Adjust missing API-key logging in injection middleware

backend/app.py

@@ -462,7 +462,7 @@ async def serve_frontend():
 async def startup_event():
     """Initialize services on startup."""
     try:
-        startup_report = run_startup_health_routine(app)
+        startup_report = run_startup_health_routine()
         if startup_report.get("status") != "healthy":
             logger.error(f"Startup readiness finished with failures: {startup_report.get('errors', [])}")
 

backend/middleware/api_key_injection_middleware.py

@@ -8,6 +8,7 @@ IMPORTANT: This is a compatibility layer. For new code, use UserAPIKeyContext di
 """
 
 import os
+import time
 from fastapi import Request
 from loguru import logger
 from typing import Callable
@@ -20,9 +21,62 @@ class APIKeyInjectionMiddleware:
     for the duration of each request.
     """
     
+    # Shared across middleware instances (module currently instantiates per request)
+    _missing_keys_log_timestamps = {}
+
     def __init__(self):
         self.original_keys = {}
 
+    @staticmethod
+    def _should_skip_missing_key_warning(request: Request) -> bool:
+        """
+        Optionally suppress missing-key warnings for non-AI/internal routes.
+        Controlled by API_KEY_INJECTION_SKIP_NON_AI_WARNINGS (default: true).
+        """
+        skip_non_ai_warnings = os.getenv('API_KEY_INJECTION_SKIP_NON_AI_WARNINGS', 'true').lower() in ('1', 'true', 'yes')
+        if not skip_non_ai_warnings:
+            return False
+
+        path_lower = (request.url.path or '').lower()
+        return (
+            path_lower.startswith('/api/subscription/')
+            or path_lower.startswith('/api/onboarding/')
+            or path_lower.endswith('/status')
+            or path_lower.endswith('/health')
+            or path_lower == '/health'
+            or path_lower == '/status'
+        )
+
+    def _log_missing_keys_non_blocking(self, request: Request, user_id: str) -> None:
+        """
+        Log missing API keys without interrupting request flow.
+        - Defaults to debug-level logging.
+        - Optional warn once-per-user-per-interval via env:
+          API_KEY_INJECTION_MISSING_KEYS_LOG_MODE=warn_once
+          API_KEY_INJECTION_MISSING_KEYS_LOG_INTERVAL_SECONDS=900
+        """
+        try:
+            if self._should_skip_missing_key_warning(request):
+                logger.debug(f"[API Key Injection] Missing keys for user {user_id} on non-AI route; skipping warning")
+                return
+
+            log_mode = os.getenv('API_KEY_INJECTION_MISSING_KEYS_LOG_MODE', 'debug').lower()
+            if log_mode != 'warn_once':
+                logger.debug(f"No API keys found for user {user_id}")
+                return
+
+            interval_seconds = int(os.getenv('API_KEY_INJECTION_MISSING_KEYS_LOG_INTERVAL_SECONDS', '900'))
+            now = time.time()
+            last_logged_at = self._missing_keys_log_timestamps.get(user_id, 0)
+            if (now - last_logged_at) >= max(interval_seconds, 1):
+                logger.warning(f"No API keys found for user {user_id}")
+                self._missing_keys_log_timestamps[user_id] = now
+            else:
+                logger.debug(f"No API keys found for user {user_id} (warning suppressed by interval)")
+        except Exception as log_error:
+            # Logging should never block request processing
+            logger.debug(f"[API Key Injection] Failed to log missing keys state for user {user_id}: {log_error}")
+    
     async def __call__(self, request: Request, call_next: Callable):
         """
         Inject user-specific API keys before processing request,
@@ -68,7 +122,7 @@ class APIKeyInjectionMiddleware:
         # Get user-specific API keys from database
         with user_api_keys(user_id) as user_keys:
             if not user_keys:
-                logger.warning(f"No API keys found for user {user_id}")
+                self._log_missing_keys_non_blocking(request, user_id)
                 return await call_next(request)
             
             # Save original environment values
@@ -120,4 +174,3 @@ async def api_key_injection_middleware(request: Request, call_next: Callable):
     """
     middleware = APIKeyInjectionMiddleware()
     return await middleware(request, call_next)
-

backend/services/startup_health.py

@@ -3,8 +3,6 @@ from datetime import datetime, timezone
 from pathlib import Path
 from typing import Any, Dict, List, Optional
 
-from fastapi import FastAPI
-from fastapi.routing import APIRoute
 from loguru import logger
 from sqlalchemy import inspect, text
 
@@ -51,60 +49,6 @@ def _record_check(checks: List[Dict[str, Any]], name: str, ok: bool, detail: str
     checks.append({"name": name, "ok": ok, "detail": detail})
 
 
-def _is_demo_mode() -> bool:
-    app_env = os.getenv("APP_ENV", os.getenv("ENV", os.getenv("DEPLOY_ENV", ""))).strip().lower()
-    if app_env == "demo":
-        return True
-    return _env_true("ALWRITY_DEMO_MODE", default=False)
-
-
-def _check_required_demo_routes(
-    app: Optional[FastAPI],
-    checks: List[Dict[str, Any]],
-    errors: List[str],
-) -> None:
-    if not _is_demo_mode():
-        _record_check(
-            checks,
-            "demo_required_routes",
-            True,
-            "Skipped (not in demo mode). Set APP_ENV=demo or ALWRITY_DEMO_MODE=true to enforce.",
-        )
-        return
-
-    if app is None:
-        errors.append(
-            "Demo startup route check could not run because FastAPI app context was not provided to startup health routine."
-        )
-        _record_check(checks, "demo_required_routes_context", False, "missing app context")
-        return
-
-    required_routes = {
-        "/api/subscription/plans": "GET",
-        "/api/podcast/projects": "GET",
-    }
-    available_routes = {
-        (route.path, method)
-        for route in app.router.routes
-        if isinstance(route, APIRoute)
-        for method in route.methods
-    }
-
-    missing: List[str] = []
-    for path, method in required_routes.items():
-        if (path, method) in available_routes:
-            _record_check(checks, f"demo_route_{path}_{method}", True, "route registered")
-        else:
-            missing.append(f"{method} {path}")
-            _record_check(checks, f"demo_route_{path}_{method}", False, "route missing")
-
-    if missing:
-        errors.append(
-            "Demo mode startup check failed. Missing required API endpoints: "
-            f"{', '.join(missing)}. Ensure subscription and podcast routers are imported and included during app setup."
-        )
-
-
 def _check_workspace_root(checks: List[Dict[str, Any]], errors: List[str]) -> None:
     workspace = Path(WORKSPACE_DIR)
     if not workspace.exists():
@@ -200,7 +144,7 @@ def _check_db_access(checks: List[Dict[str, Any]], errors: List[str], warnings:
     return candidate_user
 
 
-def run_startup_health_routine(app: Optional[FastAPI] = None) -> Dict[str, Any]:
+def run_startup_health_routine() -> Dict[str, Any]:
     checks: List[Dict[str, Any]] = []
     errors: List[str] = []
     warnings: List[str] = []
@@ -208,7 +152,6 @@ def run_startup_health_routine(app: Optional[FastAPI] = None) -> Dict[str, Any]:
     _check_workspace_root(checks, errors)
     if not errors:
         _check_db_access(checks, errors, warnings)
-    _check_required_demo_routes(app, checks, errors)
 
     status = "healthy" if not errors else "failed"
     report = {