Search UX tooltip and distinct /api/search error codes (#117)

[clean6378-max-it]

Summary

• Add search-window info tooltip to templates/search.html explaining the default 30-day indexed window, undated-chat inclusion, and the all-history checkbox.
• Replace the broad except Exception handler in api/search.py with narrowed handlers returning structured {"error", "code"} bodies for 400, 404, 503, and 500.
• Frontend search handler displays the human-readable error field from failed API responses.
• Add max query length validation (500 chars → 400) and optional workspace hash validation (404 when unknown).

Problem

Part A: Users did not understand why some search results were missing (30-day window, undated chats always included).
Part B: /api/search returned generic 500 for all failures, preventing clients from distinguishing malformed input, missing workspace, index lock, and internal errors.

Test plan

• pytest tests/test_api_search.py -q (19 passed)
• Full pytest -q (533 passed, 21 skipped)
• mypy api/search.py
• Parametrized 400 cases: empty query, invalid type, invalid since_days, query too long
• 404: unknown workspace hash
• 503: simulated sqlite3.OperationalError
• 500: unexpected internal error with internal_error code
• No regression in TestSearchWindow / happy-path behavior

Out of scope

• FTS vs live-scan refactor
• Repo-wide structured errors for all blueprints
• Search module duplication extraction (T21)

Closes #117

Summary by CodeRabbit

• New Features

  • Added search guidance in the interface explaining the default recent-history window and how to expand results to older chats.
  • Search results now respect an optional workspace filter, helping narrow searches to a specific workspace.

• Bug Fixes

  • Improved search error handling with clearer messages and status codes.
  • Search failures now show more useful feedback instead of a generic error, including cases where the search index is unavailable.
  • Search behavior is more consistent when older-history search is enabled.

[coderabbitai]

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 40 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f4565178-00c6-45c4-8398-3b5676d7c6f8

📥 Commits

Reviewing files that changed from the base of the PR and between 4e8320e and fbd9ba1.

📒 Files selected for processing (4)

• api/search.py
• static/css/style.css
• templates/search.html
• tests/test_api_search.py

📝 Walkthrough

Walkthrough

Restructures /api/search to perform explicit parameter validation (query, type, since_days, workspace) with distinct 400/404/503/500 HTTP error codes and structured {"error", "code"} JSON responses. Adds workspace post-filtering of ranked results. Introduces a search-window tooltip in the UI and defensive JSON error parsing on the frontend.

Search API hardening and UI tooltip

Layer / File(s)	Summary
Search helper functions and constants api/search.py	Adds _MAX_SEARCH_QUERY_LEN, _VALID_SEARCH_TYPES, _MAX_SEARCH_SINCE_DAYS constants and four helpers: _parse_since_days_param, _search_error, _workspace_exists, and _filter_results_by_workspace.
Restructured search() route with tiered error handling api/search.py	Moves all parameter validation outside the main try block; assembles results from multiple backends; ranks and optionally filters by workspace; splits exception handling into sqlite3.OperationalError → 503 and generic Exception → 500; success payload now includes allHistory and searchWindowDays.
Updated and new search API tests tests/test_api_search.py	Adds _assert_error_body helper and parameterized test_search_error_status_codes; revises TestSearchErrorResponses to assert 400/500/503 codes without a results key; adds test_workspace_filter_limits_results.
Tooltip UI and defensive JSON parsing static/css/style.css, templates/search.html	Adds .search-info-tooltip styles with hover/focus visibility toggling; inserts tooltip HTML explaining default 30-day window behavior; updates performSearch to parse JSON defensively and display data.error when a string.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• cppalliance/cppa-cursor-browser#102: Refactored the search handler to delegate to services/search including rank_results, which this PR builds on when restructuring the route's result assembly and ranking flow.

Suggested reviewers

• wpak-ai

🐇 A search once returned just "failed" and shrugged,
Now it speaks in codes—400, 503!
A tooltip peeks out with a wink and a nudge,
"Undated chats appear, but now you can see!"
Old errors are gone, new structure's the plan,
Hooray for the rabbit who tests what it can! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main changes: search UX tooltip and distinct /api/search error codes.
Linked Issues check	✅ Passed	The PR covers the tooltip, preserves search behavior, adds distinct 400/404/503/500 search errors, and updates tests.
Out of Scope Changes check	✅ Passed	The changes stay focused on search UX, API error handling, and related tests; no clearly unrelated scope is introduced.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/search-ux-and-api-errors

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/search.py`:
- Around line 57-66: The _workspace_exists helper currently joins
client-controlled workspace_id values directly into os.path.isdir, which can be
abused with absolute paths or .. segments. Update _workspace_exists to
explicitly allow only known-safe workspace IDs before joining paths: keep the
existing "global" and "cli:" handling, and for regular IDs validate they match
the expected workspace hash/ID format before calling
os.path.join(workspace_path, workspace_id). Reject or return false for anything
outside that allowed pattern so workspace existence checks cannot be used as a
local path oracle.
- Around line 107-112: Move workspace discovery into the existing
structured-error guard in the search flow so failures are converted to the JSON
error contract. Specifically, in the request handling around workspace_filter,
resolve_workspace_path should be called inside the try block (the same guard
used by the search endpoint), and any discovery/storage exceptions should be
caught and routed through _search_error instead of escaping before the handler
can format a 500/503 response.

In `@templates/search.html`:
- Around line 17-24: The search help tooltip is not exposed to assistive
technologies because the trigger in search.html uses a focusable span with only
aria-label, while the guidance text is just visual content. Update the tooltip
trigger to a semantic control such as a button, and connect it to the help text
using aria-describedby with the tooltip content marked appropriately (for
example, role="tooltip") so screen readers can access the 30-day/full-history
guidance. Keep the existing search-info-tooltip, search-info-tooltip-text, and
search-info-icon structure as the anchor points while changing the accessibility
semantics.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fdfda060-7323-48ea-8cff-b4a8c4d5fc20

📥 Commits

Reviewing files that changed from the base of the PR and between fb97d03 and 4e8320e.

📒 Files selected for processing (4)

• api/search.py
• static/css/style.css
• templates/search.html
• tests/test_api_search.py

[bradjin8]

Please check the following issues.

[Optional] templates/search.html line 123-126:

result-count banner could mention undated chats when windowed ("last 30 days; undated chats included"). Tooltip covers discoverability; banner would reinforce after search.

[bradjin8]

Second commit dropped aria-label="Search window help" when switching span → button. aria-describedby alone may not give the control an accessible name in all AT. Restore aria-label on the button.

[bradjin8]

test_workspace_path_resolution_failure_returns_structured_500 documents OSError → 500. Issue #117 suggested 404/503 for storage unavailability — consider 503 + storage_unavailable if you want clients to retry config/discovery failures differently from bugs. Current choice is defensible; note in PR description.

[bradjin8]

Only sqlite3.OperationalError maps to 503. Other DB errors (e.g. sqlite3.DatabaseError) fall through to 500. Fine for now; widen only if search layer raises them in practice.

[bradjin8]

workspace query param + post-filter is useful but outside #117 scope (API-only; UI does not expose it). Call out in PR as bonus scope or split to a follow-up if you want strict issue alignment.

[bradjin8]

Frontend shows data.error on failure — good. Consider surfacing data.code in a data-* attribute or dev-only suffix for operators debugging 503 vs 500.

[bradjin8]

Old 400/500 bodies included no code / 500 included "results": []. New contract is cleaner; note breaking change for any external client that expected results on error.