curo1305
b1a136b5be
CR-01: add `except HTTPException: raise` before broad except in stream_document_content — prevents 503 (reconnect prompt) from being swallowed and replaced with misleading 502 CR-02: move pre-flight credential checks BEFORE Redis setex in oauth_initiate — no orphan state tokens written for unconfigured providers; also adds onedrive_tenant_id to OneDrive pre-flight condition (WR-02) CR-03: add CLOUD_CREDS_KEY to celery-worker environment in docker-compose.yml — worker cannot decrypt cloud credentials without this key; every cloud document task was silently failing at runtime WR-03: assert Redis store empty after 400 pre-flight responses in both new tests — confirms no token leak on misconfigured-provider requests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>