contains_masked_key() guards against persisting a still-masked secret by
checking for the MASK_MARKER ("***") substring. But mask_key() only emits
3+ consecutive asterisks for keys longer than VISIBLE_CHARS + 2. For short
secrets it emits fewer: e.g. mask_key("EMPTY") == "*MPTY" (a single
asterisk). Such masked values slip past the guard, so a dashboard
"save without editing" round-trips the masked display string back and
overwrites the real stored value with e.g. "*MPTY".
This bites self-hosted/OpenAI-compatible providers that use a short
no-validate sentinel api_key such as "EMPTY".
Match the full shape mask_key() produces — a run of MASK_CHAR followed by
at most VISIBLE_CHARS revealed characters — in addition to the legacy
marker. Verified: masked short secrets ("*MPTY", "*", "*ykey") are now
detected while real unmasked values ("EMPTY", "sk-live-abcd", ...) are
not, so there are no false positives.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Add Sarvam LLM provider, update Sarvam STT models, expose usage_info on run detail.
Depends on pipecat PR dograh-hq/pipecat#43 for STT string language support.
Submodule bump will follow after that merges.
* test: cover Sarvam STT language mapping; link Sarvam docs
---------
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
* fix: stamp API key into model override at save time to survive global provider change
When a workflow overrides the TTS/LLM/STT provider to match the current
global config, the override dict only stores model/voice fields, not the
API key. If the global config later switches to a different provider, the
override can no longer inherit the API key and calls fail.
Fix: enrich_overrides_with_api_keys() copies the global provider's API
key (and other secret fields) into the override dict at workflow-save
time, making the override self-contained regardless of future global
config changes.
* feat: add test coverage and masking logic
---------
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* Add OpenAI-compatible API option in model configuration
Backend-only cherry-pick from 20617db37a.
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix: harden the base url settings in SaaS mode
---------
Co-authored-by: Chris Briddock <briddockchristopher@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* feat: add MiniMax provider support (Chat + TTS)
- Add MiniMax LLM provider using OpenAI-compatible API
- Models: MiniMax-M2.7, MiniMax-M2.7-highspeed
- Default base URL: https://api.minimax.io/v1
- Uses MINIMAX_API_KEY for authentication
- Add MiniMax TTS provider using Pipecat's MiniMaxHttpTTSService
- Models: speech-2.8-hd (default), speech-2.8-turbo
- 6 built-in voices
- Requires group_id configuration
- Add unit tests for both providers
* fix(minimax): validator, temperature, session cleanup, reasoning filter
- check_validity.py: wire MiniMax into _validator_map and enforce
group_id at save time. Without this, saving a config with a valid
key was rejected.
- registry.py: surface temperature on the LLM config (gt=0; MiniMax
rejects 0) and base_url on the TTS config
- service_factory.py:
* Plumb temperature through create_llm_service
* Normalize TTS base_url to include /t2a_v2 — pipecat appends only
?GroupId=... to the URL.
* Use the new MiniMaxLLMService (from pipecat) to strip
<think>...</think> reasoning that MiniMax-M2.7 emits inline in
delta.content (otherwise it leaks straight to TTS).
* Use MiniMaxOwnedSessionTTSService so the per-instance aiohttp
session gets closed in cleanup() instead of leaking sockets/FDs.
- minimax_tts.py: small wrapper around MiniMaxHttpTTSService that owns
the session it was handed (pipecat's caller-owns-session API
conflicts with the ftory's per-instance pattern).
- pipecat submodule: bumps to a commit that adds MiniMaxLLMService — a
thin OpenAILLMService subclass with the streaming <think> filter
(mirrors NvidiaLLMService's pattern for NIM reasoning models).
- Tests updated/added for all of the above.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: octo-patch <octo-patch@github.com>
Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
* Add tuner integration
* bump pipecat version
* chore: update pipecat submodule to match upstream and use tuner-pipecat-sdk 0.2.0
Update pipecat submodule from 0.0.109.dev23 to 13e98d0d9 (the exact commit
upstream dograh-hq/dograh uses after v1.30.1). This installs pipecat-ai as
1.1.0.post277 via setuptools_scm, satisfying tuner-pipecat-sdk 0.2.0's
pipecat-ai>=1.0.0 requirement.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* wire tuner
* feat: refactor integrations into self contained packages
* chore: simplify ensure_public_access_token
* fix: remove NodeSpec and make DTOs the source of truth
* feat: send relevant signal to mcp using to_mcp_dict
* fix: fix tests
* cleanup: remove nango integrations
* feat: add agents.md for integrations
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
* feat: configurable ElevenLabs base URL for Data Residency (#269)
Adds a `base_url` field to `ElevenlabsTTSConfiguration` so users on an
ElevenLabs Data Residency plan (EU, etc.) can point Dograh at the
regional endpoint instead of the hardcoded global one. Defaults to
`https://api.elevenlabs.io`, preserving existing behaviour. The
service factory rewrites the HTTP scheme to WSS when constructing the
WebSocket TTS service.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix: fix drift
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: add tests and migrations
* feat: workflow versioning among published and draft
* feat: add a new settings page to simplify workflow detail page
* fix: fix tsclient generation
