CORS — locked, not open
cwkPippa's CORS allows three origins: localhost:5173, 127.0.0.1:5173, and the Tailscale IP 100.x.y.z:5173. Anything else is rejected. New device on the Tailnet? Add its IP. The default 'allow all origins' is a security hole, even on a private box.
Middleware — request lifecycle hooks
FastAPI middleware wraps every request. cwkPippa uses it sparingly: a request-id generator, a structured logger, and the streaming guard that coordinates with the heartbeat (Heart track, lesson 4). Middleware should be cheap — anything expensive belongs in a route or a background task.
Errors — fail loud, fail honest
No silent catches. If the adapter raises, the route surfaces the error event over SSE so the frontend can show 'I got stuck — try again.' Never swallow exceptions to make the chat 'look fine.' That's the broken-chat sin from a different angle.
Logs — structured, not strings
Each log line is JSON: timestamp, level, request_id, message, plus structured fields. Easy to grep, easy to parse with jq, easy to feed into a log viewer. Plain-text logs become unreadable past a certain volume.