Internal FAQ¶
How do I add a new Flask route?
Create a function in the appropriate blueprint file. Register the blueprint in lenzeye_database.py if it's a new file. Test locally before pushing to dev.
How do I add a new database column?
1. Add the column to the model in lenzeye_BiodataStructure.py or the relevant model file.
2. Run flask db migrate -m "add column description".
3. Run flask db upgrade locally to verify.
4. Commit the migration file in migrations/.
5. After deploy, Render runs flask db upgrade automatically (if configured) or manually via Shell.
How do I test a change to the encrypted upload path?
1. Set MASTER_KEY in sendgrid.env.
2. Create a test user with encrypt_data_b=True (via admin panel locally).
3. Use the guest upload page to upload a small file.
4. Verify the file appears in Wasabi with lenzeye-encrypted: true metadata.
5. Download and verify the file is readable and HMAC passes.
How do I deploy a fix to production?
1. Push to feature/* or fix/* branch.
2. PR into dev, test on dev.
3. PR from dev into main, founder approves.
4. Render auto-deploys on merge.
5. Check Render logs for startup errors.
Production is down. What do I do?
1. Check Render Dashboard → Logs for the error.
2. Check /upload/ram-status — if RAM is 0, the server is unresponsive (OOM).
3. In Render Dashboard → Manual Deploy → deploy the last known-good commit.
4. If OOM: check if --workers was recently changed. Revert to 1 worker.
5. Escalate to founder if the issue is in the encrypted upload path.
How do I check if a user's files are encrypted?
In Wasabi console or via boto3:
python
head = s3.head_object(Bucket=bucket_name, Key=f"{email}/{folder}/{filename}")
print(head['Metadata'].get('lenzeye-encrypted')) # 'true' if encrypted
How do I grant a user lab portal access?
Admin Panel → Lab Portal → Grant Access → enter user email → submit. The system generates lab_id and lab_pin and sends an email to the user.
How do I update the documentation?
1. Edit the relevant .md file in docs/.
2. Test locally: mkdocs serve in the Lenzeye_Documentation folder.
3. Push to main in the docs repo.
4. GitHub Actions auto-deploys to GitHub Pages.
How do I add a new environment variable?
1. Add it to sendgrid.env locally.
2. Add it to render.env.
3. Add it to Render Dashboard → Environment.
4. Document it in docs/private/deployment/environment-variables.md.
5. Load it with os.getenv('VAR_NAME') — never hardcode.
How do I check Wasabi storage for a user?
python
from admin_db_operations import calculate_storage_used_from_wasabi
storage_gb = calculate_storage_used_from_wasabi('user@example.com')
print(f"{storage_gb:.2f} GB")
How do I rotate a user's encryption key? Admin Panel → Encryption Management → Find user → Rotate Key. The old key is retained in DB. New files use the new key. Old files still decrypt with the old key (key version tracked in S3 metadata).
How do I clean up incomplete multipart uploads?
python
from wasabiboto3 import s3, bucket_name
response = s3.list_multipart_uploads(Bucket=bucket_name)
for upload in response.get('Uploads', []):
s3.abort_multipart_upload(
Bucket=bucket_name,
Key=upload['Key'],
UploadId=upload['UploadId']
)
print(f"Aborted: {upload['Key']}")
Run this monthly or after any production crash during upload.
Who do I contact for what?
| Issue | Contact |
|---|---|
| Production down | Founder (immediate) |
| Encryption questions | Founder |
| Access to secrets/env | Founder |
Code review for main |
Founder approval required |
| Documentation updates | Any team member |
| Wasabi S3 issues | Founder (has root IAM access) |
Where is the most important code?
| File | Why Important |
|---|---|
Features/SecureStorage/guest_upload_routes.py |
Core upload feature, encryption, HMAC |
lenzeye_encryption_service.py |
All cryptographic operations |
lenzeye_database.py |
App factory, all blueprint registrations |
admin_routes.py |
Platform control center |
Procfile |
Gunicorn config — do not change without RAM validation |