Wrap the sidebar branch of AppLayout with LeadFormsProvider so the shared
lead modals are available to the sidebar, billing card, and builder nudge.
Includes eslint import-order auto-fixes in TopUpModal and LeadFormsContext.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add brainstorming spec for: sidebar OBSERVE→MANAGE rename + Credits & Billing
link + Hire-an-Expert footer button; new /billing page with extracted Dograh
Model Credits card + CTAs; Top-up / Hire-an-Expert / Enterprise intake modals
with inline math captcha; and a workflow-builder Hire-an-Expert nudge. Frontend
only; submissions fire PostHog events via a submitLead() seam for a future
MongoDB endpoint. Also gitignore .superpowers/ brainstorm mockups.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix: make email lookup case-insensitive in get_user_by_email
Email addresses are case-insensitive in practice, but get_user_by_email
compared with an exact `UserModel.email == email` predicate. A user who
signed up as "User@example.com" could not be found when logging in as
"user@example.com" (and vice-versa), so the same person could fail to log
in — or be treated as a brand-new account — depending only on how their
client capitalized the address.
Compare on `func.lower(UserModel.email) == func.lower(email)` so lookups
are robust to capitalization. Minimal and backwards-compatible: it works
with existing mixed-case rows immediately, with no migration required.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix: enforce case-insensitive user emails
---------
Co-authored-by: developer603 <vrramsolutions@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
The public WebRTC signaling WebSocket (`/public/signaling/{session_token}`)
validated only the session token and its expiry, not the embed token's
allowed-domain policy that the HTTP embed endpoints already enforce. A leaked
or replayed session token could therefore attach to the signaling path from
an arbitrary origin.
Validate the request origin against `embed_token.allowed_domains` (reusing the
existing `validate_origin` helper) before the signaling handoff, rejecting
disallowed origins with a 1008 close — mirroring the HTTP embed endpoints.
Closes#330
Co-authored-by: shiminshen <16914659+shiminshen@users.noreply.github.com>
Transfer-context lookup by original_call_sid ran
`redis.keys("transfer:context:*")` and iterated every match — an O(N)
blocking scan on call-control hot paths, duplicated across the ARI
manager and the Twilio/Telnyx conference strategies.
Maintain a `transfer:by_call_sid:{original_call_sid}` -> transfer_id
secondary index, written and cleared alongside the context in
store/remove, and resolve lookups with a direct GET. Route the
Twilio/Telnyx strategies through the manager so the lookup lives in one
place (also dropping per-call ad-hoc Redis connections).
Closes#328
Co-authored-by: shiminshen <16914659+shiminshen@users.noreply.github.com>
* feat: add Azure AI multi-provider support (TTS, STT, Embeddings, Realtime)
Enables Azure AI services across all model layers so users with Azure
credits can consolidate billing on a single provider.
- Voice (TTS): AzureSpeechTTSConfiguration via azure_speech provider
- Transcriber (STT): AzureSpeechSTTConfiguration via azure_speech provider
- Embedding: AzureOpenAIEmbeddingsConfiguration via azure provider
- Realtime: AzureRealtimeLLMConfiguration via azure_realtime provider
New files:
- api/services/pipecat/realtime/azure_realtime.py
- api/services/gen_ai/embedding/azure_openai_service.py
- api/tests/test_azure_speech_service_factory.py
The UI picks up all four providers automatically from the schema —
no frontend changes required.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: add validation for URL and params
---------
Co-authored-by: Vishal Dhateria <vishal@finela.ai>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
Mirrors the LLM treatment from #368 for the OpenAI STT and OpenAI TTS
providers. Users running OpenAI-compatible self-hosted services (vLLM,
Speaches, llama.cpp, custom proxies) can now point Dograh at them via
the OpenAI provider with `base_url`, instead of being forced onto the
Speaches provider as a workaround.
Changes:
* `registry.py` — add `base_url` field (default `https://api.openai.com/v1`)
to `OpenAISTTConfiguration` and `OpenAITTSService`, identical in shape
to the existing `OpenAILLMService.base_url` from #368.
* `service_factory.py` — in the OPENAI branches of `create_stt_service`
and `create_tts_service`, lift `base_url` off the user config, run it
through `_validate_runtime_service_url`, and forward it as a kwarg to
`OpenAISTTService` / `OpenAITTSService` (both already accept it). Same
pattern as the LLM branch.
* `test_user_configured_service_url_security.py` — adds four runtime
validation tests covering private-IP rejection and localhost rejection
in SaaS mode for both STT and TTS. Existing OSS-mode permissiveness
is unchanged (DEPLOYMENT_MODE=oss skips the validator, as before).
No schema migration needed — Pydantic populates the default; existing
configurations without `base_url` continue to talk to api.openai.com.
`check_validity.py` requires no edits because the per-service validation
loop already iterates `("base_url", "endpoint")` via `getattr`, and the
`_check_openai_api_key` dispatcher already routes OPENAI providers
through the base_url-aware code path (introduced in #368) for STT and
TTS too.
Tests pass locally:
pytest api/tests/test_user_configured_service_url_security.py
23 passed in 4.80s (19 existing + 4 new)
Co-authored-by: developer603 <developer603@users.noreply.github.com>
* fix: support object and array parameters in custom HTTP tools
* feat(ui): expose object and array types in the custom tool parameter editor
* fix: error handling and schema generation
---------
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* Add Sarvam LLM provider, update Sarvam STT models, expose usage_info on run detail.
Depends on pipecat PR dograh-hq/pipecat#43 for STT string language support.
Submodule bump will follow after that merges.
* test: cover Sarvam STT language mapping; link Sarvam docs
---------
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
Using :-ChangeMeInProduction silently starts the stack with a known
public signing key. Switch to :? so docker compose up exits with a
clear error when the variable is not provided.
Add tabbed examples showing wss://api.dograh.com URI for Dograh Cloud
and ws://your-dograh-host for self-hosted. Users were confused about
the correct URI when using the managed cloud offering.
* fix: run api container as non-root dograh user
The runner stage had no USER directive, causing the API process to run
as root inside the container. Add a system user/group and transfer
ownership of /app before switching to it, so the container process
runs with minimal privileges.
* fix: chown /app and use COPY --chown for non-root runner
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add copy-to-clipboard button for inbound webhook URL
Users setting up inbound telephony had no easy way to copy the
webhook URL to paste into their provider dashboard. Add a copyable
inbound webhook URL display in the configuration detail card,
following the existing Configuration ID copy button pattern.
* fix: use NEXT_PUBLIC_BACKEND_URL if provided
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* chore: upgrade Next.js in evals/visualizer from 16.1.4 to 16.2.6
Resolves multiple security advisories in Next.js 16.1.4 including
middleware/proxy bypass, SSRF, DoS, and XSS issues. The evals
visualizer is an internal dev tool with no external exposure, but
keeping dependencies current reduces supply-chain risk.
* fix: remove redundancy in choice of package manager to avoid drift
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* fix: stamp API key into model override at save time to survive global provider change
When a workflow overrides the TTS/LLM/STT provider to match the current
global config, the override dict only stores model/voice fields, not the
API key. If the global config later switches to a different provider, the
override can no longer inherit the API key and calls fail.
Fix: enrich_overrides_with_api_keys() copies the global provider's API
key (and other secret fields) into the override dict at workflow-save
time, making the override self-contained regardless of future global
config changes.
* feat: add test coverage and masking logic
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* Add OpenAI-compatible API option in model configuration
Backend-only cherry-pick from 20617db37a.
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix: harden the base url settings in SaaS mode
---------
Co-authored-by: Chris Briddock <briddockchristopher@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Added delete option for edge between two nodes
* Removed extra stack dump file
* chore: advance pipecat submodule to include MiniMax LLM service
* updated pipecat to c771a50e
* fix: simplify edge delete to match node and Backspace UX
Drop the confirmation dialog: node delete and Backspace-on-edge both
delete immediately and rely on undo/redo. The trash button should
behave the same way.
Match the GenericNode toolbar pattern by always rendering the trash
and pencil buttons (no readOnly gate); the edit dialog already
disables Save in readOnly. Wrap the two buttons in a flex container
with a small gap so they don't sit flush against each other.
Revert the manual package-lock version bump; that field is owned by
release-please.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix: don't auto-save on edge delete
Persisting the workflow is a separate intent from "delete this edge",
the same way it's separate from "delete this node" (useNodeHandlers
doesn't auto-save either). The Save button in the edit dialog conveys
the save semantics; trash buttons shouldn't piggy-back on them.
After this, all delete paths (node toolbar trash, edge toolbar trash,
Backspace on node, Backspace on edge) mark the workflow dirty and
leave persistence to Cmd+S or the header Save button.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: XI <xman.india@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
