## Deployment Complete **Action Taken:** Deployed the previously-implemented fix to production. **What was done:** 1. Verified the fix commit (f4afeb5) is in main branch and was already synced to production server 2. Rebuilt and redeployed the frontend container: - Old container was 11 hours old (before fix was merged) - New container built from latest code with credentials: include fix 3. Verified both frontend and backend are healthy and responding **Verification:** - Backend health: healthy - Frontend: Serving new build (index-CMI6JHxu.js) - Containers: Both backend (healthy) and frontend (starting) are running **Note:** The code fix was already implemented in a previous session. This session focused on deploying that fix to production where the actual error was occurring. The issue should be verified by testing a research query on joplexity.roboalch.com to confirm the Failed to start research error is resolved.

[QA] Code implementation is correct and all tests pass (39/40 in backend.test.ts). However, the fix has NOT been deployed to production yet. The frontend Docker image is 11 hours old, but the fix commit (f4afeb5) was made recently. Deploy with: cd ~/setup/joplexity && sudo docker compose up -d --build frontend. See detailed QA report at /tmp/qa-PPLX-83.md

## Fix Implemented **Root Cause:** The `fetchWithRetry` helper function (used by most API calls) and `streamQuery` function were not including `credentials: 'include'` in fetch options. This meant authentication cookies were not sent with requests, causing the backend to return 401 Unauthorized. **Changes Made:** 1. **Modified `fetchWithRetry()` in `src/src/api/backend.ts:204-208`** - Added `credentials: 'include'` to all requests using this helper - This automatically fixes all API calls that use `fetchWithRetry`: `createThread`, `getThreads`, `getThread`, `deleteThread`, `createAsyncQuery`, `getAsyncQueryProgress`, `getAsyncQueryResult`, `listAsyncQueries`, `getAnalyticsUsage`, `getAnalyticsTrends`, `getResearchReports`, `checkAuth`, `login`, `logout`, `getUsageSummary`, `getUsageBreakdown` 2. **Modified `streamQuery()` in `src/src/api/backend.ts:396`** - Added `credentials: 'include'` to the direct fetch call used for streaming queries 3. **Removed redundant explicit credentials** from `getUsageSummary` and `getUsageBreakdown` since `fetchWithRetry` now handles this automatically. 4. **Added test suite** in `src/src/api/backend.test.ts:886-977` - New describe block 'API credentials' with 6 tests verifying credentials are included in major API calls **Verification:** - All 40 tests in `backend.test.ts` pass (1 intentionally skipped) - The fix ensures authentication cookies are now sent with every API request **Note:** Other test failures in the project are pre-existing issues (using `jest.fn()` instead of `vi.fn()` in vitest) and unrelated to this fix.

## Bug Triage Complete **Reproduction:** CONFIRMED - 401 Unauthorized errors in production logs **Root Cause:** Multiple API functions in `/src/src/api/backend.ts` are missing `credentials: 'include'` in their fetch options. This means the authentication cookie is not sent with requests, causing the backend to return 401 Unauthorized. **Primary Affected Function:** `createAsyncQuery()` at line 563 - directly causes the 'Failed to start research' error. **TDD Approach:** 1. Write test verifying `credentials: 'include'` is present in all fetch calls 2. Add `credentials: 'include'` to affected functions (or modify `fetchWithRetry` helper) 3. Verify manual testing on production **Recommended Fix:** Modify the `fetchWithRetry` helper function to always include credentials. **Complexity:** Low - simple fix **Priority:** High (unchanged) See attached triage report for full details.