From 431f78cfe01a2e365c180c304952b78d1bd9de7f Mon Sep 17 00:00:00 2001
From: Noel Moreno Lemus <nmlemus@gmail.com>
Date: Wed, 18 Feb 2026 18:55:07 -0500
Subject: [PATCH 1/5] feat: security, config, and docs improvements

- Security: path traversal guards in files and artifacts routes; session_id
  validation in JSON store and API (SessionIdPath); Content-Disposition
  filename sanitization; doc notes for WebSocket API key, executor isolation,
  health endpoint
- Config: single source (deps use config.get_settings); require_api_key and
  max_upload_mb; API version from package; Dockerfile version 0.8.4
- Upload: enforce DSAGENT_MAX_UPLOAD_MB in files upload
- Tests: fix delete_session_not_found mock; API key fixture use config cache
- Docs: README CLI/Docker; CLI serve & skills; configuration DSAGENT_*; HTTP
  API base /api, files/artifacts, full endpoint list; Docker PORT and env;
  quickstart/index version-agnostic

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 Dockerfile                             |   7 +-
 README.md                              |  34 +++-
 docs/CLI.md                            | 132 ++++++++++++++--
 docs/DOCKER.md                         |  38 +++--
 docs/PLAN_MEJORAS_E_ISSUES.md          | 135 ++++++++++++++++
 docs/api/http-api.md                   | 162 +++++++++++++------
 docs/diagrams/session-creation-flow.md | 205 +++++++++++++++++++++++++
 docs/getting-started/configuration.md  |  90 ++++++-----
 docs/getting-started/quickstart.md     |   2 +-
 docs/guide/docker.md                   |  38 +++--
 docs/index.md                          |   3 +-
 src/dsagent/config.py                  |  21 ++-
 src/dsagent/core/executor.py           |  12 +-
 src/dsagent/server/app.py              |  20 ++-
 src/dsagent/server/deps.py             |  52 ++-----
 src/dsagent/server/routes/artifacts.py |  48 ++++--
 src/dsagent/server/routes/chat.py      |   9 +-
 src/dsagent/server/routes/files.py     |  78 ++++++++--
 src/dsagent/server/routes/health.py    |  12 +-
 src/dsagent/server/routes/hitl.py      |   9 +-
 src/dsagent/server/routes/kernel.py    |   9 +-
 src/dsagent/server/routes/sessions.py  |  19 ++-
 src/dsagent/server/validators.py       |  19 +++
 src/dsagent/server/websocket.py        |  11 +-
 src/dsagent/session/manager.py         |   4 +-
 src/dsagent/session/store.py           |  28 +++-
 tests/test_server.py                   |   7 +-
 uv.lock                                | 112 +++++++++-----
 28 files changed, 1039 insertions(+), 277 deletions(-)
 create mode 100644 docs/PLAN_MEJORAS_E_ISSUES.md
 create mode 100644 docs/diagrams/session-creation-flow.md
 create mode 100644 src/dsagent/server/validators.py

diff --git a/Dockerfile b/Dockerfile
index 7a1f40c..da95045 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ARG INSTALL_LATEX=false
 
 # Labels
 LABEL maintainer="DSAgent Contributors"
-LABEL version="0.7.0"
+LABEL version="0.8.4"
 LABEL description="AI-powered autonomous agent for data science"
 
 # Set environment variables
@@ -21,8 +21,7 @@ ENV PYTHONUNBUFFERED=1 \
     PIP_NO_CACHE_DIR=1 \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
     DSAGENT_WORKSPACE=/workspace \
-    DSAGENT_SESSIONS_DIR=/workspace \
-    LLM_MODEL=gpt-4o
+    DSAGENT_SESSIONS_DIR=/workspace
 
 # Install system dependencies (base)
 RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -72,4 +71,4 @@ EXPOSE 8000
 
 # Default command: start API server
 # Can be overridden to run CLI: docker run -it dsagent dsagent chat
-CMD ["dsagent", "serve", "--host", "0.0.0.0", "--port", "8000"]
+CMD ["sh", "-c", "dsagent serve --host 0.0.0.0 --port ${PORT:-8000}"]
diff --git a/README.md b/README.md
index a2ec8ce..d45a1c9 100644
--- a/README.md
+++ b/README.md
@@ -50,20 +50,32 @@ uv sync --all-extras
 
 ### Docker
 
+Configuration uses the same environment variables as the CLI and server (see [Configuration](docs/getting-started/configuration.md)). The container listens on `PORT` (default 8000).
+
 ```bash
-# Run API server
-docker run -d -p 8000:8000 \
+# Run API server (default: port 8000)
+docker run -d -p 8080:8080 \
+  -e PORT=8080 \
+  -e DSAGENT_DEFAULT_MODEL=gpt-4o \
   -e OPENAI_API_KEY=sk-your-key \
   nmlemus/dsagent:latest
 
 # Run interactive CLI
 docker run -it \
   -e OPENAI_API_KEY=sk-your-key \
+  -v "$(pwd)/workspace:/workspace" \
   nmlemus/dsagent:latest \
   dsagent chat
+
+# One-shot task
+docker run --rm \
+  -e OPENAI_API_KEY=sk-your-key \
+  -v "$(pwd)/workspace:/workspace" \
+  nmlemus/dsagent:latest \
+  dsagent run "Analyze data/sales.csv" --data ./data/sales.csv
 ```
 
-For Docker deployment details, see [docs/DOCKER.md](docs/DOCKER.md).
+For Docker deployment details, see [docs/DOCKER.md](docs/DOCKER.md) and [docs/guide/docker.md](docs/guide/docker.md).
 
 ## Quick Start
 
@@ -85,7 +97,7 @@ This will:
   - Local → `ollama/llama3`
 - Optionally configure MCP tools (web search, etc.)
 
-To use a different model, edit `~/.dsagent/.env` or use the `--model` flag:
+To use a different model, set `DSAGENT_DEFAULT_MODEL` or `LLM_MODEL` in `~/.dsagent/.env`, or use the `--model` flag:
 ```bash
 dsagent --model gpt-4o-mini
 ```
@@ -118,11 +130,15 @@ dsagent run "Analyze sales trends" --data ./sales.csv
 | `dsagent` | Start interactive chat (default) |
 | `dsagent chat` | Same as above, with explicit options |
 | `dsagent run "task"` | Execute a one-shot task |
+| `dsagent serve` | Run REST + WebSocket API server |
 | `dsagent init` | Setup wizard for configuration |
 | `dsagent skills list` | List installed skills |
-| `dsagent skills install <source>` | Install a skill |
+| `dsagent skills install <source>` | Install a skill from GitHub or path |
+| `dsagent skills remove <name>` | Remove a skill |
+| `dsagent skills info <name>` | Show skill details |
 | `dsagent mcp list` | List configured MCP servers |
-| `dsagent mcp add <template>` | Add an MCP server |
+| `dsagent mcp add <template>` | Add an MCP server from template |
+| `dsagent mcp remove <name>` | Remove an MCP server |
 
 ### Examples
 
@@ -259,8 +275,10 @@ DSAgent comes with essential data science libraries pre-installed:
 
 ## Documentation
 
-- [CLI Reference](docs/CLI.md) - Complete command-line options
-- [Python API](docs/PYTHON_API.md) - Detailed API documentation
+- [CLI Reference](docs/CLI.md) - All commands: chat, run, serve, init, mcp, skills
+- [Configuration](docs/getting-started/configuration.md) - Environment variables and `.env`
+- [HTTP API](docs/api/http-api.md) - REST and WebSocket API reference
+- [Python API](docs/PYTHON_API.md) - ConversationalAgent and PlannerAgent
 - [Model Configuration](docs/MODELS.md) - LLM provider setup
 - [MCP Tools](docs/MCP.md) - External tools integration
 - [Agent Skills](docs/guide/skills.md) - Extensible skill system
diff --git a/docs/CLI.md b/docs/CLI.md
index 1dffaea..3a6031f 100644
--- a/docs/CLI.md
+++ b/docs/CLI.md
@@ -8,7 +8,12 @@ DSAgent provides a unified command-line interface with subcommands for different
 dsagent                          # Start interactive chat (default)
 dsagent chat                     # Same as above
 dsagent run "task"               # Execute one-shot task
+dsagent serve [--port 8000]      # Run REST + WebSocket API server
 dsagent init                     # Setup wizard
+dsagent skills list              # List installed skills
+dsagent skills install <source>  # Install a skill
+dsagent skills remove <name>     # Remove a skill
+dsagent skills info <name>       # Show skill details
 dsagent mcp list                 # List MCP servers
 dsagent mcp add <template>       # Add MCP server
 dsagent mcp remove <name>        # Remove MCP server
@@ -31,8 +36,8 @@ dsagent chat [options]
 
 | Option | Short | Description | Default |
 |--------|-------|-------------|---------|
-| `--model` | `-m` | LLM model to use | `gpt-4o` or `$LLM_MODEL` |
-| `--workspace` | `-w` | Workspace directory | `./workspace` |
+| `--model` | `-m` | LLM model to use | `DSAGENT_DEFAULT_MODEL` or `LLM_MODEL` or `gpt-4o` |
+| `--workspace` | `-w` | Workspace directory | `./workspace` or `$DSAGENT_WORKSPACE` |
 | `--session` | `-s` | Session ID to resume | New session |
 | `--hitl` | | Human-in-the-loop mode | `none` |
 | `--live-notebook` | | Save notebook after each execution | Off |
@@ -49,6 +54,8 @@ dsagent chat [options]
 | `plan_answer` | Pause for plan and final answer approval |
 | `on_error` | Pause only when errors occur |
 
+(For `dsagent run`, valid modes are `none`, `plan_only`, `on_error`, `plan_and_answer`, `full`.)
+
 ### Examples
 
 ```bash
@@ -88,10 +95,98 @@ Once in a chat session, you can use slash commands:
 | `/clear` | Clear the screen |
 | `/model <name>` | Change the model |
 | `/status` | Show current status |
+| `/vars` | Show kernel variables |
+| `/data` | List or copy data files |
+| `/workspace` | Show workspace paths |
 | `/quit` | Exit the session |
 
 ---
 
+## `dsagent serve`
+
+Run the REST and WebSocket API server. Uses the same configuration as the CLI (env vars and `.env`). Host and port are set by flags; API key, CORS, and upload limits come from config.
+
+```bash
+dsagent serve [options]
+```
+
+### Options
+
+| Option | Short | Description | Default |
+|--------|-------|-------------|---------|
+| `--host` | | Host to bind to | `0.0.0.0` |
+| `--port` | `-p` | Port to listen on | `8000` |
+| `--reload` | | Enable auto-reload (development) | Off |
+| `--log-level` | | Logging level | `info` |
+
+### Environment variables (server)
+
+| Variable | Description |
+|----------|-------------|
+| `DSAGENT_API_KEY` | If set, API and WebSocket require `X-API-Key` header |
+| `DSAGENT_CORS_ORIGINS` | Comma-separated origins or `*` |
+| `DSAGENT_REQUIRE_API_KEY` | If `true`, server refuses to start without `DSAGENT_API_KEY` |
+| `DSAGENT_MAX_UPLOAD_MB` | Max upload size per file in MB (`0` = no limit) |
+
+### Examples
+
+```bash
+# Default: 0.0.0.0:8000, no API key
+dsagent serve
+
+# Custom port
+dsagent serve --port 3000
+
+# With API key (set in env)
+export DSAGENT_API_KEY=my-secret-key
+dsagent serve
+
+# Development with reload
+dsagent serve --reload --log-level debug
+```
+
+API docs when running: `http://localhost:8000/docs`. Health: `http://localhost:8000/health`.
+
+---
+
+## `dsagent skills`
+
+Manage Agent Skills (extensible capabilities). Skills are stored in `~/.dsagent/skills/`.
+
+### `dsagent skills list`
+
+List installed skills.
+
+### `dsagent skills install <source>`
+
+Install a skill. Source can be:
+
+- `github:owner/repo` — install from GitHub
+- `github:owner/repo/path` — install from a subpath
+- `./path` or `/path` — install from local directory
+
+Options: `--force` / `-f` to overwrite existing.
+
+### `dsagent skills remove <name>`
+
+Remove an installed skill by name.
+
+### `dsagent skills info <name>`
+
+Show details for an installed skill.
+
+### Examples
+
+```bash
+dsagent skills list
+dsagent skills install github:dsagent-skills/eda
+dsagent skills install ./my-skill --force
+dsagent skills remove eda-analysis
+dsagent skills info eda-analysis
+```
+
+---
+
 ## `dsagent run`
 
 Execute a one-shot task without interactive mode.
@@ -269,25 +364,32 @@ dsagent mcp remove brave_search
 
 ## Environment Variables
 
-DSAgent reads configuration from environment variables and `.env` files.
+DSAgent uses a single config source: `dsagent.config`. All settings can be set via environment variables with the `DSAGENT_` prefix or via `.env` files.
+
+### Search Order for `.env` (CLI)
 
-### Search Order for `.env`
+1. Global: `~/.dsagent/.env` (loaded first)
+2. Local: `./.env` (overrides global)
 
-1. Current working directory: `./.env`
-2. Project root: `{project}/.env`
-3. User config: `~/.dsagent/.env`
+So you can set API keys in `~/.dsagent/.env` and override model or workspace per project in `./.env`.
 
 ### Configuration Variables
 
-| Variable | Description | Example |
+| Variable | Description | Default |
 |----------|-------------|---------|
-| `LLM_MODEL` | Default model | `gpt-4o` |
-| `LLM_API_BASE` | Custom API endpoint | `http://localhost:4000/v1` |
-| `OPENAI_API_KEY` | OpenAI API key | `sk-...` |
-| `ANTHROPIC_API_KEY` | Anthropic API key | `sk-ant-...` |
-| `GOOGLE_API_KEY` | Google API key | `...` |
-| `DEEPSEEK_API_KEY` | DeepSeek API key | `...` |
-| `BRAVE_API_KEY` | Brave Search API key | `...` |
+| `DSAGENT_DEFAULT_MODEL` | Default LLM model (recommended) | `gpt-4o` |
+| `LLM_MODEL` | Legacy default model (CLI compatible) | - |
+| `DSAGENT_WORKSPACE` | Workspace directory | `./workspace` |
+| `DSAGENT_SESSIONS_DIR` | Sessions directory under workspace | `workspace` |
+| `DSAGENT_MAX_ROUNDS` | Max agent iterations | `30` |
+| `DSAGENT_TEMPERATURE` | LLM temperature | `0.3` |
+| `LLM_API_BASE` | Custom API endpoint (e.g. LiteLLM proxy) | - |
+| `OPENAI_API_KEY` | OpenAI API key | - |
+| `ANTHROPIC_API_KEY` | Anthropic API key | - |
+| `GOOGLE_API_KEY` | Google API key | - |
+| `GROQ_API_KEY` | Groq API key | - |
+| `DEEPSEEK_API_KEY` | DeepSeek API key | - |
+| `BRAVE_API_KEY` | Brave Search (MCP) | - |
 
 ### Using LiteLLM Proxy
 
diff --git a/docs/DOCKER.md b/docs/DOCKER.md
index 824e82f..7b18948 100644
--- a/docs/DOCKER.md
+++ b/docs/DOCKER.md
@@ -35,9 +35,11 @@ DSAgent provides Docker images for easy deployment of both the CLI and API serve
 # Pull the image
 docker pull nmlemus/dsagent:latest
 
-# Run API server
+# Run API server (PORT defaults to 8000)
 docker run -d \
-  -p 8000:8000 \
+  -p 8080:8080 \
+  -e PORT=8080 \
+  -e DSAGENT_DEFAULT_MODEL=gpt-4o \
   -e OPENAI_API_KEY=sk-your-key \
   -v $(pwd)/workspace:/workspace \
   nmlemus/dsagent:latest
@@ -48,25 +50,36 @@ docker run -it \
   -v $(pwd)/workspace:/workspace \
   nmlemus/dsagent:latest \
   dsagent chat
+
+# One-shot task
+docker run --rm \
+  -e OPENAI_API_KEY=sk-your-key \
+  -v $(pwd)/workspace:/workspace \
+  nmlemus/dsagent:latest \
+  dsagent run "Analyze this dataset" --data ./data.csv
 ```
 
 ## Configuration
 
 ### Environment Variables
 
-#### LLM Configuration
+Configuration matches the rest of DSAgent: use `DSAGENT_*` and provider API keys. The default container command runs the API server and listens on `PORT` (default 8000).
+
+#### LLM and model
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `LLM_MODEL` | LLM model to use | `gpt-4o` |
-| `OPENAI_API_KEY` | OpenAI API key (for gpt-* models) | - |
-| `ANTHROPIC_API_KEY` | Anthropic API key (for claude-* models) | - |
-| `GOOGLE_API_KEY` | Google API key (for gemini/* models) | - |
+| `DSAGENT_DEFAULT_MODEL` | Default LLM model | `gpt-4o` |
+| `LLM_MODEL` | Legacy default model | - |
+| `OPENAI_API_KEY` | OpenAI API key | - |
+| `ANTHROPIC_API_KEY` | Anthropic API key | - |
+| `GOOGLE_API_KEY` | Google API key | - |
+| `GROQ_API_KEY` | Groq API key | - |
 | `DEEPSEEK_API_KEY` | DeepSeek API key | - |
-| `LLM_API_BASE` | Custom API endpoint (for proxies) | - |
+| `LLM_API_BASE` | Custom API endpoint | - |
 | `OLLAMA_API_BASE` | Ollama API endpoint | `http://host.docker.internal:11434` |
 
-#### Agent Settings
+#### Agent settings
 
 | Variable | Description | Default |
 |----------|-------------|---------|
@@ -75,12 +88,15 @@ docker run -it \
 | `DSAGENT_MAX_TOKENS` | Max tokens per response | `4096` |
 | `DSAGENT_CODE_TIMEOUT` | Code execution timeout (seconds) | `300` |
 
-#### API Server
+#### API server and port
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `DSAGENT_API_KEY` | API authentication key | - (disabled) |
+| `PORT` | Port the server listens on | `8000` |
+| `DSAGENT_API_KEY` | API key (enables auth when set) | - (disabled) |
 | `DSAGENT_CORS_ORIGINS` | CORS allowed origins | `*` |
+| `DSAGENT_REQUIRE_API_KEY` | Refuse start without API key | `false` |
+| `DSAGENT_MAX_UPLOAD_MB` | Max upload per file (MB); `0` = no limit | `50` |
 
 #### MCP Tools (Optional)
 
diff --git a/docs/PLAN_MEJORAS_E_ISSUES.md b/docs/PLAN_MEJORAS_E_ISSUES.md
new file mode 100644
index 0000000..e6dccba
--- /dev/null
+++ b/docs/PLAN_MEJORAS_E_ISSUES.md
@@ -0,0 +1,135 @@
+# Plan: Mejoras e issues para futuras implementaciones
+
+Revisión del proyecto DSAgent (feb 2025): hallazgos de seguridad, consistencia, calidad y mejoras sugeridas. Pendiente de implementación.
+
+---
+
+## Qué es el proyecto
+
+**DSAgent** es un agente de ciencia de datos impulsado por LLMs que:
+
+- Ejecuta código Python en un kernel Jupyter persistente.
+- Usa LiteLLM para planificación y generación de código (OpenAI, Anthropic, Groq, Ollama, etc.).
+- Expone **CLI** (`dsagent chat`, `dsagent run`) y **API REST + WebSocket** (`dsagent serve`).
+- Soporta MCP (Model Context Protocol) y Human-in-the-Loop (HITL).
+
+Arquitectura relevante:
+
+- **`src/dsagent/agents/`**: `PlannerAgent` (planificación) y `ConversationalAgent` (chat).
+- **`src/dsagent/core/`**: motor, ejecutor Jupyter, planner, HITL.
+- **`src/dsagent/server/`**: FastAPI, rutas (sessions, chat, files, artifacts, kernel, hitl), WebSocket.
+- **`src/dsagent/session/`**: sesiones con backends SQLite y JSON.
+- **`src/dsagent/config.py`** y **`src/dsagent/server/deps.py`**: configuración y dependencias del servidor.
+
+---
+
+## Seguridad
+
+### 1. Path traversal en descarga/borrado de archivos (prioridad alta)
+
+En **`src/dsagent/server/routes/files.py`** y **`src/dsagent/server/routes/artifacts.py`**:
+
+- `download_file`, `delete_file` y `download_artifact`, `delete_artifact` construyen `file_path = base_path / filename` sin comprobar que el resultado quede dentro de `base_path`.
+- Un `filename` como `../../../etc/passwd` o `..\\..\\foo` puede hacer que se resuelva fuera del directorio de la sesión.
+
+**Recomendación:** Tras resolver la ruta (`file_path.resolve()`), comprobar que está bajo `base_path.resolve()` (por ejemplo con `is_relative_to()` en Python 3.9+), y rechazar con 400 si no.
+
+### 2. Path traversal en store de sesiones (backend JSON)
+
+En **`src/dsagent/session/store.py`** (JSON backend):
+
+- `_session_path(session_id)` hace `self.storage_dir / f"{session_id}.json"`.
+- Un `session_id` como `../../tmp/evil` (si en algún flujo se aceptara) podría apuntar fuera de `storage_dir`.
+
+**Recomendación:** Validar `session_id` en los puntos de entrada (API): solo permitir caracteres seguros (p. ej. alfanuméricos, guión, underscore) o formato conocido (p. ej. `YYYYMMDD_HHMMSS_xxxxxx`). Opcionalmente en el store: normalizar y comprobar que el path resuelto esté dentro de `storage_dir`.
+
+### 3. API key opcional y CORS por defecto
+
+- En **`src/dsagent/server/deps.py`**: si `DSAGENT_API_KEY` no está definido, `verify_api_key` no exige clave; todas las rutas que dependen de ella quedan abiertas.
+- En **`src/dsagent/config.py`** / app: `cors_origins` por defecto es `"*"` con `allow_credentials=True`, lo que en producción puede ser demasiado permisivo.
+
+**Recomendación:** Documentar claramente que en producción debe configurarse `DSAGENT_API_KEY` y orígenes CORS restringidos; opcionalmente en modo "producción" rechazar arranque si no hay API key.
+
+### 4. WebSocket: API key en query string
+
+En **`src/dsagent/server/websocket.py`** la API key se pasa por query (`?api_key=xxx`). Las query strings suelen quedar en logs y en historial del servidor.
+
+**Recomendación:** Documentar el riesgo; a medio plazo valorar un flujo de autenticación que no exponga la clave en la URL (por ejemplo token en el primer mensaje del WebSocket).
+
+### 5. Ejecución de código sin aislamiento
+
+En **`src/dsagent/core/executor.py`** el código generado por el agente se ejecuta en el kernel con el mismo usuario y sin sandbox. Código malicioso o erróneo podría acceder al sistema de archivos, red, etc.
+
+**Recomendación:** Dejar documentado como riesgo conocido; para entornos multi-usuario o no confiables, considerar contenedores efímeros por sesión o límites de recursos (CPU/memoria) a nivel de despliegue.
+
+### 6. Content-Disposition y nombres de archivo
+
+En **`src/dsagent/server/routes/sessions.py`** (export JSON) se usa `session_id` directo en `Content-Disposition: filename="..."`. Si `session_id` contuviera comillas o saltos de línea podría facilitar header injection.
+
+**Recomendación:** Sanitizar o escapar cualquier valor que se inserte en cabeceras (p. ej. quitar o codificar caracteres no seguros en `filename`).
+
+---
+
+## Consistencia y mantenibilidad
+
+### 7. Dos fuentes de configuración (config vs deps)
+
+- **`src/dsagent/config.py`** define `DSAgentSettings` y `get_settings()` (cacheado).
+- **`src/dsagent/server/deps.py`** define `ServerSettings` y otro `get_settings()` (también cacheado).
+
+El servidor usa `deps.get_settings()` en el lifespan; la resolución del modelo usa `config.get_default_model()` que internamente usa `config.get_settings()`. Así hay dos "fuentes de verdad" para cosas como `default_model`, `api_key`, `cors_origins`, etc.
+
+**Recomendación:** Unificar en una sola clase de settings (por ejemplo la de `config.py`) y que el servidor dependa de ella, o documentar explícitamente qué lee cada parte y evitar duplicar campos críticos.
+
+### 8. Versión de API desincronizada
+
+En **`src/dsagent/server/app.py`** línea 31: `API_VERSION = "0.6.2"` mientras que en **`pyproject.toml`** y **`src/dsagent/__init__.py`** la versión del paquete es `0.8.4`.
+
+**Recomendación:** Sincronizar `API_VERSION` con la versión del paquete o definir una política clara (p. ej. "API version = major.minor del paquete").
+
+### 9. Dockerfile: versión en LABEL
+
+En **`Dockerfile`** el `LABEL version="0.7.0"` no coincide con la versión actual del proyecto (0.8.4).
+
+**Recomendación:** Usar la misma versión que en `pyproject.toml` o generar el label en el build a partir del mismo origen.
+
+---
+
+## Calidad y buenas prácticas
+
+### 10. Validación de `session_id` en la API
+
+Los endpoints reciben `session_id` como path parameter sin validar formato. Aunque el backend SQLite usa parámetros preparados (sin SQL injection), un `session_id` con `..` o `/` puede ser problemático en el backend JSON y en rutas que construyen paths (archivos, notebooks).
+
+**Recomendación:** Añadir un validador (Pydantic o función) que rechace `session_id` con caracteres no permitidos en todos los routers que lo usan.
+
+### 11. Límites de tamaño en uploads
+
+En **`src/dsagent/server/routes/files.py`** no hay límite explícito en el tamaño del cuerpo o por archivo. Un cliente podría subir archivos muy grandes y afectar disco o memoria.
+
+**Recomendación:** Configurar límites en FastAPI (tamaño máximo de request) o por archivo y documentarlos.
+
+### 12. Timeout y recursos del kernel
+
+En **`src/dsagent/core/executor.py`** el timeout por ejecución es configurable (`code_timeout`), pero no hay límite global de tiempo de vida del kernel ni de memoria. Sesiones largas o código pesado pueden acumular uso.
+
+**Recomendación:** Documentar; en despliegues compartidos considerar políticas de límite de tiempo o reciclado de kernels.
+
+### 13. Health/ready sin auth
+
+**`src/dsagent/server/routes/health.py`** no usa `verify_api_key`, lo cual es razonable para comprobaciones de carga y readiness, pero el endpoint expone versión y estado de componentes.
+
+**Recomendación:** Dejar sin auth por defecto; si en algún entorno se quiere ocultar versión, valorar un health "mínimo" sin detalles o con auth opcional.
+
+---
+
+## Resumen de prioridades
+
+| Prioridad | Tema |
+|-----------|------|
+| Alta | Path traversal en files y artifacts (descarga/borrado) |
+| Alta | Validación de `session_id` y path seguro en JSON store |
+| Media | Unificar configuración (config vs deps) |
+| Media | Sincronizar versiones (API, Dockerfile, paquete) |
+| Media | Límites de upload y documentación de API key/CORS |
+| Baja | Content-Disposition seguro, WebSocket auth sin query, documentar riesgos de ejecución de código |
diff --git a/docs/api/http-api.md b/docs/api/http-api.md
index eea5d59..f5daed5 100644
--- a/docs/api/http-api.md
+++ b/docs/api/http-api.md
@@ -1,26 +1,37 @@
 # HTTP API Reference
 
-DSAgent provides a REST API with Server-Sent Events (SSE) for building custom UIs and integrations.
+DSAgent provides a REST API and WebSocket for building custom UIs and integrations. The streaming chat endpoint uses Server-Sent Events (SSE).
 
 ## Base URL
 
+All API routes are under `/api` (no version prefix). Health endpoints are at the root.
+
 ```
-http://localhost:8000/api/v1
+http://localhost:8000
 ```
 
+| Path | Description |
+|------|-------------|
+| `GET /health` | Health check (no auth) |
+| `GET /health/ready` | Readiness check (no auth) |
+| `/api/sessions` | Session CRUD |
+| `/api/sessions/{id}/chat` | Chat (sync and stream) |
+| `/api/sessions/{id}/kernel` | Kernel state, execute, reset |
+| `/api/sessions/{id}/files` | List/upload/download/delete files |
+| `/api/sessions/{id}/artifacts` | List/download/delete artifacts |
+| `/api/sessions/{id}/hitl/*` | Human-in-the-loop |
+| `WS /ws/chat/{session_id}` | WebSocket chat |
+
 ## Authentication
 
-All endpoints require an API key passed in the header:
+If `DSAGENT_API_KEY` is set, all API endpoints (except `/health`, `/health/ready`) require the key.
 
+**Header (recommended):**
 ```bash
 X-API-Key: your-api-key
 ```
 
-Or as a query parameter:
-
-```
-?api_key=your-api-key
-```
+**Query (WebSocket only):** `?api_key=your-api-key` (see security note in server docs)
 
 ---
 
@@ -29,7 +40,7 @@ Or as a query parameter:
 ### Create Session
 
 ```http
-POST /sessions
+POST /api/sessions
 ```
 
 **Request Body:**
@@ -58,27 +69,51 @@ POST /sessions
 ### List Sessions
 
 ```http
-GET /sessions
+GET /api/sessions?status=active&limit=50
 ```
 
+**Query:** `status` (optional), `limit` (default 50, max 100).
+
 ### Get Session
 
 ```http
-GET /sessions/{session_id}
+GET /api/sessions/{session_id}
 ```
 
 ### Delete Session
 
 ```http
-DELETE /sessions/{session_id}
+DELETE /api/sessions/{session_id}
+```
+
+### Archive Session
+
+```http
+POST /api/sessions/{session_id}/archive
 ```
 
+### Export Session as JSON
+
+```http
+GET /api/sessions/{session_id}/export
+```
+
+Returns session data with `Content-Disposition: attachment; filename="...json"`.
+
+### Export Session as Notebook
+
+```http
+GET /api/sessions/{session_id}/notebook
+```
+
+Returns the session's Jupyter notebook (`.ipynb`) if available.
+
 ### Update Session
 
 Update session configuration including model and HITL mode at runtime.
 
 ```http
-PUT /sessions/{session_id}
+PUT /api/sessions/{session_id}
 Content-Type: application/json
 
 {
@@ -136,7 +171,7 @@ HITL allows human approval before the agent executes plans or code. When enabled
 Check if the agent is awaiting human approval.
 
 ```http
-GET /sessions/{session_id}/hitl/status
+GET /api/sessions/{session_id}/hitl/status
 ```
 
 **Response:**
@@ -165,7 +200,7 @@ GET /sessions/{session_id}/hitl/status
 Approve the pending plan/code and continue execution.
 
 ```http
-POST /sessions/{session_id}/hitl/approve
+POST /api/sessions/{session_id}/hitl/approve
 ```
 
 **Response:**
@@ -181,7 +216,7 @@ POST /sessions/{session_id}/hitl/approve
 Reject and abort the current task.
 
 ```http
-POST /sessions/{session_id}/hitl/reject
+POST /api/sessions/{session_id}/hitl/reject
 ```
 
 **Response:**
@@ -197,7 +232,7 @@ POST /sessions/{session_id}/hitl/reject
 Send detailed HITL response with optional modifications.
 
 ```http
-POST /sessions/{session_id}/hitl/respond
+POST /api/sessions/{session_id}/hitl/respond
 Content-Type: application/json
 
 {
@@ -224,28 +259,30 @@ Content-Type: application/json
 ```bash
 curl -X POST "http://localhost:8000/api/sessions" \
   -H "Content-Type: application/json" \
+  -H "X-API-Key: YOUR_KEY" \
   -d '{"name": "HITL Session", "hitl_mode": "plan_only"}'
 ```
 
 **2. Send a message (this will block waiting for approval):**
 ```bash
-# In terminal 1 - this will wait for approval
+# In terminal 1 — waits for approval
 curl -X POST "http://localhost:8000/api/sessions/{session_id}/chat" \
   -H "Content-Type: application/json" \
+  -H "X-API-Key: YOUR_KEY" \
   -d '{"message": "Analyze sales data and create visualizations"}'
 ```
 
 **3. Check status (in another terminal):**
 ```bash
-# In terminal 2
-curl "http://localhost:8000/api/sessions/{session_id}/hitl/status"
+curl "http://localhost:8000/api/sessions/{session_id}/hitl/status" \
+  -H "X-API-Key: YOUR_KEY"
 # Returns: awaiting_feedback: true, awaiting_type: "plan"
 ```
 
 **4. Approve the plan:**
 ```bash
-# In terminal 2
-curl -X POST "http://localhost:8000/api/sessions/{session_id}/hitl/approve"
+curl -X POST "http://localhost:8000/api/sessions/{session_id}/hitl/approve" \
+  -H "X-API-Key: YOUR_KEY"
 ```
 
 **5. The chat request in terminal 1 now continues execution.**
@@ -278,7 +315,7 @@ The stream pauses until you call `/hitl/approve` or `/hitl/reject`.
 For simple integrations that don't need real-time updates:
 
 ```http
-POST /sessions/{session_id}/chat
+POST /api/sessions/{session_id}/chat
 Content-Type: application/json
 
 {
@@ -315,7 +352,7 @@ Content-Type: application/json
 ### Send Message (Streaming) - Recommended for UIs
 
 ```http
-POST /sessions/{session_id}/chat/stream
+POST /api/sessions/{session_id}/chat/stream
 Content-Type: application/json
 
 {
@@ -519,7 +556,7 @@ data: {
 
 ```typescript
 async function streamChat(sessionId: string, message: string) {
-  const response = await fetch(`/api/v1/sessions/${sessionId}/chat/stream`, {
+  const response = await fetch(`/api/sessions/${sessionId}/chat/stream`, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
@@ -619,7 +656,7 @@ function useChatStream(sessionId: string) {
     setState(s => ({ ...s, isLoading: true, error: null }));
 
     try {
-      const response = await fetch(`/api/v1/sessions/${sessionId}/chat/stream`, {
+      const response = await fetch(`/api/sessions/${sessionId}/chat/stream`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ message }),
@@ -639,7 +676,7 @@ function useChatStream(sessionId: string) {
 ### cURL
 
 ```bash
-curl -X POST "http://localhost:8000/api/v1/sessions/SESSION_ID/chat/stream" \
+curl -X POST "http://localhost:8000/api/sessions/SESSION_ID/chat/stream" \
   -H "Content-Type: application/json" \
   -H "X-API-Key: your-api-key" \
   -d '{"message": "Analyze iris.csv"}' \
@@ -653,7 +690,7 @@ curl -X POST "http://localhost:8000/api/v1/sessions/SESSION_ID/chat/stream" \
 ### Get Messages
 
 ```http
-GET /sessions/{session_id}/messages?limit=50&offset=0&role=assistant
+GET /api/sessions/{session_id}/messages?limit=50&offset=0&role=assistant
 ```
 
 **Query Parameters:**
@@ -703,7 +740,7 @@ Returns conversation history as structured turns, matching the `round_complete`
     summarization events.
 
 ```http
-GET /sessions/{session_id}/turns?limit=50&offset=0
+GET /api/sessions/{session_id}/turns?limit=50&offset=0
 ```
 
 **Query Parameters:**
@@ -767,7 +804,7 @@ GET /sessions/{session_id}/turns?limit=50&offset=0
 **UI Usage Pattern:**
 ```typescript
 // On session load, fetch historical turns
-const history = await fetch(`/api/v1/sessions/${sessionId}/turns`);
+const history = await fetch(`/api/sessions/${sessionId}/turns`);
 const { turns } = await history.json();
 
 // Render each turn using the same component as round_complete events
@@ -782,29 +819,61 @@ eventSource.on('round_complete', renderRoundComplete);
 
 ## Files & Artifacts
 
-### List Files in Data Directory
+Files are organized by category: `data`, `artifacts`, or `notebooks`. Session ID must match pattern `[a-zA-Z0-9_-]+`.
+
+### List Files
 
 ```http
-GET /sessions/{session_id}/files?path=data
+GET /api/sessions/{session_id}/files?category=data
 ```
 
-### Upload File
+**Query:** `category` — `data`, `artifacts`, or `notebooks` (default: `data`).
+
+### Upload Files
 
 ```http
-POST /sessions/{session_id}/files
+POST /api/sessions/{session_id}/files
 Content-Type: multipart/form-data
 
-file: (binary)
-path: data/
+files: (one or more files)
+category: data   (optional; default: data)
+```
+
+Upload size per file is limited by `DSAGENT_MAX_UPLOAD_MB` (default 50 MB; `0` = no limit).
+
+### Download File
+
+```http
+GET /api/sessions/{session_id}/files/{filename}?category=data
 ```
 
-### Get Artifact
+### Delete File
 
 ```http
-GET /sessions/{session_id}/artifacts/{filename}
+DELETE /api/sessions/{session_id}/files/{filename}?category=data
 ```
 
-Returns the file content (image, CSV, etc.)
+### List Artifacts
+
+```http
+GET /api/sessions/{session_id}/artifacts?type=image
+```
+
+**Query:** `type` — optional filter: `image`, `document`, `data`, `model`, `code`, `notebook`.
+
+### Download Artifact
+
+```http
+GET /api/sessions/{session_id}/artifacts/{filename}
+```
+
+Returns the file content (image, CSV, etc.).
+
+### Delete Artifact
+
+```http
+DELETE /api/sessions/{session_id}/artifacts/{filename}
+```
 
 ---
 
@@ -880,16 +949,21 @@ interface PlanStep {
 ## Running the Server
 
 ```bash
-# Start the API server
+# Start the API server (host/port via flags; config from env)
 dsagent serve --port 8000
 
-# With custom workspace
-dsagent serve --port 8000 --workspace ./my-workspace
+# With API key (from env)
+export DSAGENT_API_KEY=my-secret-key
+dsagent serve
 
-# With API key
-DSAGENT_API_KEY=my-secret-key dsagent serve
+# Production: require API key
+export DSAGENT_REQUIRE_API_KEY=true
+export DSAGENT_API_KEY=my-secret-key
+dsagent serve --port 8000
 ```
 
+OpenAPI docs: `http://localhost:8000/docs`. Health: `http://localhost:8000/health`.
+
 ---
 
 ## Next Steps
diff --git a/docs/diagrams/session-creation-flow.md b/docs/diagrams/session-creation-flow.md
new file mode 100644
index 0000000..f3c0464
--- /dev/null
+++ b/docs/diagrams/session-creation-flow.md
@@ -0,0 +1,205 @@
+# Session Creation Flow - Model Assignment Analysis
+
+## Overview
+
+This document traces the flow of session creation and model assignment to identify where the default model (`gpt-4o`) is being set instead of the environment variable `DSAGENT_DEFAULT_MODEL`.
+
+## The Problem
+
+When creating a session via the API:
+- `DSAGENT_DEFAULT_MODEL=groq/openai/gpt-oss-120b` is set in the environment
+- But the session gets saved with `model: "gpt-4o"`
+- This causes validation to fail because `OPENAI_API_KEY` is not set
+
+## Flow Diagram
+
+```
+┌─────────────────────────────────────────────────────────────────────────────┐
+│                         POST /api/sessions                                   │
+│                         (CreateSessionRequest)                               │
+│                                                                              │
+│  request.model = None  (not specified in request)                           │
+│  request.hitl_mode = "none"                                                  │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 1: session_manager.create_session(name=request.name)                  │
+│  File: src/dsagent/session/manager.py:74-110                                │
+│                                                                              │
+│  Creates Session object with:                                                │
+│    - id: auto-generated                                                      │
+│    - name: from request or auto-generated                                    │
+│    - model: None  (default from Session model)                              │
+│    - hitl_mode: "none" (default from Session model)                         │
+│                                                                              │
+│  Saves to DB via self.store.save(session)                                   │
+│  At this point: session.model = None                                        │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 2: session.model = request.model                                       │
+│  File: src/dsagent/server/routes/sessions.py:84                              │
+│                                                                              │
+│  session.model = None  (because request.model is None)                      │
+│  session.hitl_mode = "none"                                                  │
+│  session_manager.save_session(session)                                       │
+│                                                                              │
+│  At this point: session.model = None (saved to DB)                          │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 3: connection_manager.get_or_create_agent(session.id, model=None)     │
+│  File: src/dsagent/server/routes/sessions.py:89-93                           │
+│                                                                              │
+│  Calls with model=None, hitl_mode=None                                       │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 4: _get_or_create_agent()                                              │
+│  File: src/dsagent/server/manager.py:241-310                                 │
+│                                                                              │
+│  session = self._session_manager.get_or_create(session_id)                  │
+│  # Returns existing session with model=None                                  │
+│                                                                              │
+│  effective_model = (                                                         │
+│      model                              # None (from parameter)             │
+│      or getattr(session, "model", None) # None (from session)               │
+│      or self._default_model             # ??? (from AgentConnectionManager) │
+│      or os.getenv("DSAGENT_DEFAULT_MODEL")  # "groq/openai/gpt-oss-120b"   │
+│      or os.getenv("LLM_MODEL", "gpt-4o")    # fallback                      │
+│  )                                                                           │
+│                                                                              │
+│  ⚠️  QUESTION: What is self._default_model at this point?                   │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 5: ConversationalAgent created with effective_model                    │
+│  File: src/dsagent/server/manager.py:292-302                                 │
+│                                                                              │
+│  config = ConversationalAgentConfig(model=effective_model, ...)              │
+│  agent = ConversationalAgent(config=config, session=session, ...)            │
+│                                                                              │
+│  Note: The session object passed here has model=None                         │
+└─────────────────────────────────────────────────────────────────────────────┘
+                                    │
+                                    ▼
+┌─────────────────────────────────────────────────────────────────────────────┐
+│  STEP 6: agent.start()                                                       │
+│  File: src/dsagent/agents/conversational.py:305-340                          │
+│                                                                              │
+│  validate_configuration(self.config.model)                                   │
+│  # This is where the error occurs!                                           │
+│                                                                              │
+│  ⚠️  self.config.model should be effective_model, but error says "gpt-4o"   │
+└─────────────────────────────────────────────────────────────────────────────┘
+
+## Key Investigation Points
+
+### 1. AgentConnectionManager Initialization
+
+File: `src/dsagent/server/app.py:49-54`
+
+```python
+connection_manager = AgentConnectionManager(
+    session_manager=session_manager,
+    default_model=settings.default_model,  # <-- What is this value?
+    default_hitl_mode=settings.default_hitl_mode,
+)
+```
+
+### 2. ServerSettings.default_model
+
+File: `src/dsagent/server/deps.py:21-44`
+
+```python
+class ServerSettings(BaseSettings):
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        env_file_encoding="utf-8",
+        extra="ignore",
+        env_prefix="DSAGENT_",  # <-- Reads DSAGENT_DEFAULT_MODEL
+    )
+
+    default_model: Optional[str] = None  # <-- Maps to DSAGENT_DEFAULT_MODEL
+```
+
+### 3. Verified in Container
+
+```bash
+$ docker exec <container> python3 -c "
+from dsagent.server.deps import get_settings
+s = get_settings()
+print(f'default_model from settings: {s.default_model!r}')
+"
+# Output: default_model from settings: 'groq/openai/gpt-oss-120b'
+```
+
+**Settings correctly reads the environment variable!**
+
+## The Mystery
+
+1. `settings.default_model` = `'groq/openai/gpt-oss-120b'` ✅
+2. `AgentConnectionManager` is initialized with `default_model=settings.default_model`
+3. Yet somehow `self.config.model` in `ConversationalAgent` is `'gpt-4o'`
+
+## Hypothesis
+
+The database shows `"model":"gpt-4o"` for the session. But we traced that:
+1. Session is created with `model=None`
+2. Session is saved with `model=None`
+3. Agent is created separately
+
+**Where does `gpt-4o` come from in the database?**
+
+Looking at the DB record:
+```json
+{"model":"gpt-4o", ...}
+```
+
+This suggests something is WRITING `gpt-4o` to the session AFTER creation.
+
+## Next Steps
+
+1. Check if `ConversationalAgentConfig` has a default that overrides
+2. Check if session is saved again somewhere with the model
+3. Add logging to track exactly when/where model gets set
+
+## ConversationalAgentConfig Default
+
+File: `src/dsagent/agents/conversational.py:62-66`
+
+```python
+@dataclass
+class ConversationalAgentConfig:
+    """Configuration for the conversational agent."""
+    model: str = "gpt-4o"  # <-- DEFAULT IS gpt-4o!
+```
+
+**FOUND IT!** The `ConversationalAgentConfig` has a default of `"gpt-4o"`.
+
+But wait - we're explicitly passing `model=effective_model` when creating the config:
+```python
+config = ConversationalAgentConfig(
+    model=effective_model,  # Should override the default
+    hitl_mode=effective_hitl_mode,
+)
+```
+
+So unless `effective_model` is somehow being set to `None` or empty string...
+
+## Root Cause Candidates
+
+1. **`self._default_model` is None** - AgentConnectionManager not getting the value from settings
+2. **`os.getenv("DSAGENT_DEFAULT_MODEL")` returns None** - env var not available in the async context
+3. **Session already has model=gpt-4o from a previous run** - stale data in DB
+
+## Testing Required
+
+1. Print `self._default_model` in `_get_or_create_agent`
+2. Print `os.getenv("DSAGENT_DEFAULT_MODEL")` at runtime
+3. Delete sessions.db and test fresh
diff --git a/docs/getting-started/configuration.md b/docs/getting-started/configuration.md
index 791c5cc..c7c870d 100644
--- a/docs/getting-started/configuration.md
+++ b/docs/getting-started/configuration.md
@@ -1,90 +1,87 @@
 # Configuration
 
-DSAgent can be configured through environment variables, configuration files, or command-line arguments.
+DSAgent uses a single configuration source: `dsagent.config` (see `src/dsagent/config.py`). All settings support environment variables with the `DSAGENT_` prefix and optional `.env` files.
 
 ## Configuration Methods
 
 Configuration is loaded in this order (later sources override earlier):
 
-1. Default values
-2. `~/.dsagent/.env` - Global configuration (API keys, default model)
-3. `./.env` - Local project configuration (overrides global)
-4. Environment variables (already set in shell)
-5. Command-line arguments (highest priority)
+1. Default values in code
+2. `~/.dsagent/.env` — global (CLI loads this first)
+3. `./.env` — local project (CLI overrides global with this)
+4. Environment variables already set in the shell
+5. Command-line arguments (highest priority for CLI)
+6. API request fields (e.g. `model` in create-session) for the server
 
-This allows you to set API keys globally in `~/.dsagent/.env` and override settings per-project in a local `.env` file.
+This allows API keys in `~/.dsagent/.env` and per-project overrides in `./.env`.
 
 ## Environment Variables
 
-### LLM Configuration
+All `DSAGENT_*` variables are read by both CLI and API server (where applicable).
+
+### LLM and model
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `LLM_MODEL` | LLM model to use | `gpt-4o` |
+| `DSAGENT_DEFAULT_MODEL` | Default LLM model (recommended) | `gpt-4o` |
+| `LLM_MODEL` | Legacy default model (CLI compatible) | - |
 | `OPENAI_API_KEY` | OpenAI API key | - |
 | `ANTHROPIC_API_KEY` | Anthropic API key | - |
 | `GOOGLE_API_KEY` | Google API key | - |
 | `GROQ_API_KEY` | Groq API key | - |
-| `TOGETHER_API_KEY` | Together AI API key | - |
-| `OPENROUTER_API_KEY` | OpenRouter API key | - |
-| `MISTRAL_API_KEY` | Mistral API key | - |
 | `DEEPSEEK_API_KEY` | DeepSeek API key | - |
-| `COHERE_API_KEY` | Cohere API key | - |
-| `PERPLEXITYAI_API_KEY` | Perplexity API key | - |
-| `FIREWORKS_API_KEY` | Fireworks API key | - |
-| `HUGGINGFACE_API_KEY` | Hugging Face API key | - |
-| `AZURE_API_KEY` | Azure OpenAI API key | - |
-| `LLM_API_BASE` | Custom API endpoint (LiteLLM proxy) | - |
+| `LLM_API_BASE` | Custom API endpoint (e.g. LiteLLM proxy) | - |
 | `OLLAMA_API_BASE` | Ollama server URL | `http://localhost:11434` |
 
-### Agent Settings
+### Agent settings
 
 | Variable | Description | Default |
 |----------|-------------|---------|
 | `DSAGENT_MAX_ROUNDS` | Maximum agent iterations | `30` |
-| `DSAGENT_TEMPERATURE` | LLM temperature (0.0-1.0) | `0.3` |
+| `DSAGENT_TEMPERATURE` | LLM temperature (0.0–2.0) | `0.3` |
 | `DSAGENT_MAX_TOKENS` | Max tokens per response | `4096` |
 | `DSAGENT_CODE_TIMEOUT` | Code execution timeout (seconds) | `300` |
 | `DSAGENT_WORKSPACE` | Workspace directory | `./workspace` |
+| `DSAGENT_SESSIONS_DIR` | Sessions directory name under workspace | `workspace` |
+| `DSAGENT_SESSION_BACKEND` | Session store: `sqlite` or `json` | `sqlite` |
 
-### API Server
+### API server
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `DSAGENT_API_KEY` | API authentication key | - (disabled) |
-| `DSAGENT_CORS_ORIGINS` | CORS allowed origins | `*` |
+| `DSAGENT_API_KEY` | If set, API and WebSocket require `X-API-Key` header | - (disabled) |
+| `DSAGENT_CORS_ORIGINS` | Comma-separated origins or `*` | `*` |
+| `DSAGENT_REQUIRE_API_KEY` | If `true`, server refuses to start without `DSAGENT_API_KEY` | `false` |
+| `DSAGENT_MAX_UPLOAD_MB` | Max upload size per file in MB; `0` = no limit | `50` |
 
 ## Configuration File
 
 Create a `.env` file in `~/.dsagent/` for persistent **global** configuration:
 
 ```bash
-# ~/.dsagent/.env - Global config (all your API keys)
+# ~/.dsagent/.env - Global config (API keys, default model)
 
-# Default model
-LLM_MODEL=gpt-4o
+# Default model (DSAGENT_* preferred; LLM_MODEL still supported)
+DSAGENT_DEFAULT_MODEL=gpt-4o
 
-# API Keys - add all providers you use
+# API keys — add the providers you use
 OPENAI_API_KEY=sk-your-key-here
 ANTHROPIC_API_KEY=sk-ant-your-key-here
 GROQ_API_KEY=gsk_your-key-here
 GOOGLE_API_KEY=your-key-here
 
-# Agent Settings
+# Optional agent settings
 DSAGENT_MAX_ROUNDS=30
 DSAGENT_TEMPERATURE=0.3
 ```
 
-Create a `.env` file in your **project directory** to override settings:
+Create a `.env` file in your **project directory** to override settings for that project:
 
 ```bash
-# ~/my-project/.env - Project-specific config
-
-# Use a different model for this project
-LLM_MODEL=groq/llama-3.3-70b-versatile
+# ~/my-project/.env - Project-specific overrides
 
-# Or use Claude for this project
-# LLM_MODEL=claude-sonnet-4-20250514
+DSAGENT_DEFAULT_MODEL=groq/llama-3.3-70b-versatile
+# or LLM_MODEL=claude-sonnet-4-20250514
 ```
 
 The setup wizard (`dsagent init`) creates the global file automatically.
@@ -147,21 +144,20 @@ See [MCP Tools](../guide/mcp.md) for available tools and configuration.
 
 ## Workspace Structure
 
-DSAgent organizes output in the workspace directory:
+DSAgent organizes output under the workspace directory (`DSAGENT_WORKSPACE`, default `./workspace`). Session storage uses `DSAGENT_SESSIONS_DIR` (default `workspace`) and the backend (`DSAGENT_SESSION_BACKEND`: `sqlite` or `json`).
+
+Typical layout:
 
 ```
-workspace/
-├── sessions/
-│   └── {session_id}/
-│       ├── session.json    # Session metadata
-│       ├── messages.json   # Conversation history
-│       └── kernel_state/   # Jupyter kernel state
+workspace/                    # or DSAGENT_WORKSPACE
+├── .dsagent/
+│   └── sessions.db          # SQLite sessions (when session_backend=sqlite)
 └── runs/
-    └── {run_id}/
-        ├── data/           # Input data (copied)
-        ├── notebooks/      # Generated notebooks
-        ├── artifacts/      # Charts, models, exports
-        └── logs/           # Execution logs
+    └── {session_id}/        # Per-session workspace
+        ├── data/            # Input/uploaded data
+        ├── artifacts/       # Charts, models, exports
+        ├── notebooks/       # Generated Jupyter notebooks
+        └── logs/            # Execution logs, events
 ```
 
 ## Proxy Configuration
diff --git a/docs/getting-started/quickstart.md b/docs/getting-started/quickstart.md
index 4e64ebc..341549f 100644
--- a/docs/getting-started/quickstart.md
+++ b/docs/getting-started/quickstart.md
@@ -46,7 +46,7 @@ dsagent
 You'll see the DSAgent prompt:
 
 ```
-DSAgent v0.7.0 | Model: gpt-4o | Session: a1b2c3
+DSAgent | Model: gpt-4o | Session: a1b2c3
 
 Type your message or /help for commands.
 
diff --git a/docs/guide/docker.md b/docs/guide/docker.md
index 824e82f..0cbeb2d 100644
--- a/docs/guide/docker.md
+++ b/docs/guide/docker.md
@@ -35,9 +35,11 @@ DSAgent provides Docker images for easy deployment of both the CLI and API serve
 # Pull the image
 docker pull nmlemus/dsagent:latest
 
-# Run API server
+# Run API server (container listens on PORT, default 8000)
 docker run -d \
-  -p 8000:8000 \
+  -p 8080:8080 \
+  -e PORT=8080 \
+  -e DSAGENT_DEFAULT_MODEL=gpt-4o \
   -e OPENAI_API_KEY=sk-your-key \
   -v $(pwd)/workspace:/workspace \
   nmlemus/dsagent:latest
@@ -48,25 +50,36 @@ docker run -it \
   -v $(pwd)/workspace:/workspace \
   nmlemus/dsagent:latest \
   dsagent chat
+
+# One-shot task
+docker run --rm \
+  -e OPENAI_API_KEY=sk-your-key \
+  -v $(pwd)/workspace:/workspace \
+  nmlemus/dsagent:latest \
+  dsagent run "Analyze this dataset" --data ./data.csv
 ```
 
 ## Configuration
 
 ### Environment Variables
 
-#### LLM Configuration
+The container uses the same configuration as the CLI and server (see [Configuration](../getting-started/configuration.md)). Key variables:
+
+#### LLM and model
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `LLM_MODEL` | LLM model to use | `gpt-4o` |
-| `OPENAI_API_KEY` | OpenAI API key (for gpt-* models) | - |
-| `ANTHROPIC_API_KEY` | Anthropic API key (for claude-* models) | - |
-| `GOOGLE_API_KEY` | Google API key (for gemini/* models) | - |
+| `DSAGENT_DEFAULT_MODEL` | Default LLM model (recommended) | `gpt-4o` |
+| `LLM_MODEL` | Legacy default model | - |
+| `OPENAI_API_KEY` | OpenAI API key | - |
+| `ANTHROPIC_API_KEY` | Anthropic API key | - |
+| `GOOGLE_API_KEY` | Google API key | - |
+| `GROQ_API_KEY` | Groq API key | - |
 | `DEEPSEEK_API_KEY` | DeepSeek API key | - |
-| `LLM_API_BASE` | Custom API endpoint (for proxies) | - |
+| `LLM_API_BASE` | Custom API endpoint (e.g. LiteLLM proxy) | - |
 | `OLLAMA_API_BASE` | Ollama API endpoint | `http://host.docker.internal:11434` |
 
-#### Agent Settings
+#### Agent settings
 
 | Variable | Description | Default |
 |----------|-------------|---------|
@@ -75,12 +88,15 @@ docker run -it \
 | `DSAGENT_MAX_TOKENS` | Max tokens per response | `4096` |
 | `DSAGENT_CODE_TIMEOUT` | Code execution timeout (seconds) | `300` |
 
-#### API Server
+#### API server and port
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `DSAGENT_API_KEY` | API authentication key | - (disabled) |
+| `PORT` | Port the server listens on (container CMD uses this) | `8000` |
+| `DSAGENT_API_KEY` | If set, API and WebSocket require `X-API-Key` | - (disabled) |
 | `DSAGENT_CORS_ORIGINS` | CORS allowed origins | `*` |
+| `DSAGENT_REQUIRE_API_KEY` | If `true`, server exits when no API key set | `false` |
+| `DSAGENT_MAX_UPLOAD_MB` | Max upload size per file (MB); `0` = no limit | `50` |
 
 #### MCP Tools (Optional)
 
diff --git a/docs/index.md b/docs/index.md
index 4595d4b..b1e8073 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -62,6 +62,7 @@ hide:
     ```bash
     docker run -it \
       -e OPENAI_API_KEY=$OPENAI_API_KEY \
+      -v $(pwd)/workspace:/workspace \
       nmlemus/dsagent:latest \
       dsagent chat
     ```
@@ -80,7 +81,7 @@ hide:
 ```
 $ dsagent
 
-DSAgent v0.7.0 | Model: gpt-4o | Session: abc123
+DSAgent | Model: gpt-4o | Session: abc123
 
 You: Load the iris dataset and train a classifier
 
diff --git a/src/dsagent/config.py b/src/dsagent/config.py
index 341065b..b75798a 100644
--- a/src/dsagent/config.py
+++ b/src/dsagent/config.py
@@ -74,10 +74,27 @@ class DSAgentSettings(BaseSettings):
     # ─── Server Settings ──────────────────────────────────────────────────────
     host: str = Field(default="0.0.0.0")
     port: int = Field(default=8000, ge=1, le=65535)
-    api_key: Optional[str] = Field(default=None)
-    cors_origins: str = Field(default="*")
+    api_key: Optional[str] = Field(
+        default=None,
+        description="If set, API and WebSocket require X-API-Key. In production, set DSAGENT_API_KEY.",
+    )
+    cors_origins: str = Field(
+        default="*",
+        description="Comma-separated origins or '*' for all. In production, set to specific origins.",
+    )
+    require_api_key: bool = Field(
+        default=False,
+        description="If True, server refuses to start when api_key is not set (use in production).",
+    )
     default_hitl_mode: str = Field(default="none")
 
+    # ─── Upload limits ─────────────────────────────────────────────────────────
+    max_upload_mb: float = Field(
+        default=50.0,
+        ge=0,
+        description="Max upload size per file in MB (0 = no limit).",
+    )
+
     # ─── Observability ────────────────────────────────────────────────────────
     observability_enabled: bool = Field(default=False)
     observability_providers: Optional[str] = Field(default=None)
diff --git a/src/dsagent/core/executor.py b/src/dsagent/core/executor.py
index e992c1a..9386b52 100644
--- a/src/dsagent/core/executor.py
+++ b/src/dsagent/core/executor.py
@@ -1,4 +1,10 @@
-"""Jupyter Kernel Executor for persistent code execution."""
+"""Jupyter Kernel Executor for persistent code execution.
+
+Security note: Generated code runs in the kernel with the same user and no sandbox.
+Malicious or buggy code can access the filesystem, network, and other resources.
+For multi-user or untrusted environments, consider ephemeral containers per session
+or resource limits (CPU/memory) at deployment level.
+"""
 
 from __future__ import annotations
 
@@ -18,7 +24,9 @@ class JupyterExecutor:
     """Executes Python code in a persistent Jupyter kernel.
 
     The kernel maintains state between executions, allowing variables,
-    imports, and objects to persist across multiple code blocks.
+    imports, and objects to persist across multiple code blocks. There is
+    no global kernel lifetime or memory limit; long sessions may accumulate
+    resource use. Consider kernel recycling or time limits in shared deployments.
 
     Example:
         executor = JupyterExecutor(workspace="./workspace")
diff --git a/src/dsagent/server/app.py b/src/dsagent/server/app.py
index 292b881..08f23ec 100644
--- a/src/dsagent/server/app.py
+++ b/src/dsagent/server/app.py
@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 import logging
+import os
 from contextlib import asynccontextmanager
 from pathlib import Path
 from typing import Optional
@@ -19,10 +20,17 @@
 from dsagent.server.manager import AgentConnectionManager
 from dsagent.session import SessionManager
 
-logger = logging.getLogger(__name__)
+try:
+    from dsagent import __version__ as API_VERSION
+except ImportError:
+    API_VERSION = "0.0.0"
 
-# API version
-API_VERSION = "0.6.2"
+# Configure logging to show INFO level
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+)
+logger = logging.getLogger(__name__)
 
 
 @asynccontextmanager
@@ -32,6 +40,11 @@ async def lifespan(app: FastAPI):
     Handles startup and shutdown of the server.
     """
     settings = get_settings()
+    if settings.require_api_key and not settings.api_key:
+        raise RuntimeError(
+            "Server is configured to require an API key (require_api_key=True) but "
+            "DSAGENT_API_KEY is not set. Set DSAGENT_API_KEY in production."
+        )
     logger.info(f"Starting DSAgent Server v{API_VERSION}")
 
     # Create sessions directory
@@ -47,6 +60,7 @@ async def lifespan(app: FastAPI):
     logger.info(f"SessionManager initialized with {settings.session_backend} backend")
 
     # Initialize ConnectionManager
+    logger.info(f"Default model from settings: {settings.default_model!r}")
     connection_manager = AgentConnectionManager(
         session_manager=session_manager,
         default_model=settings.default_model,
diff --git a/src/dsagent/server/deps.py b/src/dsagent/server/deps.py
index 0c1ac0b..cdfef54 100644
--- a/src/dsagent/server/deps.py
+++ b/src/dsagent/server/deps.py
@@ -2,56 +2,24 @@
 
 from __future__ import annotations
 
-import os
-from functools import lru_cache
 from typing import TYPE_CHECKING, Optional
 
 from fastapi import Depends, Header, HTTPException, Query, status
-from pydantic_settings import BaseSettings, SettingsConfigDict
+
+from dsagent.config import DSAgentSettings, get_settings as _get_settings
 
 if TYPE_CHECKING:
     from dsagent.server.manager import AgentConnectionManager
     from dsagent.session import SessionManager
 
-# Global instances (set by app.py on startup)
-_connection_manager: Optional["AgentConnectionManager"] = None
-_session_manager: Optional["SessionManager"] = None
-
-
-class ServerSettings(BaseSettings):
-    """Server configuration settings."""
-
-    model_config = SettingsConfigDict(
-        env_file=".env",
-        env_file_encoding="utf-8",
-        extra="ignore",
-        env_prefix="DSAGENT_",
-    )
-
-    # Server settings
-    host: str = "0.0.0.0"
-    port: int = 8000
-    reload: bool = False
-
-    # Authentication
-    api_key: Optional[str] = None  # If set, API key auth is enabled
-
-    # CORS settings
-    cors_origins: str = "*"  # Comma-separated origins or "*" for all
-
-    # Agent defaults
-    default_model: Optional[str] = None
-    default_hitl_mode: str = "none"
-
-    # Session storage
-    session_backend: str = "sqlite"  # "sqlite" or "json"
-    sessions_dir: str = "workspace"  # Same as CLI default
+# Single source of truth: server uses centralized config from dsagent.config
+# Alias for backward compatibility in type hints (e.g. ServerSettings = Depends(get_settings))
+ServerSettings = DSAgentSettings
 
 
-@lru_cache
-def get_settings() -> ServerSettings:
-    """Get cached server settings."""
-    return ServerSettings()
+def get_settings() -> DSAgentSettings:
+    """Get cached server settings (delegates to config.get_settings)."""
+    return _get_settings()
 
 
 def set_connection_manager(manager: "AgentConnectionManager") -> None:
@@ -96,7 +64,7 @@ def get_session_manager() -> "SessionManager":
 
 async def verify_api_key(
     x_api_key: Optional[str] = Header(None, alias="X-API-Key"),
-    settings: ServerSettings = Depends(get_settings),
+    settings: DSAgentSettings = Depends(get_settings),
 ) -> Optional[str]:
     """Verify API key if authentication is enabled.
 
@@ -135,7 +103,7 @@ async def verify_api_key(
 
 async def verify_websocket_api_key(
     api_key: Optional[str] = Query(None),
-    settings: ServerSettings = Depends(get_settings),
+    settings: DSAgentSettings = Depends(get_settings),
 ) -> Optional[str]:
     """Verify API key for WebSocket connections (via query param).
 
diff --git a/src/dsagent/server/routes/artifacts.py b/src/dsagent/server/routes/artifacts.py
index 4def78a..acf6dd2 100644
--- a/src/dsagent/server/routes/artifacts.py
+++ b/src/dsagent/server/routes/artifacts.py
@@ -9,6 +9,7 @@
 
 from __future__ import annotations
 
+import os
 from datetime import datetime
 from pathlib import Path
 from typing import List, Optional
@@ -22,6 +23,7 @@
     verify_api_key,
 )
 from dsagent.server.models import ErrorResponse
+from dsagent.server.validators import SessionIdPath
 from dsagent.session import SessionManager
 
 router = APIRouter(dependencies=[Depends(verify_api_key)])
@@ -116,6 +118,32 @@ def _get_media_type(filename: str) -> str:
     return media_types.get(suffix, "application/octet-stream")
 
 
+def _resolve_artifact_path(base_path: Path, filename: str) -> Path:
+    """Resolve artifact path and ensure it stays under base_path (path traversal guard)."""
+    safe_name = Path(filename).name
+    if not safe_name:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid filename",
+        )
+    file_path = (base_path / safe_name).resolve()
+    base_resolved = base_path.resolve()
+    try:
+        if not file_path.is_relative_to(base_resolved):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    except (ValueError, AttributeError):
+        base_str = str(base_resolved) + os.sep
+        if file_path != base_resolved and not str(file_path).startswith(base_str):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    return file_path
+
+
 # =============================================================================
 # Endpoints
 # =============================================================================
@@ -127,7 +155,7 @@ def _get_media_type(filename: str) -> str:
     responses={404: {"model": ErrorResponse}},
 )
 async def list_artifacts(
-    session_id: str,
+    session_id: SessionIdPath,
     type_filter: Optional[str] = Query(
         None,
         alias="type",
@@ -208,7 +236,7 @@ async def list_artifacts(
     responses={404: {"model": ErrorResponse}},
 )
 async def download_artifact(
-    session_id: str,
+    session_id: SessionIdPath,
     filename: str,
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> FileResponse:
@@ -238,17 +266,18 @@ async def download_artifact(
             detail=f"Session {session_id} has no artifacts path",
         )
 
-    file_path = Path(session.artifacts_path) / filename
+    base_path = Path(session.artifacts_path)
+    file_path = _resolve_artifact_path(base_path, filename)
     if not file_path.exists():
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Artifact {filename} not found",
+            detail=f"Artifact {file_path.name} not found",
         )
 
     return FileResponse(
         path=file_path,
-        filename=filename,
-        media_type=_get_media_type(filename),
+        filename=file_path.name,
+        media_type=_get_media_type(file_path.name),
     )
 
 
@@ -258,7 +287,7 @@ async def download_artifact(
     responses={404: {"model": ErrorResponse}},
 )
 async def delete_artifact(
-    session_id: str,
+    session_id: SessionIdPath,
     filename: str,
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> None:
@@ -285,11 +314,12 @@ async def delete_artifact(
             detail=f"Session {session_id} has no artifacts path",
         )
 
-    file_path = Path(session.artifacts_path) / filename
+    base_path = Path(session.artifacts_path)
+    file_path = _resolve_artifact_path(base_path, filename)
     if not file_path.exists():
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"Artifact {filename} not found",
+            detail=f"Artifact {file_path.name} not found",
         )
 
     try:
diff --git a/src/dsagent/server/routes/chat.py b/src/dsagent/server/routes/chat.py
index f31144f..432f21b 100644
--- a/src/dsagent/server/routes/chat.py
+++ b/src/dsagent/server/routes/chat.py
@@ -30,6 +30,7 @@
     PlanStepResponse,
     TurnsResponse,
 )
+from dsagent.server.validators import SessionIdPath
 from dsagent.session import SessionManager
 from dsagent.session.models import MessageRole
 
@@ -425,7 +426,7 @@ def _convert_chat_response(response: "ChatResponse") -> ChatResponseModel:
     responses={404: {"model": ErrorResponse}},
 )
 async def chat(
-    session_id: str,
+    session_id: SessionIdPath,
     request: ChatRequest,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -473,7 +474,7 @@ async def chat(
     responses={404: {"model": ErrorResponse}},
 )
 async def chat_stream(
-    session_id: str,
+    session_id: SessionIdPath,
     request: ChatRequest,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -647,7 +648,7 @@ async def generate_events():
     responses={404: {"model": ErrorResponse}},
 )
 async def get_messages(
-    session_id: str,
+    session_id: SessionIdPath,
     limit: int = Query(50, ge=1, le=200),
     offset: int = Query(0, ge=0),
     role: Optional[str] = Query(None),
@@ -716,7 +717,7 @@ async def get_messages(
     responses={404: {"model": ErrorResponse}},
 )
 async def get_turns(
-    session_id: str,
+    session_id: SessionIdPath,
     limit: int = Query(50, ge=1, le=200),
     offset: int = Query(0, ge=0),
     session_manager: SessionManager = Depends(get_session_manager),
diff --git a/src/dsagent/server/routes/files.py b/src/dsagent/server/routes/files.py
index 954cede..06bad67 100644
--- a/src/dsagent/server/routes/files.py
+++ b/src/dsagent/server/routes/files.py
@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import os
 import shutil
 from datetime import datetime
 from pathlib import Path
@@ -11,11 +12,13 @@
 from fastapi.responses import FileResponse
 from pydantic import BaseModel, Field
 
+from dsagent.config import get_settings
 from dsagent.server.deps import (
     get_session_manager,
     verify_api_key,
 )
 from dsagent.server.models import ErrorResponse
+from dsagent.server.validators import SessionIdPath
 from dsagent.session import SessionManager
 
 router = APIRouter(dependencies=[Depends(verify_api_key)])
@@ -118,6 +121,43 @@ def _get_file_info(file_path: Path, category: str) -> FileInfo:
     )
 
 
+def _resolve_file_path(base_path: Path, filename: str) -> Path:
+    """Resolve file path and ensure it stays under base_path (path traversal guard).
+
+    Args:
+        base_path: Base directory (e.g. session data/artifacts path).
+        filename: Requested filename (may contain path components; only basename is used).
+
+    Returns:
+        Resolved Path under base_path.
+
+    Raises:
+        HTTPException: 400 if the resolved path would be outside base_path.
+    """
+    safe_name = Path(filename).name
+    if not safe_name:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid filename",
+        )
+    file_path = (base_path / safe_name).resolve()
+    base_resolved = base_path.resolve()
+    try:
+        if not file_path.is_relative_to(base_resolved):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    except (ValueError, AttributeError):
+        base_str = str(base_resolved) + os.sep
+        if file_path != base_resolved and not str(file_path).startswith(base_str):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    return file_path
+
+
 # =============================================================================
 # Endpoints
 # =============================================================================
@@ -130,7 +170,7 @@ def _get_file_info(file_path: Path, category: str) -> FileInfo:
     responses={404: {"model": ErrorResponse}},
 )
 async def upload_files(
-    session_id: str,
+    session_id: SessionIdPath,
     files: List[UploadFile] = File(..., description="Files to upload"),
     category: str = Query("data", description="File category (data, artifacts)"),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -153,6 +193,8 @@ async def upload_files(
         HTTPException: If session not found or upload fails
     """
     base_path = _get_session_path(session_manager, session_id, category)
+    settings = get_settings()
+    max_bytes = int(settings.max_upload_mb * 1024 * 1024) if settings.max_upload_mb > 0 else 0
 
     results = []
     for upload_file in files:
@@ -162,11 +204,27 @@ async def upload_files(
         # Sanitize filename (remove path components)
         filename = Path(upload_file.filename).name
 
+        # Enforce upload size limit
+        content = b""
+        if max_bytes > 0:
+            chunk_size = 65536
+            while True:
+                chunk = await upload_file.read(chunk_size)
+                if not chunk:
+                    break
+                content += chunk
+                if len(content) > max_bytes:
+                    raise HTTPException(
+                        status_code=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE,
+                        detail=f"File {filename} exceeds max size ({settings.max_upload_mb} MB)",
+                    )
+        else:
+            content = await upload_file.read()
+
         # Save file
         file_path = base_path / filename
         try:
             with open(file_path, "wb") as f:
-                content = await upload_file.read()
                 f.write(content)
 
             results.append(FileUploadResponse(
@@ -189,7 +247,7 @@ async def upload_files(
     responses={404: {"model": ErrorResponse}},
 )
 async def list_files(
-    session_id: str,
+    session_id: SessionIdPath,
     category: str = Query("data", description="File category (data, artifacts, notebooks)"),
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> FileListResponse:
@@ -229,7 +287,7 @@ async def list_files(
     responses={404: {"model": ErrorResponse}},
 )
 async def download_file(
-    session_id: str,
+    session_id: SessionIdPath,
     filename: str,
     category: str = Query("data", description="File category (data, artifacts, notebooks)"),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -249,12 +307,12 @@ async def download_file(
         HTTPException: If session or file not found
     """
     base_path = _get_session_path(session_manager, session_id, category)
-    file_path = base_path / filename
+    file_path = _resolve_file_path(base_path, filename)
 
     if not file_path.exists():
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"File {filename} not found in {category}",
+            detail=f"File {Path(filename).name} not found in {category}",
         )
 
     # Determine media type
@@ -279,7 +337,7 @@ async def download_file(
 
     return FileResponse(
         path=file_path,
-        filename=filename,
+        filename=file_path.name,
         media_type=media_type,
     )
 
@@ -290,7 +348,7 @@ async def download_file(
     responses={404: {"model": ErrorResponse}},
 )
 async def delete_file(
-    session_id: str,
+    session_id: SessionIdPath,
     filename: str,
     category: str = Query("data", description="File category (data, artifacts, notebooks)"),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -307,12 +365,12 @@ async def delete_file(
         HTTPException: If session or file not found
     """
     base_path = _get_session_path(session_manager, session_id, category)
-    file_path = base_path / filename
+    file_path = _resolve_file_path(base_path, filename)
 
     if not file_path.exists():
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
-            detail=f"File {filename} not found in {category}",
+            detail=f"File {Path(filename).name} not found in {category}",
         )
 
     try:
diff --git a/src/dsagent/server/routes/health.py b/src/dsagent/server/routes/health.py
index 28e5544..062988c 100644
--- a/src/dsagent/server/routes/health.py
+++ b/src/dsagent/server/routes/health.py
@@ -1,4 +1,10 @@
-"""Health check endpoints."""
+"""Health check endpoints.
+
+These endpoints are intentionally unauthenticated so load balancers and
+orchestrators can perform health/readiness checks. They expose version
+and component status. If you need to hide version in a given environment,
+consider a minimal health endpoint or optional auth.
+"""
 
 from datetime import datetime
 
@@ -12,10 +18,10 @@
 
 @router.get("/health", response_model=HealthResponse)
 async def health_check() -> HealthResponse:
-    """Basic health check endpoint.
+    """Basic health check endpoint (no authentication).
 
     Returns:
-        Health status with version and timestamp
+        Health status with version and timestamp.
     """
     from dsagent.server.app import API_VERSION
 
diff --git a/src/dsagent/server/routes/hitl.py b/src/dsagent/server/routes/hitl.py
index 827cb35..0aae95a 100644
--- a/src/dsagent/server/routes/hitl.py
+++ b/src/dsagent/server/routes/hitl.py
@@ -9,6 +9,7 @@
 
 from dsagent.server.deps import get_connection_manager, verify_api_key
 from dsagent.server.manager import AgentConnectionManager
+from dsagent.server.validators import SessionIdPath
 
 
 router = APIRouter(dependencies=[Depends(verify_api_key)])
@@ -60,7 +61,7 @@ class HITLActionResponse(BaseModel):
 
 @router.get("/sessions/{session_id}/hitl/status", response_model=HITLStatusResponse)
 async def get_hitl_status(
-    session_id: str,
+    session_id: SessionIdPath,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> HITLStatusResponse:
     """Get HITL status for a session.
@@ -108,7 +109,7 @@ async def get_hitl_status(
 
 @router.post("/sessions/{session_id}/hitl/respond", response_model=HITLActionResponse)
 async def respond_to_hitl(
-    session_id: str,
+    session_id: SessionIdPath,
     request: HITLActionRequest,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> HITLActionResponse:
@@ -182,7 +183,7 @@ async def respond_to_hitl(
 
 @router.post("/sessions/{session_id}/hitl/approve", response_model=HITLActionResponse)
 async def approve_hitl(
-    session_id: str,
+    session_id: SessionIdPath,
     message: Optional[str] = None,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> HITLActionResponse:
@@ -204,7 +205,7 @@ async def approve_hitl(
 
 @router.post("/sessions/{session_id}/hitl/reject", response_model=HITLActionResponse)
 async def reject_hitl(
-    session_id: str,
+    session_id: SessionIdPath,
     message: Optional[str] = None,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> HITLActionResponse:
diff --git a/src/dsagent/server/routes/kernel.py b/src/dsagent/server/routes/kernel.py
index de28fb3..c7a94d2 100644
--- a/src/dsagent/server/routes/kernel.py
+++ b/src/dsagent/server/routes/kernel.py
@@ -13,6 +13,7 @@
     verify_api_key,
 )
 from dsagent.server.manager import AgentConnectionManager
+from dsagent.server.validators import SessionIdPath
 from dsagent.server.models import (
     DataFrameInfoResponse,
     ErrorResponse,
@@ -32,7 +33,7 @@
     responses={404: {"model": ErrorResponse}},
 )
 async def get_kernel_state(
-    session_id: str,
+    session_id: SessionIdPath,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> KernelStateResponse:
@@ -95,7 +96,7 @@ async def get_kernel_state(
     responses={404: {"model": ErrorResponse}},
 )
 async def get_kernel_variables(
-    session_id: str,
+    session_id: SessionIdPath,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> list[KernelVariableResponse]:
@@ -122,7 +123,7 @@ async def get_kernel_variables(
     responses={404: {"model": ErrorResponse}},
 )
 async def execute_code(
-    session_id: str,
+    session_id: SessionIdPath,
     request: ExecuteCodeRequest,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
@@ -168,7 +169,7 @@ async def execute_code(
     responses={404: {"model": ErrorResponse}},
 )
 async def reset_kernel(
-    session_id: str,
+    session_id: SessionIdPath,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> KernelStateResponse:
diff --git a/src/dsagent/server/routes/sessions.py b/src/dsagent/server/routes/sessions.py
index 61f8053..96bad78 100644
--- a/src/dsagent/server/routes/sessions.py
+++ b/src/dsagent/server/routes/sessions.py
@@ -1,6 +1,7 @@
 """Session management endpoints."""
 
 import logging
+import re
 from datetime import datetime
 from pathlib import Path
 from typing import Optional
@@ -22,6 +23,7 @@
     SessionResponse,
     UpdateSessionRequest,
 )
+from dsagent.server.validators import SessionIdPath
 from dsagent.session import Session, SessionManager, SessionStatus
 
 logger = logging.getLogger(__name__)
@@ -141,7 +143,7 @@ async def list_sessions(
     responses={404: {"model": ErrorResponse}},
 )
 async def get_session(
-    session_id: str,
+    session_id: SessionIdPath,
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> SessionResponse:
     """Get a specific session.
@@ -173,7 +175,7 @@ async def get_session(
     responses={404: {"model": ErrorResponse}},
 )
 async def update_session(
-    session_id: str,
+    session_id: SessionIdPath,
     request: UpdateSessionRequest,
     session_manager: SessionManager = Depends(get_session_manager),
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
@@ -250,7 +252,7 @@ async def update_session(
     responses={404: {"model": ErrorResponse}},
 )
 async def delete_session(
-    session_id: str,
+    session_id: SessionIdPath,
     session_manager: SessionManager = Depends(get_session_manager),
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> None:
@@ -283,7 +285,7 @@ async def delete_session(
     responses={404: {"model": ErrorResponse}},
 )
 async def archive_session(
-    session_id: str,
+    session_id: SessionIdPath,
     session_manager: SessionManager = Depends(get_session_manager),
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
 ) -> SessionResponse:
@@ -324,7 +326,7 @@ async def archive_session(
     responses={404: {"model": ErrorResponse}},
 )
 async def export_notebook(
-    session_id: str,
+    session_id: SessionIdPath,
     connection_manager: AgentConnectionManager = Depends(get_connection_manager),
     session_manager: SessionManager = Depends(get_session_manager),
 ):
@@ -388,7 +390,7 @@ async def export_notebook(
     responses={404: {"model": ErrorResponse}},
 )
 async def export_session(
-    session_id: str,
+    session_id: SessionIdPath,
     session_manager: SessionManager = Depends(get_session_manager),
 ) -> JSONResponse:
     """Export full session data as JSON.
@@ -411,10 +413,11 @@ async def export_session(
             detail=f"Session {session_id} not found",
         )
 
-    # Export session as JSON
+    # Safe filename for Content-Disposition (avoid header injection)
+    safe_name = re.sub(r'[\r\n"\\]', "_", session_id)[:200].strip() or "session"
     return JSONResponse(
         content=session.model_dump(mode="json"),
         headers={
-            "Content-Disposition": f'attachment; filename="{session_id}.json"'
+            "Content-Disposition": f'attachment; filename="{safe_name}.json"'
         },
     )
diff --git a/src/dsagent/server/validators.py b/src/dsagent/server/validators.py
new file mode 100644
index 0000000..57e8614
--- /dev/null
+++ b/src/dsagent/server/validators.py
@@ -0,0 +1,19 @@
+"""Shared request validators for the API."""
+
+from __future__ import annotations
+
+from typing import Annotated
+
+from fastapi import Path
+
+# Session ID: alphanumeric, underscore, hyphen only (matches manager._generate_session_id).
+# Prevents path traversal and injection in JSON store and path-based routes.
+SessionIdPath = Annotated[
+    str,
+    Path(
+        description="Session ID (alphanumeric, underscore, hyphen only)",
+        pattern=r"^[a-zA-Z0-9_-]+$",
+        min_length=1,
+        max_length=256,
+    ),
+]
diff --git a/src/dsagent/server/websocket.py b/src/dsagent/server/websocket.py
index ac46907..c23628f 100644
--- a/src/dsagent/server/websocket.py
+++ b/src/dsagent/server/websocket.py
@@ -1,4 +1,10 @@
-"""WebSocket endpoint for real-time chat."""
+"""WebSocket endpoint for real-time chat.
+
+Security note: When API key auth is enabled, the key is passed via query parameter
+(?api_key=xxx). Query strings may appear in server logs and proxy access logs.
+For sensitive deployments, consider an auth flow that does not expose the key in
+the URL (e.g. token in the first WebSocket message).
+"""
 
 from __future__ import annotations
 
@@ -15,6 +21,7 @@
     ServerSettings,
 )
 from dsagent.server.manager import AgentConnectionManager
+from dsagent.server.validators import SessionIdPath
 from dsagent.server.models import (
     WebSocketEvent,
     WebSocketMessage,
@@ -55,7 +62,7 @@ async def verify_websocket_auth(
 @router.websocket("/ws/chat/{session_id}")
 async def chat_websocket(
     websocket: WebSocket,
-    session_id: str,
+    session_id: SessionIdPath,
     api_key: Optional[str] = Query(None),
     model: Optional[str] = Query(None),
     hitl_mode: Optional[str] = Query(None),
diff --git a/src/dsagent/session/manager.py b/src/dsagent/session/manager.py
index 718fa80..d0504eb 100644
--- a/src/dsagent/session/manager.py
+++ b/src/dsagent/session/manager.py
@@ -14,7 +14,7 @@
     Session,
     SessionStatus,
 )
-from dsagent.session.store import SessionStore
+from dsagent.session.store import SessionStore, _validate_session_id
 
 
 class SessionManager:
@@ -87,6 +87,8 @@ def create_session(
         """
         if session_id is None:
             session_id = self._generate_session_id()
+        else:
+            _validate_session_id(session_id)
 
         session = Session(
             id=session_id,
diff --git a/src/dsagent/session/store.py b/src/dsagent/session/store.py
index 6f88342..e6718de 100644
--- a/src/dsagent/session/store.py
+++ b/src/dsagent/session/store.py
@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 import json
+import re
 import sqlite3
 from abc import ABC, abstractmethod
 from datetime import datetime
@@ -45,6 +46,23 @@ def exists(self, session_id: str) -> bool:
         pass
 
 
+# Session ID must be safe for use in paths (no path traversal).
+# Allow alphanumeric, underscore, hyphen; matches _generate_session_id format.
+SESSION_ID_SAFE_PATTERN = re.compile(r"^[a-zA-Z0-9_-]+$")
+
+
+def _validate_session_id(session_id: str) -> None:
+    """Validate session_id for path safety (JSON backend and API).
+
+    Raises:
+        ValueError: If session_id contains disallowed characters.
+    """
+    if not session_id or not SESSION_ID_SAFE_PATTERN.match(session_id):
+        raise ValueError(
+            "session_id must contain only letters, digits, underscore, and hyphen"
+        )
+
+
 class JSONSessionStore(SessionStoreBackend):
     """JSON file-based session storage.
 
@@ -58,12 +76,16 @@ def __init__(self, storage_dir: Path):
         Args:
             storage_dir: Directory to store session files
         """
-        self.storage_dir = Path(storage_dir)
+        self.storage_dir = Path(storage_dir).resolve()
         self.storage_dir.mkdir(parents=True, exist_ok=True)
 
     def _session_path(self, session_id: str) -> Path:
-        """Get path to session file."""
-        return self.storage_dir / f"{session_id}.json"
+        """Get path to session file. Validates session_id to prevent path traversal."""
+        _validate_session_id(session_id)
+        path = (self.storage_dir / f"{session_id}.json").resolve()
+        if not path.is_relative_to(self.storage_dir):
+            raise ValueError("session_id would resolve outside storage directory")
+        return path
 
     def save(self, session: Session) -> None:
         """Save session to JSON file."""
diff --git a/tests/test_server.py b/tests/test_server.py
index 4afa38f..29763f2 100644
--- a/tests/test_server.py
+++ b/tests/test_server.py
@@ -304,7 +304,7 @@ def test_get_session_not_found(self, client, mock_session_manager):
 
     def test_delete_session_not_found(self, client, mock_session_manager):
         """Test deleting a non-existent session."""
-        mock_session_manager.exists.return_value = False
+        mock_session_manager.load_session.return_value = None
         response = client.delete("/api/sessions/nonexistent")
         assert response.status_code == 404
 
@@ -367,7 +367,8 @@ def authenticated_client(self, mock_session_manager, mock_connection_manager):
 
             # Set API key
             os.environ["DSAGENT_API_KEY"] = "test-api-key"
-            deps.get_settings.cache_clear()
+            from dsagent.config import clear_settings_cache
+            clear_settings_cache()
 
             # Set up mock managers
             deps._session_manager = mock_session_manager
@@ -379,7 +380,7 @@ def authenticated_client(self, mock_session_manager, mock_connection_manager):
 
             # Cleanup
             del os.environ["DSAGENT_API_KEY"]
-            deps.get_settings.cache_clear()
+            clear_settings_cache()
         except ImportError:
             pytest.skip("FastAPI not installed")
 
diff --git a/uv.lock b/uv.lock
index 03bf09d..959c6a8 100644
--- a/uv.lock
+++ b/uv.lock
@@ -275,19 +275,44 @@ wheels = [
 
 [[package]]
 name = "category-encoders"
-version = "2.7.0"
+version = "2.8.1"
 source = { registry = "https://pypi.org/simple" }
+resolution-markers = [
+    "python_full_version < '3.11'",
+]
 dependencies = [
-    { name = "numpy" },
-    { name = "pandas" },
-    { name = "patsy" },
-    { name = "scikit-learn" },
-    { name = "scipy" },
-    { name = "statsmodels" },
+    { name = "numpy", marker = "python_full_version < '3.11'" },
+    { name = "pandas", marker = "python_full_version < '3.11'" },
+    { name = "patsy", marker = "python_full_version < '3.11'" },
+    { name = "scikit-learn", marker = "python_full_version < '3.11'" },
+    { name = "scipy", marker = "python_full_version < '3.11'" },
+    { name = "statsmodels", marker = "python_full_version < '3.11'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/89/32/f5dff088ebae54d5464124298a9262bdd07c55558ba7e9b961be7ecdb0e6/category_encoders-2.8.1.tar.gz", hash = "sha256:57af8a23bde3cf622ee7e17c11547011795e4d337839d40cbd16c36b67291b33", size = 57856, upload-time = "2025-03-15T16:17:23.176Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/92/fb/908cb215a30b117bb079a767176038599a5447f2506e21aa2e90d0aabfff/category_encoders-2.8.1-py3-none-any.whl", hash = "sha256:ba77bde0a0afe13732b04997635b1ae82569e42c9696bc361c68674197988303", size = 85710, upload-time = "2025-03-15T16:17:21.839Z" },
+]
+
+[[package]]
+name = "category-encoders"
+version = "2.9.0"
+source = { registry = "https://pypi.org/simple" }
+resolution-markers = [
+    "python_full_version >= '3.14'",
+    "python_full_version >= '3.12' and python_full_version < '3.14'",
+    "python_full_version == '3.11.*'",
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/04/29/65d76d9b03e12fe752945485a370ea8a8bb92257654f5283ea956f052b85/category_encoders-2.7.0.tar.gz", hash = "sha256:ee49c550fde511b222bac40c9c8740a7afdbe2431eaafd2aa43d4cec0bf92374", size = 57538, upload-time = "2025-01-07T18:02:53.485Z" }
+dependencies = [
+    { name = "numpy", marker = "python_full_version >= '3.11'" },
+    { name = "pandas", marker = "python_full_version >= '3.11'" },
+    { name = "patsy", marker = "python_full_version >= '3.11'" },
+    { name = "scikit-learn", marker = "python_full_version >= '3.11'" },
+    { name = "scipy", marker = "python_full_version >= '3.11'" },
+    { name = "statsmodels", marker = "python_full_version >= '3.11'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/29/59/1184ce74dca0c3e3450bccbb16edfce56f559c76dc794e2d52e1e63b467d/category_encoders-2.9.0.tar.gz", hash = "sha256:659311786e909013b8e8715fd1271244789a1dea278da44058828f88eeab5b40", size = 58005, upload-time = "2025-11-02T18:13:36.929Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/cb/db/994342594822cd7ed9bc9bb67d259f2585e9034d07df9bae12133319914a/category_encoders-2.7.0-py3-none-any.whl", hash = "sha256:62c50d06c296cda69335ac3997456368a4d6eeabea0c15100db52235227c0758", size = 85421, upload-time = "2025-01-07T18:02:48.796Z" },
+    { url = "https://files.pythonhosted.org/packages/a6/06/afcae4dab08612dac244ace7f478543f4fb83bea94177231ef9b4f7bfa06/category_encoders-2.9.0-py3-none-any.whl", hash = "sha256:49c0e49cd3bd93b21c0bcc928ecbe9b3d09951a6f7fff8cc67f1f33967887227", size = 85859, upload-time = "2025-11-02T18:13:35.388Z" },
 ]
 
 [[package]]
@@ -813,7 +838,7 @@ wheels = [
 
 [[package]]
 name = "datascience-agent"
-version = "0.8.1"
+version = "0.8.4"
 source = { editable = "." }
 dependencies = [
     { name = "boruta" },
@@ -912,7 +937,7 @@ requires-dist = [
     { name = "pyyaml", specifier = ">=6.0.0" },
     { name = "rich", specifier = ">=13.0.0" },
     { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.1.0" },
-    { name = "scikit-learn", specifier = ">=1.3.0" },
+    { name = "scikit-learn", specifier = ">=1.5.0" },
     { name = "scipy", specifier = ">=1.11.0" },
     { name = "seaborn", specifier = ">=0.12.0" },
     { name = "sse-starlette", marker = "extra == 'api'", specifier = ">=1.0.0" },
@@ -3354,10 +3379,11 @@ wheels = [
 
 [[package]]
 name = "pycaret"
-version = "3.3.2"
+version = "3.3.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
-    { name = "category-encoders" },
+    { name = "category-encoders", version = "2.8.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" },
+    { name = "category-encoders", version = "2.9.0", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" },
     { name = "cloudpickle" },
     { name = "deprecation" },
     { name = "imbalanced-learn" },
@@ -3394,7 +3420,7 @@ dependencies = [
     { name = "yellowbrick" },
 ]
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/3e/6f/b3d59fac3869a7685e68aecdd35c336800bce8c8d3b45687bb82cf9a2848/pycaret-3.3.2-py3-none-any.whl", hash = "sha256:61066b85b3a51944d61110ca3575d2f5d29f403aecc073a281765adeda3f5dcb", size = 486129, upload-time = "2024-04-28T18:46:21.882Z" },
+    { url = "https://files.pythonhosted.org/packages/c7/d8/4e703f17f17d7d7764fe6d586872e787ce3a248640221f5f2d586f671eee/pycaret-3.3.0-py3-none-any.whl", hash = "sha256:e6cdb90a9cf5fc03400f604bf5eb1847229eedad5ef236a27f07f85718e0ace0", size = 485852, upload-time = "2024-02-20T04:08:49.222Z" },
 ]
 
 [[package]]
@@ -4195,7 +4221,7 @@ wheels = [
 
 [[package]]
 name = "scikit-learn"
-version = "1.4.2"
+version = "1.7.2"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "joblib" },
@@ -4203,23 +4229,38 @@ dependencies = [
     { name = "scipy" },
     { name = "threadpoolctl" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/ef/e5/c09d20723bfd91315f6f4ddc77912b0dcc09588b4ca7ad2ffa204607ad7f/scikit-learn-1.4.2.tar.gz", hash = "sha256:daa1c471d95bad080c6e44b4946c9390a4842adc3082572c20e4f8884e39e959", size = 7763055, upload-time = "2024-04-09T19:54:06.726Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/fb/f0/2fe83526acf1448ac6d5d579c65324dd0ff769fdf74a1989072edcac4210/scikit_learn-1.4.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:8539a41b3d6d1af82eb629f9c57f37428ff1481c1e34dddb3b9d7af8ede67ac5", size = 11567295, upload-time = "2024-04-09T19:53:06.085Z" },
-    { url = "https://files.pythonhosted.org/packages/7f/1c/047e16924f1e26ec8047d954613cffd174ef9cdc110c08c9bbcf9cdded4d/scikit_learn-1.4.2-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:68b8404841f944a4a1459b07198fa2edd41a82f189b44f3e1d55c104dbc2e40c", size = 10447678, upload-time = "2024-04-09T19:53:10.041Z" },
-    { url = "https://files.pythonhosted.org/packages/2c/8c/54b363fe83d30f79545f0e8bc1ff02b062d1efe738fee31e9c8db6dad40a/scikit_learn-1.4.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:81bf5d8bbe87643103334032dd82f7419bc8c8d02a763643a6b9a5c7288c5054", size = 11506998, upload-time = "2024-04-09T19:53:12.697Z" },
-    { url = "https://files.pythonhosted.org/packages/8f/38/420ee614359d8f453ffe2bb5c2e963bf50459d9bbd3f5a92aa9059658955/scikit_learn-1.4.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:36f0ea5d0f693cb247a073d21a4123bdf4172e470e6d163c12b74cbb1536cf38", size = 12140555, upload-time = "2024-04-09T19:53:16.435Z" },
-    { url = "https://files.pythonhosted.org/packages/54/43/40a4ae4b05b00cd532fe77fdd1629dd5355776d0977a7e3b8890bec309a9/scikit_learn-1.4.2-cp310-cp310-win_amd64.whl", hash = "sha256:87440e2e188c87db80ea4023440923dccbd56fbc2d557b18ced00fef79da0727", size = 10597017, upload-time = "2024-04-09T19:53:19.213Z" },
-    { url = "https://files.pythonhosted.org/packages/59/11/63de36e6933b03490fdfe5cbc9b5a68870a1281d8e705a23b33076dc82fb/scikit_learn-1.4.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:45dee87ac5309bb82e3ea633955030df9bbcb8d2cdb30383c6cd483691c546cc", size = 11558461, upload-time = "2024-04-09T19:53:22.402Z" },
-    { url = "https://files.pythonhosted.org/packages/f2/30/1299e84d2ba3bc735baf17cebbf5b9d55144243c41b3ec6559ce3cf61e23/scikit_learn-1.4.2-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:1d0b25d9c651fd050555aadd57431b53d4cf664e749069da77f3d52c5ad14b3b", size = 10451621, upload-time = "2024-04-09T19:53:25.577Z" },
-    { url = "https://files.pythonhosted.org/packages/cc/6d/2b03edb51e688db0dc2958ab18edf71c8cc313172636cbdc0b1fc7670777/scikit_learn-1.4.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b0203c368058ab92efc6168a1507d388d41469c873e96ec220ca8e74079bf62e", size = 11523470, upload-time = "2024-04-09T19:53:29.433Z" },
-    { url = "https://files.pythonhosted.org/packages/4e/53/14405a47292b59235d811a2af8634aba188ccfd1a38ef4b8042f3447d79a/scikit_learn-1.4.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:44c62f2b124848a28fd695db5bc4da019287abf390bfce602ddc8aa1ec186aae", size = 12146964, upload-time = "2024-04-09T19:53:32.662Z" },
-    { url = "https://files.pythonhosted.org/packages/79/3d/02d5d3ed359498fec3abdf65407d3c07e3b8765af17464969055aaec5171/scikit_learn-1.4.2-cp311-cp311-win_amd64.whl", hash = "sha256:5cd7b524115499b18b63f0c96f4224eb885564937a0b3477531b2b63ce331904", size = 10602955, upload-time = "2024-04-09T19:53:35.147Z" },
-    { url = "https://files.pythonhosted.org/packages/81/3f/bdd6c812eb5356410ed26a673f80670138c24eea1ea7c484da022783cc28/scikit_learn-1.4.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:90378e1747949f90c8f385898fff35d73193dfcaec3dd75d6b542f90c4e89755", size = 11555151, upload-time = "2024-04-09T19:53:37.797Z" },
-    { url = "https://files.pythonhosted.org/packages/fc/f1/7028da970a41c542a0f3a2234f78040c820dae87ed7e949cec9f585f2b1a/scikit_learn-1.4.2-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:ff4effe5a1d4e8fed260a83a163f7dbf4f6087b54528d8880bab1d1377bd78be", size = 10462894, upload-time = "2024-04-09T19:53:41.271Z" },
-    { url = "https://files.pythonhosted.org/packages/5d/ce/8937a0c6afd79f3486f39361ff58dd299ca1b19deb6b9deb59fe510d212f/scikit_learn-1.4.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:671e2f0c3f2c15409dae4f282a3a619601fa824d2c820e5b608d9d775f91780c", size = 11507077, upload-time = "2024-04-09T19:53:43.937Z" },
-    { url = "https://files.pythonhosted.org/packages/bc/f6/761881cb1cec60874be76831571c76d596bcf3d13959390e73f4c745086f/scikit_learn-1.4.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d36d0bc983336bbc1be22f9b686b50c964f593c8a9a913a792442af9bf4f5e68", size = 12247981, upload-time = "2024-04-09T19:53:46.531Z" },
-    { url = "https://files.pythonhosted.org/packages/40/77/91f92b2fddbd14201bf36cd0c0e7279f1501a88e7a00ef11261c4b95bb7a/scikit_learn-1.4.2-cp312-cp312-win_amd64.whl", hash = "sha256:d762070980c17ba3e9a4a1e043ba0518ce4c55152032f1af0ca6f39b376b5928", size = 10600450, upload-time = "2024-04-09T19:53:49.637Z" },
+sdist = { url = "https://files.pythonhosted.org/packages/98/c2/a7855e41c9d285dfe86dc50b250978105dce513d6e459ea66a6aeb0e1e0c/scikit_learn-1.7.2.tar.gz", hash = "sha256:20e9e49ecd130598f1ca38a1d85090e1a600147b9c02fa6f15d69cb53d968fda", size = 7193136, upload-time = "2025-09-09T08:21:29.075Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ba/3e/daed796fd69cce768b8788401cc464ea90b306fb196ae1ffed0b98182859/scikit_learn-1.7.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6b33579c10a3081d076ab403df4a4190da4f4432d443521674637677dc91e61f", size = 9336221, upload-time = "2025-09-09T08:20:19.328Z" },
+    { url = "https://files.pythonhosted.org/packages/1c/ce/af9d99533b24c55ff4e18d9b7b4d9919bbc6cd8f22fe7a7be01519a347d5/scikit_learn-1.7.2-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:36749fb62b3d961b1ce4fedf08fa57a1986cd409eff2d783bca5d4b9b5fce51c", size = 8653834, upload-time = "2025-09-09T08:20:22.073Z" },
+    { url = "https://files.pythonhosted.org/packages/58/0e/8c2a03d518fb6bd0b6b0d4b114c63d5f1db01ff0f9925d8eb10960d01c01/scikit_learn-1.7.2-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:7a58814265dfc52b3295b1900cfb5701589d30a8bb026c7540f1e9d3499d5ec8", size = 9660938, upload-time = "2025-09-09T08:20:24.327Z" },
+    { url = "https://files.pythonhosted.org/packages/2b/75/4311605069b5d220e7cf5adabb38535bd96f0079313cdbb04b291479b22a/scikit_learn-1.7.2-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4a847fea807e278f821a0406ca01e387f97653e284ecbd9750e3ee7c90347f18", size = 9477818, upload-time = "2025-09-09T08:20:26.845Z" },
+    { url = "https://files.pythonhosted.org/packages/7f/9b/87961813c34adbca21a6b3f6b2bea344c43b30217a6d24cc437c6147f3e8/scikit_learn-1.7.2-cp310-cp310-win_amd64.whl", hash = "sha256:ca250e6836d10e6f402436d6463d6c0e4d8e0234cfb6a9a47835bd392b852ce5", size = 8886969, upload-time = "2025-09-09T08:20:29.329Z" },
+    { url = "https://files.pythonhosted.org/packages/43/83/564e141eef908a5863a54da8ca342a137f45a0bfb71d1d79704c9894c9d1/scikit_learn-1.7.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:c7509693451651cd7361d30ce4e86a1347493554f172b1c72a39300fa2aea79e", size = 9331967, upload-time = "2025-09-09T08:20:32.421Z" },
+    { url = "https://files.pythonhosted.org/packages/18/d6/ba863a4171ac9d7314c4d3fc251f015704a2caeee41ced89f321c049ed83/scikit_learn-1.7.2-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:0486c8f827c2e7b64837c731c8feff72c0bd2b998067a8a9cbc10643c31f0fe1", size = 8648645, upload-time = "2025-09-09T08:20:34.436Z" },
+    { url = "https://files.pythonhosted.org/packages/ef/0e/97dbca66347b8cf0ea8b529e6bb9367e337ba2e8be0ef5c1a545232abfde/scikit_learn-1.7.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:89877e19a80c7b11a2891a27c21c4894fb18e2c2e077815bcade10d34287b20d", size = 9715424, upload-time = "2025-09-09T08:20:36.776Z" },
+    { url = "https://files.pythonhosted.org/packages/f7/32/1f3b22e3207e1d2c883a7e09abb956362e7d1bd2f14458c7de258a26ac15/scikit_learn-1.7.2-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8da8bf89d4d79aaec192d2bda62f9b56ae4e5b4ef93b6a56b5de4977e375c1f1", size = 9509234, upload-time = "2025-09-09T08:20:38.957Z" },
+    { url = "https://files.pythonhosted.org/packages/9f/71/34ddbd21f1da67c7a768146968b4d0220ee6831e4bcbad3e03dd3eae88b6/scikit_learn-1.7.2-cp311-cp311-win_amd64.whl", hash = "sha256:9b7ed8d58725030568523e937c43e56bc01cadb478fc43c042a9aca1dacb3ba1", size = 8894244, upload-time = "2025-09-09T08:20:41.166Z" },
+    { url = "https://files.pythonhosted.org/packages/a7/aa/3996e2196075689afb9fce0410ebdb4a09099d7964d061d7213700204409/scikit_learn-1.7.2-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:8d91a97fa2b706943822398ab943cde71858a50245e31bc71dba62aab1d60a96", size = 9259818, upload-time = "2025-09-09T08:20:43.19Z" },
+    { url = "https://files.pythonhosted.org/packages/43/5d/779320063e88af9c4a7c2cf463ff11c21ac9c8bd730c4a294b0000b666c9/scikit_learn-1.7.2-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:acbc0f5fd2edd3432a22c69bed78e837c70cf896cd7993d71d51ba6708507476", size = 8636997, upload-time = "2025-09-09T08:20:45.468Z" },
+    { url = "https://files.pythonhosted.org/packages/5c/d0/0c577d9325b05594fdd33aa970bf53fb673f051a45496842caee13cfd7fe/scikit_learn-1.7.2-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e5bf3d930aee75a65478df91ac1225ff89cd28e9ac7bd1196853a9229b6adb0b", size = 9478381, upload-time = "2025-09-09T08:20:47.982Z" },
+    { url = "https://files.pythonhosted.org/packages/82/70/8bf44b933837ba8494ca0fc9a9ab60f1c13b062ad0197f60a56e2fc4c43e/scikit_learn-1.7.2-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b4d6e9deed1a47aca9fe2f267ab8e8fe82ee20b4526b2c0cd9e135cea10feb44", size = 9300296, upload-time = "2025-09-09T08:20:50.366Z" },
+    { url = "https://files.pythonhosted.org/packages/c6/99/ed35197a158f1fdc2fe7c3680e9c70d0128f662e1fee4ed495f4b5e13db0/scikit_learn-1.7.2-cp312-cp312-win_amd64.whl", hash = "sha256:6088aa475f0785e01bcf8529f55280a3d7d298679f50c0bb70a2364a82d0b290", size = 8731256, upload-time = "2025-09-09T08:20:52.627Z" },
+    { url = "https://files.pythonhosted.org/packages/ae/93/a3038cb0293037fd335f77f31fe053b89c72f17b1c8908c576c29d953e84/scikit_learn-1.7.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:0b7dacaa05e5d76759fb071558a8b5130f4845166d88654a0f9bdf3eb57851b7", size = 9212382, upload-time = "2025-09-09T08:20:54.731Z" },
+    { url = "https://files.pythonhosted.org/packages/40/dd/9a88879b0c1104259136146e4742026b52df8540c39fec21a6383f8292c7/scikit_learn-1.7.2-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:abebbd61ad9e1deed54cca45caea8ad5f79e1b93173dece40bb8e0c658dbe6fe", size = 8592042, upload-time = "2025-09-09T08:20:57.313Z" },
+    { url = "https://files.pythonhosted.org/packages/46/af/c5e286471b7d10871b811b72ae794ac5fe2989c0a2df07f0ec723030f5f5/scikit_learn-1.7.2-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:502c18e39849c0ea1a5d681af1dbcf15f6cce601aebb657aabbfe84133c1907f", size = 9434180, upload-time = "2025-09-09T08:20:59.671Z" },
+    { url = "https://files.pythonhosted.org/packages/f1/fd/df59faa53312d585023b2da27e866524ffb8faf87a68516c23896c718320/scikit_learn-1.7.2-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:7a4c328a71785382fe3fe676a9ecf2c86189249beff90bf85e22bdb7efaf9ae0", size = 9283660, upload-time = "2025-09-09T08:21:01.71Z" },
+    { url = "https://files.pythonhosted.org/packages/a7/c7/03000262759d7b6f38c836ff9d512f438a70d8a8ddae68ee80de72dcfb63/scikit_learn-1.7.2-cp313-cp313-win_amd64.whl", hash = "sha256:63a9afd6f7b229aad94618c01c252ce9e6fa97918c5ca19c9a17a087d819440c", size = 8702057, upload-time = "2025-09-09T08:21:04.234Z" },
+    { url = "https://files.pythonhosted.org/packages/55/87/ef5eb1f267084532c8e4aef98a28b6ffe7425acbfd64b5e2f2e066bc29b3/scikit_learn-1.7.2-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:9acb6c5e867447b4e1390930e3944a005e2cb115922e693c08a323421a6966e8", size = 9558731, upload-time = "2025-09-09T08:21:06.381Z" },
+    { url = "https://files.pythonhosted.org/packages/93/f8/6c1e3fc14b10118068d7938878a9f3f4e6d7b74a8ddb1e5bed65159ccda8/scikit_learn-1.7.2-cp313-cp313t-macosx_12_0_arm64.whl", hash = "sha256:2a41e2a0ef45063e654152ec9d8bcfc39f7afce35b08902bfe290c2498a67a6a", size = 9038852, upload-time = "2025-09-09T08:21:08.628Z" },
+    { url = "https://files.pythonhosted.org/packages/83/87/066cafc896ee540c34becf95d30375fe5cbe93c3b75a0ee9aa852cd60021/scikit_learn-1.7.2-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:98335fb98509b73385b3ab2bd0639b1f610541d3988ee675c670371d6a87aa7c", size = 9527094, upload-time = "2025-09-09T08:21:11.486Z" },
+    { url = "https://files.pythonhosted.org/packages/9c/2b/4903e1ccafa1f6453b1ab78413938c8800633988c838aa0be386cbb33072/scikit_learn-1.7.2-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:191e5550980d45449126e23ed1d5e9e24b2c68329ee1f691a3987476e115e09c", size = 9367436, upload-time = "2025-09-09T08:21:13.602Z" },
+    { url = "https://files.pythonhosted.org/packages/b5/aa/8444be3cfb10451617ff9d177b3c190288f4563e6c50ff02728be67ad094/scikit_learn-1.7.2-cp313-cp313t-win_amd64.whl", hash = "sha256:57dc4deb1d3762c75d685507fbd0bc17160144b2f2ba4ccea5dc285ab0d0e973", size = 9275749, upload-time = "2025-09-09T08:21:15.96Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/82/dee5acf66837852e8e68df6d8d3a6cb22d3df997b733b032f513d95205b7/scikit_learn-1.7.2-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:fa8f63940e29c82d1e67a45d5297bdebbcb585f5a5a50c4914cc2e852ab77f33", size = 9208906, upload-time = "2025-09-09T08:21:18.557Z" },
+    { url = "https://files.pythonhosted.org/packages/3c/30/9029e54e17b87cb7d50d51a5926429c683d5b4c1732f0507a6c3bed9bf65/scikit_learn-1.7.2-cp314-cp314-macosx_12_0_arm64.whl", hash = "sha256:f95dc55b7902b91331fa4e5845dd5bde0580c9cd9612b1b2791b7e80c3d32615", size = 8627836, upload-time = "2025-09-09T08:21:20.695Z" },
+    { url = "https://files.pythonhosted.org/packages/60/18/4a52c635c71b536879f4b971c2cedf32c35ee78f48367885ed8025d1f7ee/scikit_learn-1.7.2-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9656e4a53e54578ad10a434dc1f993330568cfee176dff07112b8785fb413106", size = 9426236, upload-time = "2025-09-09T08:21:22.645Z" },
+    { url = "https://files.pythonhosted.org/packages/99/7e/290362f6ab582128c53445458a5befd471ed1ea37953d5bcf80604619250/scikit_learn-1.7.2-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:96dc05a854add0e50d3f47a1ef21a10a595016da5b007c7d9cd9d0bffd1fcc61", size = 9312593, upload-time = "2025-09-09T08:21:24.65Z" },
+    { url = "https://files.pythonhosted.org/packages/8e/87/24f541b6d62b1794939ae6422f8023703bbf6900378b2b34e0b4384dfefd/scikit_learn-1.7.2-cp314-cp314-win_amd64.whl", hash = "sha256:bb24510ed3f9f61476181e4db51ce801e2ba37541def12dc9333b946fc7a9cf8", size = 8820007, upload-time = "2025-09-09T08:21:26.713Z" },
 ]
 
 [[package]]
@@ -4382,9 +4423,10 @@ wheels = [
 
 [[package]]
 name = "sktime"
-version = "0.26.0"
+version = "0.40.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
+    { name = "joblib" },
     { name = "numpy" },
     { name = "packaging" },
     { name = "pandas" },
@@ -4392,9 +4434,9 @@ dependencies = [
     { name = "scikit-learn" },
     { name = "scipy" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/d4/29/6cae2f9d7844a17eff972e104ac773deac91cfa161d26e91e75ebd80c1dd/sktime-0.26.0.tar.gz", hash = "sha256:4b3641c8c93d55f285c5d12101263e40a098650877aff4b2e63d9c1a3a63b8e8", size = 21055778, upload-time = "2024-01-27T05:22:55.252Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/84/7a/22b99a00a7cabaa34c350f78f33ae89711cfc08deef06043daee3835dbb3/sktime-0.40.1.tar.gz", hash = "sha256:bbf3c2971c7ad388fbebc1d1fb573e20f730e6486c00935b336d8edf13bca04d", size = 35197759, upload-time = "2025-11-25T00:03:38.744Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/90/4c/ef5aa0d46210e974df138cc014955d2d5acb6d36af0ce1ee145d276e4a35/sktime-0.26.0-py3-none-any.whl", hash = "sha256:f4d1e76cfda682db26071bb1ac1aff751dd7647026502f30c652bf7044ab5e6c", size = 21806760, upload-time = "2024-01-27T05:22:50.428Z" },
+    { url = "https://files.pythonhosted.org/packages/7e/0d/3b2e5b51593009f72fb7fb6956e6c652da1450c8c5484c40a276113c2114/sktime-0.40.1-py3-none-any.whl", hash = "sha256:130bb0c39ca4377e491c4dfa64c8ac67c3de2660dd406dd7690db6a8ac349c4e", size = 36265753, upload-time = "2025-11-25T00:03:34.522Z" },
 ]
 
 [[package]]

From 8dbed24f46f059fc9b5a842004b3d089d71d452c Mon Sep 17 00:00:00 2001
From: Noel Moreno Lemus <nmlemus@gmail.com>
Date: Wed, 18 Feb 2026 19:06:13 -0500
Subject: [PATCH 2/5] test: health response version from package __version__

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 tests/test_server.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tests/test_server.py b/tests/test_server.py
index 29763f2..1712252 100644
--- a/tests/test_server.py
+++ b/tests/test_server.py
@@ -182,13 +182,14 @@ def test_websocket_event_error(self):
         assert event.data["code"] == "print('error')"
 
     def test_health_response(self):
-        """Test HealthResponse model."""
+        """Test HealthResponse model (version matches package)."""
+        from dsagent import __version__
         response = HealthResponse(
             status="ok",
-            version="0.6.1",
+            version=__version__,
         )
         assert response.status == "ok"
-        assert response.version == "0.6.1"
+        assert response.version == __version__
 
     def test_readiness_response(self):
         """Test ReadinessResponse model."""

From de08147b8d6c6f4efb29887259fb25edc9432c54 Mon Sep 17 00:00:00 2001
From: Noel Moreno Lemus <nmlemus@gmail.com>
Date: Wed, 18 Feb 2026 19:07:18 -0500
Subject: [PATCH 3/5] chore: bump version to 0.9.0 for release

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 Dockerfile              | 2 +-
 pyproject.toml          | 2 +-
 src/dsagent/__init__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index da95045..0b2052e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ARG INSTALL_LATEX=false
 
 # Labels
 LABEL maintainer="DSAgent Contributors"
-LABEL version="0.8.4"
+LABEL version="0.9.0"
 LABEL description="AI-powered autonomous agent for data science"
 
 # Set environment variables
diff --git a/pyproject.toml b/pyproject.toml
index 36fd893..cbbdba6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "datascience-agent"
-version = "0.8.4"
+version = "0.9.0"
 description = "AI Agent with dynamic planning and persistent Jupyter kernel execution for data analysis"
 readme = "README.md"
 license = "MIT"
diff --git a/src/dsagent/__init__.py b/src/dsagent/__init__.py
index 7407aef..c3f2aea 100644
--- a/src/dsagent/__init__.py
+++ b/src/dsagent/__init__.py
@@ -62,7 +62,7 @@
     MCPServerConfig = None  # type: ignore
     _MCP_AVAILABLE = False
 
-__version__ = "0.8.4"
+__version__ = "0.9.0"
 
 __all__ = [
     # Main classes

From 0a330b23bc8ef7b60030b56453f1ec1e259ce20a Mon Sep 17 00:00:00 2001
From: Noel Moreno Lemus <nmlemus@gmail.com>
Date: Wed, 18 Feb 2026 19:22:25 -0500
Subject: [PATCH 4/5] fix: validate session paths under workspace for code
 scanning

- files: _get_session_path now resolves path and ensures it is under
  session_manager.workspace_path before use
- artifacts: add _ensure_artifacts_path_under_workspace; use it in
  list_artifacts, download_artifact, delete_artifact before using
  session.artifacts_path
- Addresses GitHub Advanced Security 'Uncontrolled data used in path
  expression' review comments on PR #46

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 src/dsagent/server/routes/artifacts.py | 34 +++++++++++++++++++++++---
 src/dsagent/server/routes/files.py     | 19 +++++++++++---
 2 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/src/dsagent/server/routes/artifacts.py b/src/dsagent/server/routes/artifacts.py
index acf6dd2..124607e 100644
--- a/src/dsagent/server/routes/artifacts.py
+++ b/src/dsagent/server/routes/artifacts.py
@@ -118,6 +118,28 @@ def _get_media_type(filename: str) -> str:
     return media_types.get(suffix, "application/octet-stream")
 
 
+def _ensure_artifacts_path_under_workspace(
+    session_manager: SessionManager,
+    artifacts_path_str: str,
+) -> Path:
+    """Resolve artifacts path and ensure it is under session manager workspace."""
+    path = Path(artifacts_path_str).resolve()
+    workspace_root = Path(session_manager.workspace_path).resolve()
+    try:
+        if not path.is_relative_to(workspace_root):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    except (ValueError, AttributeError):
+        if path != workspace_root and not str(path).startswith(str(workspace_root) + os.sep):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    return path
+
+
 def _resolve_artifact_path(base_path: Path, filename: str) -> Path:
     """Resolve artifact path and ensure it stays under base_path (path traversal guard)."""
     safe_name = Path(filename).name
@@ -193,7 +215,9 @@ async def list_artifacts(
             session_id=session_id,
         )
 
-    artifacts_path = Path(session.artifacts_path)
+    artifacts_path = _ensure_artifacts_path_under_workspace(
+        session_manager, session.artifacts_path
+    )
     if not artifacts_path.exists():
         return ArtifactListResponse(
             artifacts=[],
@@ -266,7 +290,9 @@ async def download_artifact(
             detail=f"Session {session_id} has no artifacts path",
         )
 
-    base_path = Path(session.artifacts_path)
+    base_path = _ensure_artifacts_path_under_workspace(
+        session_manager, session.artifacts_path
+    )
     file_path = _resolve_artifact_path(base_path, filename)
     if not file_path.exists():
         raise HTTPException(
@@ -314,7 +340,9 @@ async def delete_artifact(
             detail=f"Session {session_id} has no artifacts path",
         )
 
-    base_path = Path(session.artifacts_path)
+    base_path = _ensure_artifacts_path_under_workspace(
+        session_manager, session.artifacts_path
+    )
     file_path = _resolve_artifact_path(base_path, filename)
     if not file_path.exists():
         raise HTTPException(
diff --git a/src/dsagent/server/routes/files.py b/src/dsagent/server/routes/files.py
index 06bad67..1151c66 100644
--- a/src/dsagent/server/routes/files.py
+++ b/src/dsagent/server/routes/files.py
@@ -103,10 +103,23 @@ def _get_session_path(
             detail=f"Session {session_id} has no {category} path configured",
         )
 
-    # Ensure path exists
-    path = Path(path)
-    path.mkdir(parents=True, exist_ok=True)
+    # Ensure path is under workspace (path traversal guard for session-derived paths)
+    path = Path(path).resolve()
+    workspace_root = Path(session_manager.workspace_path).resolve()
+    try:
+        if not path.is_relative_to(workspace_root):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
+    except (ValueError, AttributeError):
+        if path != workspace_root and not str(path).startswith(str(workspace_root) + os.sep):
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Invalid path",
+            )
 
+    path.mkdir(parents=True, exist_ok=True)
     return path
 
 

From f8dc82bb1350c5700398b7da6b36f4c56d544aa8 Mon Sep 17 00:00:00 2001
From: Noel Moreno Lemus <nmlemus@gmail.com>
Date: Wed, 18 Feb 2026 19:25:31 -0500
Subject: [PATCH 5/5] chore: update uv.lock for version 0.9.0

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 uv.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/uv.lock b/uv.lock
index 959c6a8..29e2ae2 100644
--- a/uv.lock
+++ b/uv.lock
@@ -838,7 +838,7 @@ wheels = [
 
 [[package]]
 name = "datascience-agent"
-version = "0.8.4"
+version = "0.9.0"
 source = { editable = "." }
 dependencies = [
     { name = "boruta" },