Commit graph

635 commits

Author SHA1 Message Date
Abhishek Kumar
4f06f45170 Merge branch 'main' of https://github.com/dograh-hq/dograh 2026-07-03 20:02:25 +05:30
Sabiha Khan
820727f25f
chore(main): release dograh 1.40.0 (#473) 2026-07-03 20:02:07 +05:30
Abhishek
a54ab519b8
chore: refactor file upload mechanism to avoid NFS dependency (#496)
* chore: refactor file upload mechanism to avoid NFS dependency

* add regression test for deregistration of calls

* fix: fix minio upload issue

* fix: make transcript upload async
2026-07-03 20:01:52 +05:30
Abhishek Kumar
0dc844f81f chore: update helm templates 2026-07-03 19:21:54 +05:30
Abhishek
79a4a3c9f1
chore: improve upon mcp prompts (#494)
* chore: improve upon mcp prompts

* Update api/mcp_server/instructions.py

Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

---------

Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
2026-07-03 18:14:03 +05:30
Abhishek
88f4477edb
feat: add Helm chart for Kubernetes deployment (#365)
* feat: add Helm chart for Kubernetes deployment

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Replace bundled Bitnami subcharts with in-chart manifests on official images

The Bitnami catalog removed all versioned image tags from docker.io/bitnami in
Aug 2025 (old images frozen in bitnamilegacy, maintained catalog now behind a
Broadcom subscription), so the bundled postgresql/redis/minio subcharts no
longer pull. Replace them with plain in-chart manifests built on official
upstream images, keeping the internal/all-in-one path fully self-contained and
free of third-party chart packaging that can disappear:

- internal-postgres.yaml: pgvector/pgvector:pg17 — upstream Postgres plus the
  `vector` extension the migrations require. POSTGRES_USER=dograh is the initdb
  superuser, so CREATE EXTENSION vector succeeds.
- internal-redis.yaml: redis:7.4-alpine, password-protected, AOF persistence.
- internal-minio.yaml: minio/minio, root creds shared with the app via a single
  secret (can't drift); the app auto-creates its bucket.

Service/secret names are unchanged (<rel>-postgresql, <rel>-redisinternal-master,
<rel>-minio) so the app wiring is untouched. Dep passwords are generated once and
persisted across upgrades via lookup. Drop the Chart.yaml dependencies,
Chart.lock, and the `helm dependency` step; the internal manifests gate on the
mode toggles (database.mode=internal, etc.).

Also fixes surfaced by smoke-testing on a live EKS cluster:
- Dockerfile: ship the per-service run_*.sh entrypoints the chart invokes.
- migrate-job: run as a post-install/pre-upgrade hook (the bundled Postgres does
  not exist during pre-install) with a wait-for-postgres init container.
- backend env: declare POSTGRES_PASSWORD/REDIS_PASSWORD before the DATABASE_URL/
  REDIS_URL that interpolate them (Kubernetes only expands back-references).
- worker liveness probes: pgrep isn't in the slim runtime image; check
  /proc/1/cmdline instead (each worker execs its process as PID 1).
- UI: set HOSTNAME=0.0.0.0 so Next.js standalone doesn't bind to the k8s-injected
  pod name (which maps to the pod IP only, breaking port-forward/loopback).

Verified end-to-end on EKS 1.36: all pods Ready, migrations applied (pgvector
extension + 27 tables), UI login page and web API served via port-forward.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-07-03 12:39:39 +05:30
Tararais
fd0d144b08
feat(webhooks): durable retrying delivery for final webhooks (#478)
* feat(webhooks): durable retrying delivery for final webhooks

Final webhook nodes were fired inline with a single best-effort httpx POST
(run_integrations._execute_webhook_node). On a transient error the failure was
swallowed at three levels, so ARQ never retried and the final call report was
permanently lost -- leaving downstream receivers stuck (e.g. a CRM showing a
call as still "in conversation").

Replace the one-shot POST with a durable, idempotent delivery pipeline modelled
on the campaign retry pattern (persisted row + scheduled_for + bounded attempts):

- New webhook_deliveries table (WebhookDeliveryModel) is the source of truth.
  Payload is rendered once and frozen so retries are deterministic; secrets are
  not stored -- the credential is referenced by uuid and re-resolved at send time.
- run_integrations now persists a delivery row and enqueues deliver_webhook with
  a deterministic ARQ job id instead of sending inline.
- deliver_webhook (new ARQ task) sends the request and:
    * 2xx            -> succeeded
    * transient      -> retry with capped exponential backoff (RequestError /
                        5xx / 408 / 425 / 429), up to max_attempts then dead_letter
    * permanent 4xx  -> dead_letter immediately (no pointless looping)
  It is idempotent: a non-pending delivery is a no-op, so a duplicate enqueue or
  sweeper re-injection can't double-send.
- sweep_webhook_deliveries cron (every 5 min) re-enqueues overdue pending
  deliveries so nothing is lost to a worker restart / Redis flush.
- Stable X-Dograh-Delivery-Id / Workflow-Run-Id / Attempt headers let receivers
  dedupe retried deliveries.
- enqueue_job now forwards ARQ job options (_job_id, _defer_by); failures log
  repr(e) so empty-message errors like ConnectTimeout are diagnosable.

Config via DEFAULT_WEBHOOK_DELIVERY_CONFIG (env-overridable): max_attempts=5,
base_delay=30s, max_delay=600s, timeout=30s.

Tests cover payload rendering, persist+enqueue, success, transient retry,
retryable 5xx, permanent 4xx dead-letter, attempt exhaustion, and idempotency.
Migration verified to apply/rollback against Postgres; table/enum/indexes confirmed.

* fix(webhooks): atomic claim, safe success-recording, sweep paging, migration cleanup

Address review feedback on the webhook delivery pipeline:

- deliver_webhook now atomically claims a delivery (conditional UPDATE that
  leases scheduled_for) before sending, so concurrent ARQ executions can't
  double-send (the prior status=='pending' read was non-atomic).
- Recording success is moved out of the dead-letter try-block: if the receiver
  accepted the payload (2xx) but the success DB-write fails, the row is left
  pending for the sweeper to reconcile instead of being dead-lettered.
- The sweep keyset-paginates by id so a backlog over the page size is fully
  drained, and logs the true re-enqueued total.
- Migration downgrade drops the enum via op.execute(DROP TYPE IF EXISTS ...)
  instead of the deprecated op.get_bind().

* fix(webhooks): idempotent delivery creation and drop secret custom headers

Address the remaining review feedback:

- Add a (workflow_run_id, webhook_node_id) unique constraint and make
  create_webhook_delivery a get-or-create returning (delivery, created). A
  retried run_integrations now reuses the existing row instead of creating and
  sending a duplicate final webhook; only a freshly-created row is enqueued.
- Stop persisting secret-looking custom headers (Authorization, X-API-Key,
  Cookie, ...) in plaintext on the delivery row: they are dropped with a warning
  pointing at the credential store (which is re-resolved securely at send time).
  Non-secret custom headers are unaffected.

* fix(webhooks): harden idempotency key, secret-header match, sweep reclaim id

Address follow-up review feedback:

- webhook_node_id is now NOT NULL so a NULL can't slip past the
  (workflow_run_id, webhook_node_id) unique constraint and create duplicates.
- Secret-header filtering matches normalized markers (auth/token/secret/cookie/
  api-key/...) instead of an exact name list, catching variants like
  X-Custom-Auth-Token while leaving benign headers (e.g. X-Idempotency-Key).
- The sweeper re-enqueues with a reclaim-specific job id (the lease timestamp)
  so reconciling a delivered-but-unrecorded row isn't deduped against the
  original attempt's already-completed ARQ job. The atomic claim still ensures
  at most one send.

* fix(webhooks): scope delivery rows to workflow org

---------

Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-07-02 21:44:14 +05:30
Matt Van Horn
3a770a6538
docs: clarify Asterisk ARI websocket_client.conf URI and why /ws/ari 403s when tested directly (#490)
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
2026-07-02 21:11:11 +05:30
Rushil
fe46652b04
docs: add missing cross-links for machine and human readability (#492) 2026-07-02 21:10:32 +05:30
Abhishek Kumar
cd0939d072 feat: allow filter by agents in agent runs 2026-07-02 21:01:00 +05:30
Abhishek Kumar
9966940624 feat: add template variable rendering for transfer call destination 2026-07-02 13:36:29 +05:30
Mohamed-Mamdouh
65d46bc313
Implement cost calculator for Tuber (#471)
* Adding cost calculation in tuner for BYOK

* fix

* implement cost calculator for Tuner

* Update api/services/integrations/tuner/completion.py

Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

* feat: expose render_options in node spec

* Update api/services/integrations/registry.py

Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>

---------

Co-authored-by: mohamed salem <259547077+mohamedsalem-bot@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-07-02 12:51:14 +05:30
Rushil
97803b8121
docs: fix dead entry points, add first-agent tutorial, explain unexplained features (#489)
* docs: fix dead entry points, add first-agent tutorial, explain gathered_context, VAD, E.164, Langfuse, Pipecat

* docs: fix broken anchors, correct HTTPS/VAD wording per review

* docs: tighten HTTPS wording and soften single-node claims per bot review
2026-07-02 12:47:48 +05:30
Abhishek Kumar
dc98298b66 fix: Windows PowerShell 5.1 start_docker crash and paste-safe docs snippets
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 15:54:11 +05:30
PK
a850d18767
fix: guard Chatwoot bubble toggle until holder is in the DOM (#485)
ChatwootWidget's visibility effect took the synchronous fast path whenever
`window.$chatwoot` was truthy. But the SDK assigns `$chatwoot` (with
`toggleBubbleVisibility`) synchronously in run(), while `.woot--bubble-holder`
is only appended later, after the widget iframe finishes loading. Calling
`toggleBubbleVisibility("show")` in that gap makes the SDK dereference
`null.classList` — an intermittent crash on navigating to /workflow that
surfaces via the React error boundary (follow-up to #483).

Gate the immediate-apply path on the bubble holder actually being in the DOM;
when it's absent, fall through to the existing `chatwoot:ready` listener, which
the SDK fires only after the holder is created.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 22:10:49 +05:30
Abhishek Kumar
a616b7ff98 chore: setup worktree on folder open 2026-06-30 16:15:10 +05:30
Abhishek Kumar
2249d944f3 chore: setup worktree script 2026-06-30 15:59:18 +05:30
Abhishek
982030d26e
chore: worktree dev setup (#484)
* chore: auto-assign per-worktree backend port via VS Code folderOpen task

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: remove .conductor dev setup (moved to native git worktrees)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 15:40:29 +05:30
Abhishek
6937e01b49
feat: better interrupt strategies (#479)
* chore: drain active calls before rolling updates

* Use provisional VAD interruption strategy

* feat: wire provisional VAD configuration

* chore: refactor user turn strategies

* chore: bump pipecat
2026-06-30 14:52:17 +05:30
SS
962d5afa12
Docs/add japanese readme (#477)
* docs: add Japanese README

* docs: align Japanese README with English version

* chore: add community-maintained translation notice

---------

Co-authored-by: sscodeai <sscodeai@users.noreply.github.com>
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
2026-06-30 09:49:41 +05:30
PK
075b1389f3
embed cal and chatwoot bubble missing fix (#483) 2026-06-29 23:02:55 +05:30
Abhishek
090d042a78
Fix realtime initial greeting handling (#481) 2026-06-29 17:25:42 +05:30
Sabiha Khan
d9800fddd6
feat: support inbound vonage calls (#480)
* feat: support inbound vonage calls

* fix: drift check

* feat: add warning with missing signature secret

* docs: vonage inbound steps

* chore: upgrade pipecat submodule
2026-06-29 16:27:19 +05:30
Abhishek Kumar
f190a0dd9a chore: remove WorkspaceBadge test UI and .worktreeinclude (setup.sh + README handle env copy)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 13:21:21 +05:30
Abhishek Kumar
de88d4f21e feat: single dev run (UI+backend via concurrently) + preview_urls; UI on base port
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 13:09:27 +05:30
Abhishek Kumar
c099dad03d chore: add Conductor per-worktree dev setup (.conductor/ + .worktreeinclude)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 12:48:33 +05:30
Abhishek Kumar
0a6f7673b5 chore: bump pipecat submodule 2026-06-29 10:59:25 +05:30
Abhishek
b192d4ada7
chore: drain active calls before rolling updates (#474)
* chore: drain active calls before rolling updates

* fix: add a devops secret header

* fix: implement PR review
2026-06-29 06:00:31 +05:30
Abhishek Kumar
327ec561d5 feat: add cartesia ink 2 in STT models 2026-06-28 10:22:36 +05:30
Sabiha Khan
557de72b9c
chore(main): release dograh 1.39.0 (#469) 2026-06-27 17:20:00 +05:30
Abhishek
78427817a6
feat(scripts): free trusted HTTPS via sslip.io for public-IP remote i… (#460)
* feat(scripts): free trusted HTTPS via sslip.io for public-IP remote installs

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: refactor setup scripts

* chore: generate sdk

* chore: fix messaging for setup_remote script

* fix: fix ffmpeg download url

* feat: centralise and simplify the url configuration

* fix: force script run as sudo

* fix: fix documentation

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 17:19:29 +05:30
Matt Van Horn
3309face2c
fix: reject misrouted smallwebrtc runs on the telephony websocket (#468)
* fix: reject misrouted smallwebrtc runs on the telephony websocket

A smallwebrtc (browser/WebRTC) workflow run is established through the WebRTC
signaling endpoint, not the PSTN telephony websocket. When such a run reached
_handle_telephony_websocket it read no "provider" from initial_context and
closed with an opaque "Provider type not found". Detect smallwebrtc runs and
close with a clear reason pointing to the signaling endpoint, without setting
the run to running or invoking a telephony provider. Also store the provider on
smallwebrtc runs at creation so they are self-describing, and make the generic
no-provider close reason include the run id and mode.

Closes #433

* fix: merge workflow run initial context defaults

---------

Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-06-26 19:37:40 +05:30
Sabiha Khan
faa73427c6 docs: update model providers 2026-06-26 11:57:26 +05:30
Sabiha Khan
f6bd6e6105
chore(main): release dograh 1.38.0 (#456) 2026-06-25 22:22:28 +05:30
Abhishek Kumar
efb25a0cc5 fix: enable knowledge base with Dograh config v2 2026-06-25 22:21:11 +05:30
nuthalapativarun
d675fd1fda
feat(twilio): add Answering Machine Detection (AMD) support via telephony config (#443)
* feat(twilio): add Answering Machine Detection (AMD) support via telephony config

Closes #339

* chore: regenerate OpenAPI spec to fix drift-check

The openapi.json snapshot had drifted from the FastAPI app definition
because main gained new organization endpoints (billing, credits,
context) after this branch was created. Regenerate it with
'python -m scripts.dump_docs_openapi' to bring it back in sync.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat: add provider-level AMD hooks

* fix: handle db error while persisting amd result

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
Co-authored-by: Sabiha Khan <87858386+chewwbaka@users.noreply.github.com>
2026-06-25 14:45:13 +05:30
Abhishek
29c5be298c
chore: refactor status processor (#465)
* chore: refactor status processor

* fix: fix billing duration when billsec is None for Cloudonix
2026-06-24 22:07:35 +05:30
Haoqian
d817d50056
fix: support Gemini JSON schema tools (#463)
* fix: support Gemini JSON schema tools

* fix: harden Dograh Gemini adapter wiring

* fix: route Gemini Live tool schemas through parameters_json_schema

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 18:50:44 +05:30
Abhishek Kumar
978fb9c262 fix: pass s3 compose settings into storage 2026-06-24 18:37:20 +05:30
Sky Moore
1e2a276a61
feat: support other s3 sig versions so it works with s3 (#461) 2026-06-24 18:36:34 +05:30
Abhishek Kumar
811b9e9803 fix: chat serialization and deserialization in text runner
Related Issue: #455
2026-06-24 17:53:54 +05:30
Abhishek Kumar
1e5e556a4d fix: remove gemini 2.0 flash from supported models 2026-06-24 13:33:18 +05:30
Abhishek Kumar
ca598933ef feat: support flux for dograh multi 2026-06-24 12:45:07 +05:30
Abhishek Kumar
0956157029 feat: add voice selector for Dograh model configs 2026-06-23 18:33:04 +05:30
Abhishek Kumar
40e34994fd deploy/hostinger: default Traefik network to traefik-proxy (Hostinger)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 15:02:05 +05:30
Abhishek
bb334106ad
Add Hostinger (managed-Traefik) deployment files (#459)
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 14:41:28 +05:30
Abhishek Kumar
678d4bfb1e Harden Docker service credential setup 2026-06-21 13:44:31 +05:30
Manuel Bruña
17054e3f26
feat(scripts): generate REDIS_PASSWORD on setup, plumb through compose (#458)
* feat(scripts): generate REDIS_PASSWORD on setup, plumb through compose

Per the discussion on #453, this takes the recommended path of extending
the setup scripts rather than introducing a parallel compose file.

  - scripts/setup_remote.sh now generates REDIS_PASSWORD alongside
    OSS_JWT_SECRET and POSTGRES_PASSWORD and writes it to the rendered
    .env (with a short comment noting it can be rotated, unlike the
    postgres password which is baked into the volume on first init).
  - scripts/start_docker.sh now generates REDIS_PASSWORD on first run
    if missing, mirroring the existing OSS_JWT_SECRET pattern (reuses
    generate_secret, which falls back through python3 → openssl →
    /dev/urandom).
  - docker-compose.yaml and docker-compose-local.yaml now interpolate
    ${REDIS_PASSWORD:-redissecret} in the redis --requirepass, the redis
    healthcheck, and the api REDIS_URL.

The :-redissecret fallback preserves backwards compatibility for users
with an existing .env that predates this change — they keep the old
value until they regenerate. New installs (via either script) get a
secure random hex.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Harden local Docker secret setup

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-06-21 13:11:31 +05:30
Abhishek Kumar
ac91019d38 fix: prioritise NEXT_PUBLIC_BACKEND_URL if set for websocket endpoint 2026-06-20 15:16:40 +05:30
GURKIRAT SINGH
988d50e82d
style(docs): add custom green scrollbar (#434)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-20 15:10:08 +05:30