-    # Check if published
+    
+    # Check race condition
+    if version.get("last_update_date") != update.last_update_date:
+        raise HTTPException(status_code=409, detail="Version was modified by another user")
+    
+    # Cannot update published version
     if version.get("published", False):
-        raise HTTPException(status_code=400, detail="Cannot update published version")
-
-    # Check race condition (skip if force=True)
-    if not force and version.get("last_update_date") != update.last_update_date:
-        raise HTTPException(
-            status_code=409, 
-            detail="Version was modified by another user. Please reload or force save."
-        )
-
-    # Update
+        raise HTTPException(status_code=400, detail="Cannot modify published version")
+    
+    # Update version
     version["caption"] = update.caption
     version["general_prompt"] = update.general_prompt
     version["llm"] = update.llm
     version["intents"] = [intent.dict() for intent in update.intents]
     version["last_update_date"] = get_timestamp()
     version["last_update_user"] = username
-
+    
+    # Update project timestamp
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "UPDATE_VERSION", "version", version_id,
-                    f"{project['name']} v{version_id}")
-
+                    f"{project['name']} v{version['no']}")
+    
     # Save
     save_config(config)
-
-    log(f"✅ Version {version_id} updated for project '{project['name']}' by {username}")
+    
+    log(f"✅ Version {version['no']} updated for project '{project['name']}' by {username}")
     return version
 
 @router.post("/projects/{project_id}/versions/{version_id}/publish")
@@ -671,40 +688,39 @@ async def publish_version(
 ):
     """Publish version"""
     config = load_config()
-
+    
     # Find project and version
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     version = next((v for v in project.get("versions", []) if v["id"] == version_id), None)
     if not version:
         raise HTTPException(status_code=404, detail="Version not found")
-
+    
     # Unpublish all other versions
     for v in project.get("versions", []):
         if v["id"] != version_id:
             v["published"] = False
-
+    
     # Publish this version
     version["published"] = True
     version["publish_date"] = get_timestamp()
     version["published_by"] = username
     version["last_update_date"] = get_timestamp()
     version["last_update_user"] = username
-
+    
+    # Update project timestamp
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "PUBLISH_VERSION", "version", version_id,
-                    f"{project['name']} v{version_id}")
-
+                    f"{project['name']} v{version['no']}")
+    
     # Save
     save_config(config)
-
-    # TODO: Notify Spark about new version
-
+    
     log(f"✅ Version {version_id} published for project '{project['name']}' by {username}")
     return {"success": True}
 
@@ -716,35 +732,35 @@ async def delete_version(
 ):
     """Delete version (soft delete)"""
     config = load_config()
-
+    
     # Find project and version
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
+    
     version = next((v for v in project.get("versions", []) if v["id"] == version_id), None)
     if not version:
         raise HTTPException(status_code=404, detail="Version not found")
-
+    
     # Cannot delete published version
     if version.get("published", False):
         raise HTTPException(status_code=400, detail="Cannot delete published version")
-
+    
     # Soft delete
     version["deleted"] = True
     version["last_update_date"] = get_timestamp()
     version["last_update_user"] = username
-
+    
     project["last_update_date"] = get_timestamp()
     project["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "DELETE_VERSION", "version", version_id,
                     f"{project['name']} v{version_id}")
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ Version {version_id} deleted for project '{project['name']}' by {username}")
     return {"success": True}
 
@@ -757,23 +773,23 @@ async def list_apis(
     """List all APIs"""
     config = load_config()
     apis = config.get("apis", [])
-
+    
     # Filter deleted if needed
     if not include_deleted:
         apis = [a for a in apis if not a.get("deleted", False)]
-
+    
     return apis
 
 @router.post("/apis")
 async def create_api(api: APICreate, username: str = Depends(verify_token)):
     """Create new API"""
     config = load_config()
-
+    
     # Check duplicate name
     existing = [a for a in config.get("apis", []) if a["name"] == api.name]
     if existing:
         raise HTTPException(status_code=400, detail="API name already exists")
-
+    
     # Create API
     new_api = api.dict()
     new_api["deleted"] = False
@@ -781,17 +797,17 @@ async def create_api(api: APICreate, username: str = Depends(verify_token)):
     new_api["created_by"] = username
     new_api["last_update_date"] = get_timestamp()
     new_api["last_update_user"] = username
-
+    
     if "apis" not in config:
         config["apis"] = []
     config["apis"].append(new_api)
-
+    
     # Add activity log
     add_activity_log(config, username, "CREATE_API", "api", api.name, api.name)
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ API '{api.name}' created by {username}")
     return new_api
 
@@ -803,16 +819,16 @@ async def update_api(
 ):
     """Update API"""
     config = load_config()
-
+    
     # Find API
     api = next((a for a in config.get("apis", []) if a["name"] == api_name), None)
     if not api:
         raise HTTPException(status_code=404, detail="API not found")
-
+    
     # Check race condition
     if api.get("last_update_date") != update.last_update_date:
         raise HTTPException(status_code=409, detail="API was modified by another user")
-
+    
     # Check if API is in use
     for project in config.get("projects", []):
         for version in project.get("versions", []):
@@ -820,20 +836,20 @@ async def update_api(
                 if intent.get("action") == api_name and version.get("published", False):
                     raise HTTPException(status_code=400,
                                       detail=f"API is used in published version of project '{project['name']}'")
-
+    
     # Update
     update_dict = update.dict()
     del update_dict["last_update_date"]
     api.update(update_dict)
     api["last_update_date"] = get_timestamp()
     api["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "UPDATE_API", "api", api_name, api_name)
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ API '{api_name}' updated by {username}")
     return api
 
@@ -841,12 +857,12 @@ async def update_api(
 async def delete_api(api_name: str, username: str = Depends(verify_token)):
     """Delete API (soft delete)"""
     config = load_config()
-
+    
     # Find API
     api = next((a for a in config.get("apis", []) if a["name"] == api_name), None)
     if not api:
         raise HTTPException(status_code=404, detail="API not found")
-
+    
     # Check if API is in use
     for project in config.get("projects", []):
         for version in project.get("versions", []):
@@ -854,18 +870,18 @@ async def delete_api(api_name: str, username: str = Depends(verify_token)):
                 if intent.get("action") == api_name:
                     raise HTTPException(status_code=400,
                                       detail=f"API is used in project '{project['name']}'")
-
+    
     # Soft delete
     api["deleted"] = True
     api["last_update_date"] = get_timestamp()
     api["last_update_user"] = username
-
+    
     # Add activity log
     add_activity_log(config, username, "DELETE_API", "api", api_name, api_name)
-
+    
     # Save
     save_config(config)
-
+    
     log(f"✅ API '{api_name}' deleted by {username}")
     return {"success": True}
 
@@ -874,7 +890,7 @@ async def delete_api(api_name: str, username: str = Depends(verify_token)):
 async def test_api(api: APICreate, username: str = Depends(verify_token)):
     """Test API endpoint"""
     import requests
-
+    
     try:
         # Prepare request
         headers = api.headers.copy()
@@ -882,7 +898,7 @@ async def test_api(api: APICreate, username: str = Depends(verify_token)):
         # Add sample auth token for testing
         if api.auth and api.auth.get("enabled"):
             headers["Authorization"] = "Bearer test_token_12345"
-
+        
         # Make request
         response = requests.request(
             method=api.method,
@@ -893,192 +909,187 @@ async def test_api(api: APICreate, username: str = Depends(verify_token)):
             timeout=api.timeout_seconds,
             proxies={"http": api.proxy, "https": api.proxy} if api.proxy else None
         )
-
+        
         return {
             "success": True,
             "status_code": response.status_code,
-            "response_time_ms": int(response.elapsed.total_seconds() * 1000),
-            "headers": dict(response.headers),
-            "body": response.text[:1000],  # First 1000 chars
-            "request_headers": headers,  # Debug için
-            "request_body": api.body_template  # Debug için
-        }
-    except requests.exceptions.Timeout:
-        return {
-            "success": False,
-            "error": f"Request timed out after {api.timeout_seconds} seconds"
+            "response": response.text[:500],  # First 500 chars
+            "headers": dict(response.headers)
         }
     except Exception as e:
         return {
             "success": False,
-            "error": str(e),
-            "error_type": type(e).__name__
+            "error": str(e)
         }
 
-@router.get("/activity-log")
-async def get_activity_log(
-    page: int = 1,
-    limit: int = 50,
+@router.post("/test/run-all")
+async def run_all_tests(
+    request: TestRequest,
+    username: str = Depends(verify_token)
+):
+    """Run all tests"""
+    # TODO: Implement test runner
+    return {
+        "status": "completed",
+        "total": 10,
+        "passed": 8,
+        "failed": 2,
+        "details": []
+    }
+
+# ===================== Import/Export Endpoints =====================
+@router.post("/projects/import")
+async def import_project(
+    project_data: dict = Body(...),
     username: str = Depends(verify_token)
 ):
-    """Get activity log with pagination"""
+    """Import project from JSON"""
     config = load_config()
-    logs = config.get("activity_log", [])
     
-    # Sort by timestamp descending (newest first)
-    logs = sorted(logs, key=lambda x: x['timestamp'], reverse=True)
+    # Validate structure
+    if "name" not in project_data:
+        raise HTTPException(status_code=400, detail="Invalid project data")
     
-    # Calculate pagination
-    total = len(logs)
-    start = (page - 1) * limit
-    end = start + limit
+    # Check duplicate name
+    existing = [p for p in config.get("projects", []) 
+               if p["name"] == project_data["name"] and not p.get("deleted", False)]
+    if existing:
+        raise HTTPException(status_code=400, detail="Project name already exists")
     
-    # Get page of logs
-    page_logs = logs[start:end]
+    # Get new project ID
+    project_id = config["config"].get("project_id_counter", 0) + 1
+    config["config"]["project_id_counter"] = project_id
     
-    return {
-        "items": page_logs,
-        "total": total,
-        "page": page,
-        "limit": limit,
-        "pages": (total + limit - 1) // limit  # Ceiling division
-    }
-
-@router.post("/test/run-all")
-async def run_all_tests(test: TestRequest, username: str = Depends(verify_token)):
-    """Run all tests"""
-    # This is a placeholder - in real implementation, this would run actual tests
-    log(f"🧪 Running {test.test_type} tests requested by {username}")
-
-    # Simulate test results
-    results = {
-        "test_type": test.test_type,
-        "start_time": get_timestamp(),
-        "tests": [
-            {"name": "Login with valid credentials", "status": "PASS", "duration_ms": 120},
-            {"name": "Create new project", "status": "PASS", "duration_ms": 340},
-            {"name": "Delete API in use", "status": "PASS", "duration_ms": 45},
-            {"name": "Race condition detection", "status": "PASS", "duration_ms": 567},
-            {"name": "Invalid token handling", "status": "PASS", "duration_ms": 23}
-        ],
-        "summary": {
-            "total": 5,
-            "passed": 5,
-            "failed": 0,
-            "duration_ms": 1095
-        }
+    # Create new project
+    new_project = {
+        "id": project_id,
+        "name": project_data["name"],
+        "caption": project_data.get("caption", ""),
+        "icon": project_data.get("icon", "folder"),
+        "description": project_data.get("description", ""),
+        "enabled": False,
+        "deleted": False,
+        "created_date": get_timestamp(),
+        "created_by": username,
+        "last_update_date": get_timestamp(),
+        "last_update_user": username,
+        "version_id_counter": 1,
+        "versions": []
     }
-
-    return results
-
-@router.post("/validate/regex")
-async def validate_regex(pattern: str, test_value: str, username: str = Depends(verify_token)):
-    """Validate regex pattern"""
-    import re
-
-    try:
-        compiled = re.compile(pattern)
-        match = compiled.fullmatch(test_value)
-        return {
-            "valid": True,
-            "matches": match is not None
-        }
-    except re.error as e:
-        return {
-            "valid": False,
-            "error": str(e)
+    
+    # Import versions
+    for idx, version_data in enumerate(project_data.get("versions", [])):
+        new_version = {
+            "id": idx + 1,
+            "no": idx + 1,
+            "caption": version_data.get("caption", f"Version {idx + 1}"),
+            "description": version_data.get("description", ""),
+            "published": False,
+            "deleted": False,
+            "created_date": get_timestamp(),
+            "created_by": username,
+            "last_update_date": get_timestamp(),
+            "last_update_user": username,
+            "publish_date": None,
+            "published_by": None,
+            "general_prompt": version_data.get("general_prompt", ""),
+            "default_api": version_data.get("default_api", ""),
+            "llm": version_data.get("llm", {}),
+            "intents": version_data.get("intents", []),
+            "parameters": version_data.get("parameters", [])
         }
+        new_project["versions"].append(new_version)
+        new_project["version_id_counter"] = idx + 1
+    
+    # Add to config
+    if "projects" not in config:
+        config["projects"] = []
+    config["projects"].append(new_project)
+    
+    # Add activity log
+    add_activity_log(config, username, "IMPORT_PROJECT", "project", project_id, new_project["name"])
+    
+    # Save
+    save_config(config)
+    
+    log(f"✅ Project '{new_project['name']}' imported by {username}")
+    return new_project
 
-# ===================== Export/Import =====================
 @router.get("/projects/{project_id}/export")
-async def export_project(project_id: int, username: str = Depends(verify_token)):
+async def export_project(
+    project_id: int,
+    username: str = Depends(verify_token)
+):
     """Export project as JSON"""
     config = load_config()
-
+    
     # Find project
     project = next((p for p in config.get("projects", []) if p["id"] == project_id), None)
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
-
-    # Collect all related APIs
-    api_names = set()
-    for version in project.get("versions", []):
-        for intent in version.get("intents", []):
-            api_names.add(intent.get("action"))
-
-    apis = [a for a in config.get("apis", []) if a["name"] in api_names]
-
-    # Create export
+    
+    # Create export data
     export_data = {
-        "export_date": get_timestamp(),
-        "exported_by": username,
-        "project": project,
-        "apis": apis
+        "name": project["name"],
+        "caption": project.get("caption", ""),
+        "icon": project.get("icon", "folder"),
+        "description": project.get("description", ""),
+        "versions": []
     }
-
-    log(f"📤 Project '{project['name']}' exported by {username}")
+    
+    # Export versions
+    for version in project.get("versions", []):
+        if not version.get("deleted", False):
+            export_version = {
+                "caption": version.get("caption", ""),
+                "description": version.get("description", ""),
+                "general_prompt": version.get("general_prompt", ""),
+                "default_api": version.get("default_api", ""),
+                "llm": version.get("llm", {}),
+                "intents": version.get("intents", []),
+                "parameters": version.get("parameters", [])
+            }
+            export_data["versions"].append(export_version)
+    
+    # Add activity log
+    add_activity_log(config, username, "EXPORT_PROJECT", "project", project_id, project["name"])
+    save_config(config)
+    
+    log(f"✅ Project '{project['name']}' exported by {username}")
     return export_data
 
-@router.post("/projects/import")
-async def import_project(data: Dict[str, Any], username: str = Depends(verify_token)):
-    """Import project from JSON"""
+# ===================== Activity Log Endpoints =====================
+@router.get("/activity-log")
+async def get_activity_log(
+    limit: int = Query(100, ge=1, le=1000),
+    username: str = Depends(verify_token)
+):
+    """Get activity log"""
     config = load_config()
+    logs = config.get("activity_log", [])
+    
+    # Return latest entries
+    return logs[-limit:]
 
-    # Extract project and APIs
-    project_data = data.get("project", {})
-    apis_data = data.get("apis", [])
-
-    # Check duplicate project name
-    existing = [p for p in config.get("projects", []) if p["name"] == project_data.get("name")]
-    if existing:
-        # Generate new name
-        project_data["name"] = f"{project_data['name']}_imported_{int(datetime.now().timestamp())}"
-
-    # Generate new IDs
-    config["config"]["project_id_counter"] = config["config"].get("project_id_counter", 0) + 1
-    project_data["id"] = config["config"]["project_id_counter"]
-
-    # Reset version IDs
-    version_counter = 0
-    for version in project_data.get("versions", []):
-        version_counter += 1
-        version["id"] = version_counter
-        version["published"] = False  # Imported versions are unpublished
-
-    project_data["version_id_counter"] = version_counter
-    project_data["created_date"] = get_timestamp()
-    project_data["created_by"] = username
-    project_data["last_update_date"] = get_timestamp()
-    project_data["last_update_user"] = username
-
-    # Import APIs
-    imported_apis = []
-    for api_data in apis_data:
-        # Check if API already exists
-        existing_api = next((a for a in config.get("apis", []) if a["name"] == api_data.get("name")), None)
-        if not existing_api:
-            api_data["created_date"] = get_timestamp()
-            api_data["created_by"] = username
-            api_data["last_update_date"] = get_timestamp()
-            api_data["last_update_user"] = username
-            api_data["deleted"] = False
-            config["apis"].append(api_data)
-            imported_apis.append(api_data["name"])
-
-    # Add project
-    config["projects"].append(project_data)
-
-    # Add activity log
-    add_activity_log(config, username, "IMPORT_PROJECT", "project", project_data["id"],
-                    project_data["name"], f"Imported with {len(imported_apis)} APIs")
-
-    # Save
-    save_config(config)
+# ===================== Cleanup Task =====================
+def cleanup_old_logs():
+    """Cleanup old activity logs (runs in background)"""
+    while True:
+        try:
+            config = load_config()
+            if "activity_log" in config and len(config["activity_log"]) > 5000:
+                # Keep only last 1000 entries
+                config["activity_log"] = config["activity_log"][-1000:]
+                save_config(config)
+                log("🧹 Cleaned up old activity logs")
+        except Exception as e:
+            log(f"Error in cleanup task: {e}")
+        
+        # Run every hour
+        time.sleep(3600)
 
-    log(f"📥 Project '{project_data['name']}' imported by {username}")
-    return {
-        "success": True,
-        "project_name": project_data["name"],
-        "project_id": project_data["id"],
-        "imported_apis": imported_apis
-    }
+def start_cleanup_task():
+    """Start cleanup task in background"""
+    cleanup_thread = threading.Thread(target=cleanup_old_logs, daemon=True)
+    cleanup_thread.start()
+    log("🧹 Started activity log cleanup task")