Neiland85 · Neiland85 · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,61 +1,46 @@
-name: "CodeQL Analysis"
+name: "CodeQL Security Scan"
 
 on:
   push:
-    branches: [ "main", "feature/karpathy-lab-init" ]
+    branches:
+      - main
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
   schedule:
-    # Run CodeQL every Monday at 9:00 AM UTC
-    - cron: '0 9 * * 1'
-  workflow_dispatch:
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
+    - cron: "0 3 * * 0"   # Opcional: escaneo semanal cada domingo a las 03:00
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze code with CodeQL
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'python' ]
+        language: ["python"]
 
     steps:
     - name: Checkout repository
+      uses: actions/checkout@v4
       uses: actions/checkout@v6
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v4
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
-      with:
-        languages: ${{ matrix.language }}
-        queries: security-extended,security-and-quality
-        config: |
-          paths-ignore:
-            - '**/test/**'
-            - '**/tests/**'
-            - '**/*_test.py'
-            - '**/test_*.py'
-
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v4
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
-      with:
-        category: "/language:${{matrix.language}}"
-        upload: true
-        output: sarif-results
-
-    - name: Upload CodeQL results
-      uses: actions/upload-artifact@v4
-      if: always()
-      with:
-        name: codeql-results
-        path: sarif-results
-        retention-days: 30
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:${{ matrix.language }}"
diff --git a/api/index.py b/api/index.py
@@ -1,41 +1,7 @@
-import os
-import sys
-from pathlib import Path
+from fastapi import APIRouter
 
-# Add the project root to Python path
-project_root = Path(__file__).parent.parent
-sys.path.insert(0, str(project_root))
+router = APIRouter()
 
-# Set environment variables for production
-os.environ.setdefault("ENVIRONMENT", "production")
-os.environ.setdefault(
-    "SECRET_KEY", os.environ.get("SECRET_KEY", "vercel-production-key-change-in-env")
-)
-
-# Import the FastAPI app
-from app.main import app
-
-# Vercel expects the app to be named 'app'
-# If your FastAPI app is named differently, change this
-app = app
-
-
-# Optional: Add Vercel-specific middleware or configuration
-@app.middleware("http")
-async def add_vercel_headers(request, call_next):
-    response = await call_next(request)
-    response.headers["X-Vercel-Cache"] = "MISS"
-    return response
-
-
-# Health check endpoint for Vercel
-@app.get("/api/health")
-async def health_check():
-    return {"status": "healthy", "platform": "vercel", "app": "NeuroBank FastAPI"}
-
-
-# For local development
-if __name__ == "__main__":
-    import uvicorn
-
-    uvicorn.run(app, host="0.0.0.0", port=int(os.environ.get("PORT", 8000)))
+@router.get("/")
+def root():
+    return {"status": "ok"}
diff --git a/api/requirements.txt b/api/requirements.txt
@@ -1,8 +1,8 @@
 fastapi==0.116.1
+starlette==0.37.2
 starlette==0.47.2
 uvicorn[standard]==0.38.0
 uvloop==0.21.0
-
 pydantic==2.7.0
 pydantic-settings==2.2.1
 

diff --git a/clean_unused_imports.sh b/clean_unused_imports.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+autoflake --in-place --remove-unused-variables --remove-all-unused-imports -r app
diff --git a/neurobank-fastapi.code-workspace b/neurobank-fastapi.code-workspace
@@ -17,7 +17,16 @@
       "**/*.pyc": true,
       ".venv": true
     },
-    "git.ignoreLimitWarning": true
+    "git.ignoreLimitWarning": true,
+    "cSpell.words": [
+      "asyncio",
+      "dotenv",
+      "jinja",
+      "loguru",
+      "pydantic",
+      "starlette",
+      "uvloop"
+    ]
   },
   "extensions": {
     "recommendations": [

diff --git a/requirements.txt b/requirements.txt
@@ -1,8 +1,8 @@
 fastapi==0.116.1
+starlette==0.37.2
 starlette==0.47.2
 uvicorn[standard]==0.38.0
 uvloop==0.21.0
-
 pydantic==2.7.0
 pydantic-settings==2.2.1
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/bash
		autoflake --in-place --remove-unused-variables --remove-all-unused-imports -r app
Copy link Copilot AI Dec 11, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. This script depends on the autoflake package, which is not listed in requirements.txt or requirements-dev.txt. Either add autoflake to the requirements-dev.txt file or document that it needs to be installed separately. Without this dependency, the script will fail when executed. Copilot uses AI. Check for mistakes.