Code review fixes: wardrobe migration, response validation, path traversal guard, deduplication

- Migrate 11 character JSONs from old wardrobe keys to _BODY_GROUP_KEYS format
- Add is_favourite/is_nsfw columns to Preset model
- Add HTTP response validation and timeouts to ComfyUI client
- Add path traversal protection on replace cover route
- Deduplicate services/mcp.py (4 functions → 2 generic + 2 wrappers)
- Extract apply_library_filters() and clean_html_text() shared helpers
- Add named constants for 17 ComfyUI workflow node IDs
- Fix bare except clauses in services/llm.py
- Fix tags schema in ensure_default_outfit() (list → dict)
- Convert f-string logging to lazy % formatting
- Add 5-minute polling timeout to frontend waitForJob()
- Improve migration error handling (non-duplicate errors log at WARNING)
- Update CLAUDE.md to reflect all changes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

routes/characters.py

@@ -12,7 +12,7 @@ from services.llm import call_character_mcp_tool, call_llm, load_prompt
 from services.prompts import build_prompt
 from services.sync import sync_characters
 from services.workflow import _get_default_checkpoint, _prepare_workflow
-from routes.shared import register_common_routes
+from routes.shared import register_common_routes, apply_library_filters
 
 logger = logging.getLogger('gaze')
 
@@ -22,17 +22,8 @@ def register_routes(app):
 
     @app.route('/')
     def index():
-        query = Character.query
-        fav = request.args.get('favourite')
-        nsfw = request.args.get('nsfw', 'all')
-        if fav == 'on':
-            query = query.filter_by(is_favourite=True)
-        if nsfw == 'sfw':
-            query = query.filter_by(is_nsfw=False)
-        elif nsfw == 'nsfw':
-            query = query.filter_by(is_nsfw=True)
-        characters = query.order_by(Character.is_favourite.desc(), Character.name).all()
-        return render_template('index.html', characters=characters, favourite_filter=fav or '', nsfw_filter=nsfw)
+        characters, fav, nsfw = apply_library_filters(Character.query, Character)
+        return render_template('index.html', characters=characters, favourite_filter=fav, nsfw_filter=nsfw)
 
     @app.route('/rescan', methods=['POST'])
     def rescan():
@@ -274,16 +265,16 @@ def register_routes(app):
                 # Fetch reference data from wiki URL if provided
                 wiki_reference = ''
                 if wiki_url:
-                    logger.info(f"Fetching character data from URL: {wiki_url}")
+                    logger.info("Fetching character data from URL: %s", wiki_url)
                     wiki_data = call_character_mcp_tool('get_character_from_url', {
                         'url': wiki_url,
                         'name': name,
                     })
                     if wiki_data:
                         wiki_reference = f"\n\nReference data from wiki:\n{wiki_data}\n\nUse this reference to accurately describe the character's appearance, outfit, and features."
-                        logger.info(f"Got wiki reference data ({len(wiki_data)} chars)")
+                        logger.info("Got wiki reference data (%d chars)", len(wiki_data))
                     else:
-                        logger.warning(f"Failed to fetch wiki data from {wiki_url}")
+                        logger.warning("Failed to fetch wiki data from %s", wiki_url)
 
                 # Step 1: Generate or select outfit first
                 default_outfit_id = 'default'
@@ -352,7 +343,7 @@ Create an outfit JSON with wardrobe fields appropriate for this character."""
                         db.session.commit()
 
                         default_outfit_id = outfit_slug
-                        logger.info(f"Generated outfit: {outfit_name} for character {name}")
+                        logger.info("Generated outfit: %s for character %s", outfit_name, name)
 
                     except Exception as e:
                         logger.exception("Outfit generation error: %s", e)