Commit graph

794 commits

Author SHA1 Message Date
CREDO23
62cb0efb44 refactor(youtube): drop duplicate POST /youtube/scrape+comments routes (use capability doors) 2026-07-03 11:38:56 +02:00
CREDO23
3312a442f3 refactor(proprietary): move scrapers/ -> platforms/ (one subpackage per platform) 2026-07-03 11:01:58 +02:00
CREDO23
0b2dba7a57 feat(capabilities): expose youtube.* verbs on the REST door 2026-07-02 20:18:53 +02:00
CREDO23
af3e70ea56 Merge upstream/ci_mvp: add YouTube scraper actor under app/proprietary
Resolved modify/delete conflicts on the old 'revamp phases 4-7/' plan docs
by keeping our deletion (superseded by flattened plans/backend/00-*.md).
2026-07-02 20:01:11 +02:00
CREDO23
6bd0d640e6 refactor(capabilities): group framework into core/, keep verbs top-level 2026-07-02 19:54:20 +02:00
DESKTOP-RTLN3BA\$punk
0445c646c6 refactor(native-connector): relocate youtube scraper under app/proprietary + parallelize playlists
Move app/scrapers -> app/proprietary/scrapers/youtube to sit alongside the existing proprietary web_crawler/platforms namespace, updating all external imports (routes, tests, e2e script, README). Internal imports were relative so are unchanged.

Also parallelize playlist per-video resolution: page video ids sequentially, then resolve the heavy watch-page fetches concurrently via fan_out (~150 videos ~70s, down from a few minutes). Items stream in completion order; sort by the order field for playlist order.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-07-02 02:34:04 -07:00
DESKTOP-RTLN3BA\$punk
99378d7b63 feat(native-connector): added youtube scrapers 2026-07-02 01:10:31 -07:00
CREDO23
b1e49f21f2 feat(capabilities): mount capability REST routes 2026-07-01 17:53:42 +02:00
CREDO23
56826a63bc refactor(routes): rename to workspace + consolidate URL spellings (Phase 2 Wave E)
Hard cutover of the HTTP surface: collapse the three legacy spellings
(/searchspaces, /search-spaces, /search-space/{id}) onto canonical
/workspaces/{workspace_id}/..., rename the gateway field-setter sub-actions to
singular /workspace, rename search_spaces_routes.py -> workspaces_routes.py and the
search_spaces_router -> workspaces_router include, and flip search_space_id ->
workspace_id in bodies/params. No alias routers: the old URLs now 404 by design.
Full app constructs with zero legacy path spellings.
2026-06-26 18:35:08 +02:00
Rohan Verma
94fdb8a113
Merge pull request #1539 from CREDO23/improve-chat-agent-context-and-citations
[FEAT] Unified [n] citation registry for KB + web, pull-based retrieval
2026-06-25 13:34:52 -07:00
Rohan Verma
96e42a1003
Merge pull request #1536 from CREDO23/feature-mention-chat-in-chat
[Feat] Chat : Reference past chats via @-mention as read-only context
2026-06-25 13:32:25 -07:00
CREDO23
2beafbdec8 agent: retire eager KB priority/planner path and its dead flags
The pull-based KB design (on-demand search_knowledge_base tool + pre-injected
workspace tree) fully replaced the old eager retrieval path. Remove its last
remnants:

- Delete KnowledgePriorityMiddleware (knowledge_search.py) and its tests.
- Drop the kb_priority state field + reducer default; trim
  KbContextProjectionMiddleware to project only workspace_tree_text.
- Remove the now-dead feature flags enable_kb_priority_preinjection and
  enable_kb_planner_runnable across backend (flags, route schema, tests,
  env examples) and frontend (settings toggle, zod schema).
- Scrub <priority_documents> and stale KnowledgePriorityMiddleware references
  from prompts, docstrings, and the ADR.

No functional change: nothing wrote kb_priority and neither flag gated live
behavior after the cutover. Full backend suite green (pre-existing unrelated
failures aside).
2026-06-25 18:37:14 +02:00
Anish Sarkar
2e33ba7723 chore: fix linting 2026-06-25 04:31:36 +05:30
Anish Sarkar
d6bffa6f07 chore: fix linting 2026-06-25 04:31:22 +05:30
Anish Sarkar
e5aded5a65 feat(oauth): migrate Google OAuth account IDs to use 'sub' and enhance user resolution logic 2026-06-25 03:18:42 +05:30
Anish Sarkar
62c7efb216 fix(auth):enforce session auth cutover 2026-06-24 03:55:39 +05:30
CREDO23
857f1bb279 feat(chat): inject referenced-chat context into the new-chat agent input
Thread mentioned_thread_ids from the route through the orchestrator into
input-state assembly, resolve them for the requesting user, and append
the rendered referenced-chat block to the agent's query context.
2026-06-23 17:04:32 +02:00
Anish Sarkar
bf8772e312 Merge remote-tracking branch 'upstream/dev' into feat/auth-revamp 2026-06-23 15:52:11 +05:30
Anish Sarkar
3695e1d5c5 Merge remote-tracking branch 'upstream/dev' into feat/api-key 2026-06-23 13:09:53 +05:30
Anish Sarkar
7241a7a894 fix(authz):add zero context authorization checks 2026-06-23 12:55:25 +05:30
Anish Sarkar
2b6bf504ec fix(users):expose current user session routes 2026-06-23 12:53:29 +05:30
Anish Sarkar
a547cfe3c3 fix(auth):return session based auth responses 2026-06-23 12:53:06 +05:30
Rohan Verma
1dc3fac81d
Merge pull request #1527 from Muhammad-Ikhwan-Fathulloh/dev
fix: normalize image URLs before persistence and add model selector aria-label
2026-06-23 00:08:41 -07:00
DESKTOP-RTLN3BA\$punk
a08de01cc7 Revert "Merge pull request #1523 from CREDO23/fix/chat-citations"
This reverts commit cd2242147a, reversing
changes made to a4bb0a5253.
2026-06-22 22:55:29 -07:00
Muhammad-Ikhwan-Fathulloh
2848ac6c39 fix: normalize image URLs before persistence and add model selector aria-label 2026-06-20 19:49:58 +07:00
Anish Sarkar
fd31ac34fd Merge remote-tracking branch 'upstream/dev' into feat/api-key 2026-06-20 10:50:03 +05:30
Anish Sarkar
8e50871d43 refactor(routes): replace user variable with auth context in search space snapshot functions 2026-06-20 02:48:08 +05:30
Anish Sarkar
6dd8bd4290 refactor(routes): replace user variable with auth context in thread snapshot functions 2026-06-20 02:39:01 +05:30
Anish Sarkar
cf840875c9 fix(connectors): gate folder listings for PAT access 2026-06-20 01:58:16 +05:30
Anish Sarkar
3a0cd8c8cf fix(models): require sessions for personal connection writes 2026-06-20 01:58:06 +05:30
Anish Sarkar
1f9cf326e5 feat(auth): require sessions for user-scoped routes 2026-06-20 01:57:48 +05:30
Anish Sarkar
2315b2f344 feat(auth): add PAT fail-closed bootstrap allowlist 2026-06-20 01:57:37 +05:30
Anish Sarkar
49b5247210 refactor: unify authentication handling by replacing current_active_user with auth context across routes 2026-06-19 21:38:18 +05:30
Anish Sarkar
6fd3f8570e refactor: streamline auth context usage across chat and automation routes 2026-06-19 21:04:21 +05:30
Anish Sarkar
7ec6fa4d1f feat: enforce API access for integration routes 2026-06-19 20:28:12 +05:30
Anish Sarkar
70a0828b95 feat: enforce API access for chat routes 2026-06-19 20:28:02 +05:30
Anish Sarkar
493e8d5a64 feat: enforce API access for knowledge resources 2026-06-19 20:27:47 +05:30
Anish Sarkar
7e8d26fa81 refactor: route authorization through auth context 2026-06-19 20:27:28 +05:30
Anish Sarkar
54a3ba122e feat: add search space API access controls 2026-06-19 20:27:06 +05:30
Anish Sarkar
608facd7e7 feat: add personal access token API routes 2026-06-19 20:26:56 +05:30
CREDO23
f67c6607d6 feat: by-chunk resolve derives cited line range 2026-06-19 15:31:44 +02:00
CREDO23
b0a0eb7f9c fix: editor routes serve source_markdown only, never rebuild from chunks 2026-06-18 19:23:49 +02:00
DESKTOP-RTLN3BA\$punk
c9afeb2817 feat: fix onboarding trigger
- Introduced a new endpoint to check the existence of a global LLM configuration file.
- Updated the frontend to utilize this status, affecting onboarding flow and user experience.
- Added necessary atoms and types for managing global LLM config status in the application state.
- Refactored navigation to ensure proper routing based on the global config status.
2026-06-17 23:30:56 -07:00
DESKTOP-RTLN3BA\$punk
55f91a29d5 chore: linting 2026-06-17 22:31:36 -07:00
DESKTOP-RTLN3BA\$punk
4b8a2f9726 Merge commit '77688ac80c' into dev 2026-06-17 20:47:02 -07:00
Anish Sarkar
4658130bb8 feat(editor): update editor limits and add error boundary
- Reduced maximum document size for the editor from 5MB to 1MB.
- Introduced a new line limit of 5000 for documents in the editor.
- Implemented a PlateErrorBoundary component to handle rendering errors gracefully in the editor panel.
- Updated logic in the editor panel to check both size and line count for document limits.
2026-06-17 12:11:31 +05:30
DESKTOP-RTLN3BA\$punk
0fe650fd8e Merge commit '7ce409c580' into dev 2026-06-16 22:48:14 -07:00
Dmitry Maranik
e1ea82d7cf fix(connectors): scope index endpoint authorization to the connector's own search space
The POST /search-source-connectors/{connector_id}/index endpoint loaded
the connector by id and then called check_permission() against the
client-supplied search_space_id query parameter (the caller's own space)
rather than the connector's own search_space_id, and never verified that
the two matched.

A user could therefore index another user's connector by passing their
own search_space_id: the indexer ran with the victim connector's stored
credentials and wrote the fetched content into the attacker's search
space. The read/update/delete handlers already authorize against
connector.search_space_id; this brings the index handler in line.

Reject a connector that does not belong to the requested search space
(404, to avoid disclosing connectors in other spaces) and authorize the
permission check against connector.search_space_id.
2026-06-16 15:58:30 -07:00
Anish Sarkar
9b7e278114 refactor(config): update GATEWAY_ENABLED variable to FALSE and adjust related configurations for improved messaging gateway handling 2026-06-16 23:49:26 +05:30
CREDO23
1d70af4684 fix(podcasts): guard public stream against missing audio 2026-06-16 20:09:08 +02:00