Using :-ChangeMeInProduction silently starts the stack with a known
public signing key. Switch to :? so docker compose up exits with a
clear error when the variable is not provided.
Add tabbed examples showing wss://api.dograh.com URI for Dograh Cloud
and ws://your-dograh-host for self-hosted. Users were confused about
the correct URI when using the managed cloud offering.
* fix: run api container as non-root dograh user
The runner stage had no USER directive, causing the API process to run
as root inside the container. Add a system user/group and transfer
ownership of /app before switching to it, so the container process
runs with minimal privileges.
* fix: chown /app and use COPY --chown for non-root runner
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add copy-to-clipboard button for inbound webhook URL
Users setting up inbound telephony had no easy way to copy the
webhook URL to paste into their provider dashboard. Add a copyable
inbound webhook URL display in the configuration detail card,
following the existing Configuration ID copy button pattern.
* fix: use NEXT_PUBLIC_BACKEND_URL if provided
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* chore: upgrade Next.js in evals/visualizer from 16.1.4 to 16.2.6
Resolves multiple security advisories in Next.js 16.1.4 including
middleware/proxy bypass, SSRF, DoS, and XSS issues. The evals
visualizer is an internal dev tool with no external exposure, but
keeping dependencies current reduces supply-chain risk.
* fix: remove redundancy in choice of package manager to avoid drift
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* fix: stamp API key into model override at save time to survive global provider change
When a workflow overrides the TTS/LLM/STT provider to match the current
global config, the override dict only stores model/voice fields, not the
API key. If the global config later switches to a different provider, the
override can no longer inherit the API key and calls fail.
Fix: enrich_overrides_with_api_keys() copies the global provider's API
key (and other secret fields) into the override dict at workflow-save
time, making the override self-contained regardless of future global
config changes.
* feat: add test coverage and masking logic
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* Add OpenAI-compatible API option in model configuration
Backend-only cherry-pick from 20617db37a.
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix: harden the base url settings in SaaS mode
---------
Co-authored-by: Chris Briddock <briddockchristopher@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Added delete option for edge between two nodes
* Removed extra stack dump file
* chore: advance pipecat submodule to include MiniMax LLM service
* updated pipecat to c771a50e
* fix: simplify edge delete to match node and Backspace UX
Drop the confirmation dialog: node delete and Backspace-on-edge both
delete immediately and rely on undo/redo. The trash button should
behave the same way.
Match the GenericNode toolbar pattern by always rendering the trash
and pencil buttons (no readOnly gate); the edit dialog already
disables Save in readOnly. Wrap the two buttons in a flex container
with a small gap so they don't sit flush against each other.
Revert the manual package-lock version bump; that field is owned by
release-please.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix: don't auto-save on edge delete
Persisting the workflow is a separate intent from "delete this edge",
the same way it's separate from "delete this node" (useNodeHandlers
doesn't auto-save either). The Save button in the edit dialog conveys
the save semantics; trash buttons shouldn't piggy-back on them.
After this, all delete paths (node toolbar trash, edge toolbar trash,
Backspace on node, Backspace on edge) mark the workflow dirty and
leave persistence to Cmd+S or the header Save button.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: XI <xman.india@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add devcontainer for local setup
* feat: add local install hook
* feat: add devcontainer based setup docs
* feat: use uv in api/Dockerfile
* fix: fix CI scripts
* fix: fix post job cleanup step
* feat: add MiniMax provider support (Chat + TTS)
- Add MiniMax LLM provider using OpenAI-compatible API
- Models: MiniMax-M2.7, MiniMax-M2.7-highspeed
- Default base URL: https://api.minimax.io/v1
- Uses MINIMAX_API_KEY for authentication
- Add MiniMax TTS provider using Pipecat's MiniMaxHttpTTSService
- Models: speech-2.8-hd (default), speech-2.8-turbo
- 6 built-in voices
- Requires group_id configuration
- Add unit tests for both providers
* fix(minimax): validator, temperature, session cleanup, reasoning filter
- check_validity.py: wire MiniMax into _validator_map and enforce
group_id at save time. Without this, saving a config with a valid
key was rejected.
- registry.py: surface temperature on the LLM config (gt=0; MiniMax
rejects 0) and base_url on the TTS config
- service_factory.py:
* Plumb temperature through create_llm_service
* Normalize TTS base_url to include /t2a_v2 — pipecat appends only
?GroupId=... to the URL.
* Use the new MiniMaxLLMService (from pipecat) to strip
<think>...</think> reasoning that MiniMax-M2.7 emits inline in
delta.content (otherwise it leaks straight to TTS).
* Use MiniMaxOwnedSessionTTSService so the per-instance aiohttp
session gets closed in cleanup() instead of leaking sockets/FDs.
- minimax_tts.py: small wrapper around MiniMaxHttpTTSService that owns
the session it was handed (pipecat's caller-owns-session API
conflicts with the ftory's per-instance pattern).
- pipecat submodule: bumps to a commit that adds MiniMaxLLMService — a
thin OpenAILLMService subclass with the streaming <think> filter
(mirrors NvidiaLLMService's pattern for NIM reasoning models).
- Tests updated/added for all of the above.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: octo-patch <octo-patch@github.com>
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
Closes three known advisories in python-multipart, all reachable
from the FastAPI multipart form-parser used across the API
(transcribe_audio, knowledge_base uploads, presigned upload flows):
- GHSA-wp53-j4wj-2cfg (HIGH, CWE-22) — arbitrary file write via
non-default configuration. Fixed in 0.0.22.
- GHSA-pp6c-gr5w-3c5g (HIGH, CWE-400) — DoS via unbounded multipart
part headers. Fixed in 0.0.27.
- GHSA-mj87-hwqh-73pj (MOD, CWE-400) — DoS via large multipart
preamble or epilogue. Fixed in 0.0.26.
0.0.27 is a patch-level bump within the same 0.0.x line, no API
changes; fastapi==0.135.3 only requires python-multipart>=0.0.7 so
the upper bound is unaffected.
Detected by Aeon + osv-scanner.
Co-authored-by: aeonframework <aeon@aaronjmars.com>
The MCP `instructions` hint is static and baked into the client prompt,
while tool names, signatures, and error codes are discovered dynamically
via tools/list. The two had drifted: instructions restated stale
signatures and an error-code enum that omitted schema_validation and
trigger_path_conflict.
- Trim instructions.py to tool names + call order; stop restating
signatures and error codes the dynamic surface already carries.
- Document each tool's full error_code contract in the save_workflow and
create_workflow docstrings (the descriptions shipped via tools/list).
- Add test_mcp_instructions_drift.py: every tool named in the guide must
be registered, and every error_code a tool returns must appear in its
description.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(mcp): add search_docs tool over Mintlify docs corpus
Closes#295. The docs at https://docs.dograh.com promise "Search the
Dograh docs for how to configure a TURN server" as an MCP example
prompt, but no search_docs tool exists in the MCP server — agents can
list workspace resources but cannot search the documentation.
This adds a dependency-free, in-process keyword search over the
`docs/` tree shipped into the API image (`COPY ./docs ./docs`):
- New `api/mcp_server/tools/docs_search.py` — async `search_docs(query,
limit=10)` with weighted scoring (path > title > body), a 25-result
hard cap, snippet extraction around the first term hit, and graceful
empty-list degradation when docs aren't on disk. `DOGRAH_DOCS_PATH`
env var overrides location discovery for non-Docker layouts.
- Registered in `api/mcp_server/server.py` alongside the other tools,
keeping the existing list-alphabetical convention.
- `api/tests/test_mcp_docs_search.py` — 18 unit tests covering the
pure helpers (tokenizer, frontmatter stripping, title extraction,
scoring weights, URL building) and end-to-end ranking, limit
clamping, empty-corpus degradation, and input-validation errors.
Mocks `authenticate_mcp_request` to avoid the DB dependency,
mirroring `test_mcp_save_workflow.py`.
Implementation notes:
- The docs corpus is ~100 files / ~140k LoC, so a per-call scan runs
well under 50 ms; avoiding a vector index / embedding backend keeps
the tool zero-dependency and works for fully offline self-hosted
deployments.
- Authentication is required for consistency with the other MCP tools
(and to route through the existing rate-limit middleware), even
though docs are not org-scoped data.
- Title/path matches deliberately outweigh body matches so a page
whose subject IS the query term outranks one that merely mentions
it incidentally.
* feat: improve docs search
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* Add tuner integration
* bump pipecat version
* chore: update pipecat submodule to match upstream and use tuner-pipecat-sdk 0.2.0
Update pipecat submodule from 0.0.109.dev23 to 13e98d0d9 (the exact commit
upstream dograh-hq/dograh uses after v1.30.1). This installs pipecat-ai as
1.1.0.post277 via setuptools_scm, satisfying tuner-pipecat-sdk 0.2.0's
pipecat-ai>=1.0.0 requirement.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* wire tuner
* feat: refactor integrations into self contained packages
* chore: simplify ensure_public_access_token
* fix: remove NodeSpec and make DTOs the source of truth
* feat: send relevant signal to mcp using to_mcp_dict
* fix: fix tests
* cleanup: remove nango integrations
* feat: add agents.md for integrations
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
