v0.7.11: parallel subagents, new tools, rich markdown editor, governance, file sharing#5145
Open
waleedlatif1 wants to merge 18 commits into
Open
v0.7.11: parallel subagents, new tools, rich markdown editor, governance, file sharing#5145waleedlatif1 wants to merge 18 commits into
waleedlatif1 wants to merge 18 commits into
Conversation
…5122) * feat(subagents): add support for parallel subagents * fix(subagents): address parallel-subagent bugs * progress on streaming refactor * improvement(subagents): update comment to reflect new go feature flag * debug mode progress * remove debug logs * fix(validation): add escape annotation * improvement(code): remove dead fallbacks * fix subagent lane fallback issue * fix(mothership): increase default redis event limit to 100k from 5k * fix(mothership): streaming invariant projection enforcement --------- Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai>
* fix(mship): add folder rename tools and locked workflow status * fix(mship): manage_folder bug fixes * improvement(mship): clean up deprecated fields from contracts * test(mship): update tool-call display title tests for client-derived titles Display titles now come from the Sim-side name resolver, not the stream's ui.title/phaseLabel. Update the read lifecycle test to expect the name-derived title and drop the obsolete phaseLabel-fallback test. * fix(contracts): lint
…onflict-column selection (#5123) * ci(migrations): fail dev schema push with an actionable error on rename/drop prompt `drizzle-kit push --force` only suppresses the data-loss confirm, not the rename-vs-drop disambiguation prompt. That prompt fires whenever a diff both adds and drops tables/columns at once (e.g. migration 0231 created sim_trigger_state while dropping the workspace_notification_* tables), and in CI it crashes with a bare "Interactive prompts require a TTY" stack trace. Catch that specific failure in the dev push step and emit a GitHub error annotation explaining the cause and the fix (drop the stale objects on the dev DB to match schema.ts — the same DROPs the versioned migration already applied to staging/prod), instead of leaving an opaque trace. Exit status is preserved either way. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * improvement(tables): empty-state filter/sort builders + upsert conflict-column selection * improvement(tables): throw on ambiguous upsert instead of guessing the conflict column * Revert "ci(migrations): fail dev schema push with an actionable error on rename/drop prompt" This reverts commit 2626482. * improvement(tables): unique-column picker for upsert + richer get-schema (counts, ids, live plan row limit) * fix(tables): honor OR boundary when skipping incomplete filter rows * fix(tables): source workspaceId for column selector from route context --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
…ion (#5132) * feat(workspaces): auto-add without invite if part of organization * reverse feature flag hardcoding * address comments * improve ux for org invite modal
* feat(files): public share links for workspace files * improvement(files): drop reserved public_share columns until used; sync audit mock * fix(files): share modal tracks authoritative saved state until toggled * feat(files): per-IP rate limit on public share endpoints * fix(files): address PR review — public CSV OOM, content cache, share FK, soft-delete filter, download anchor * fix(files): disable CSV import action in read-only preview (public share) * refactor(files): drive CSV preview import affordance off readOnly, not disableImport * fix(files): version public viewer caches by file updatedAt so edits aren't stale * fix(files): 409 (not corrupt source) when a shared generated doc has no compiled artifact * feat(files): gate public sharing behind an access-control permission
…max 1k/500k) (#5135) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* improvement(governance): org-ws-credential roles clarity * revert isHosted * improvement(credentials): code cleanup * address comments * make kb cascade delete on user hard delete * revert env flags * chore(db): drop local 0242 migration to regenerate after merging staging Our 0242 collides with staging's 0242. Remove it (and its snapshot + journal entry) so the KB-cascade migration can be regenerated with the correct number on top of the merged staging migrations. * chore(db): regenerate kb→workspace cascade migration as 0243 Regenerated via drizzle-kit generate on top of the merged staging migrations (staging took 0242). Re-applied the safety edits: NOT VALID + separate VALIDATE on the FK re-add, and the -- migration-safe note on the DROP. check:migrations passes. * improve copy * update docs
* improvement(access-controls): dedup independent block names * improvement(access-controls): fix delete button, naming in perm group modal
* feat(logs): redact PII from workflow logs via configurable rules Enterprise PII redaction for workflow execution logs, configured under Data Retention as org-scoped rules (each rule picks entity types + which workspaces it applies to). Reuses the guardrails Presidio engine in mask mode at the log-persist choke point, with a check-digit-validated VIN recognizer. Also adds per-workspace data-retention-hours overrides. * fix(logs): widen PII entity visibleValues to string[] for strict build typecheck * fix(logs): redact error/trigger/executionState; keep guardrails import lazy - Extend PII redaction to span error/errorMessage/toolCalls and top-level error/completionFailure/trigger/executionState (Bugbot: PII in execution metadata). executionState is safe to redact — resume reads from the separate pausedExecutions table, not the log copy. - Lazy-import validate_pii in pii-redaction so the Python/child_process guardrails module stays out of the static middleware/RSC graph. - Type the org retention mutation to the contract body (optional, non-null). * refactor(logs): drop per-workspace retention override; PII redaction stays org-scoped - Remove the unused per-workspace data-retention-hours override (no UI; superseded by workspace-scoped PII rules). Reverts cleanup-dispatcher to org-only retention, drops resolveEffectiveRetentionHours, the workspace.dataRetentionSettings column + migration, and the workspace data-retention route/contract/hooks. Fixes Bugbot's null-as-unset finding by removing the buggy path entirely; org retention behavior is unchanged. - Stop re-checking isWorkspaceOnEnterprisePlan at persist time (it returns false on transient errors, which would fail-open and leak PII). Enabled rules already imply entitlement; redact whenever rules apply (fail-safe). * fix(logs): redact oversized strings and executionData.environment - Drop the per-string size cap in PII redaction: oversized strings were left unmasked (leak). Nothing is skipped now; large payloads still fail-safe via the total-bytes ceiling + per-chunk timeout (scrub, never leak). - Add executionData.environment (incl. variables) to the redaction set. * refactor(logs): single-scope PII rules with most-specific-wins resolution Each rule now targets one scope — all workspaces (workspaceId: null) or a single workspace — with workspaceId unique across rules. Resolution is most-specific-wins (a workspace's own rule overrides the all rule), not union; an empty specific rule exempts that workspace. Matches Access Control's resolveWorkspaceGroup precedence. UI 'Applies to' becomes a single-select; Add rule disables when all scopes are taken. * feat(logs): default + workspace-overrides UI for PII redaction Reshape the PII redaction settings into a 'Default (all workspaces)' block plus a 'Workspace overrides' list, making the most-specific-wins precedence explicit (overrides replace the default; unlisted workspaces use it). Same data model (workspaceId null = default), UI only. * improvement(logs): clearer default/overrides PII UI Drop the uppercase section labels and the overrides description; gate the Workspace overrides section behind a configured default; use a single Delete action; 'Add redaction' creates the all-workspaces default and disappears once set. * fix(guardrails): handle stdin EPIPE in PII python spawns Attach an 'error' listener to the child's stdin in both runPythonScript (the batch masking hot path) and executePythonPIIDetection. A 256KB chunk can exceed the OS pipe buffer, so if the Python process exits mid-read (OOM/kill) the EPIPE emitted on stdin was unhandled and would crash the Node process. Funnel it into the promise rejection so the fail-safe scrub path handles it gracefully. * fix(logs): redact executionData.correlation The top-level correlation field is copied from pre-redaction trigger data, so webhook/schedule correlation values could persist unredacted. Add it to the redaction set alongside trigger/environment. * fix(logs): enforce unique PII rule scope server-side The contract accepted multiple rules with the same workspaceId (or several null all-rules); resolution is first-match, so duplicates could disagree with the UI. Add a schema refine rejecting duplicate scopes. * fix(logs): re-hydrate data-retention form on org switch The form hydrated once via a boolean ref, so switching the active org left stale retention days + PII rules and saves targeted the new org with old config. Key hydration on orgId so it re-loads per org.
… cascade (#5139) * feat(enrichment): add enrichment details sidebar with cost + provider cascade * fix(enrichment): address review — persist detail on cancel/skip, exclude not_run from ran count, refetch on panel open * fix(enrichment): keep cascade detail sticky on upsert; mark unattempted providers not_run on abort * fix(enrichment): show Cancelled in details panel for aborted runs
…ts (#5138) * feat(vfs): add lazy vfs + remove dynamic fields for prompt caching hits * feat(vfs): send typed workspace snapshot for append-only deltas Build the workspace inventory from the primary db (fixes replica-lag staleness) and emit it as a typed VfsSnapshotV1 `vfs` payload alongside the markdown, so the mothership can diff it into append-only baseline/delta messages. Generate the TS contract mirror from the Go-owned JSON schema (sync-vfs-snapshot-contract) and sort connector types so diffs stay byte-stable. * fix(lint): fix lint * fix(vfs): forward the typed snapshot through the branch payload builder The branch buildPayload implementations hand-list the params they pass to buildCopilotRequestPayload and forwarded workspaceContext but dropped vfs, so the typed snapshot never reached the Go request (req.Vfs was always nil and the append-only delta path never engaged). Forward vfs in both the workflow and workspace branches, and add a regression guard asserting the branch threads it through (the bug slipped past tests because post.test mocked the payload builder and payload.test called it directly, bypassing the branch). * improvement(contracts): update vfs contracts
…#5140) * feat(files): password, email-OTP, and SSO auth for public file shares * fix(files): suppress filename in share previews for email/sso, not just password * fix(files): normalize allow-list emails to lowercase; genericize shared SSO denial message * fix(security): make isEmailAllowed case-insensitive; normalize email at client gates * test(security): cover isEmailAllowed case-insensitive matching * fix(security): bind auth cookie to auth type; password endpoint rejects non-password shares * chore(db): format generated migration meta * fix(files): share upsert validation returns 400 not 500; disabling always succeeds * feat(access-control): org admins can restrict allowed file-share auth types
* feat(files): inline rich markdown editor Replace the raw/preview split for markdown files with a Linear-style inline WYSIWYG editor (TipTap/ProseMirror): bubble + slash menus, code-block language picker with Prism highlighting and line-wrap, resizable images (HTML <img>), GFM tables, and frontmatter held byte-exact out of band. A round-trip preflight gate (decided once per open) falls back to the raw Monaco editor for any file that can't be edited losslessly, so the rich editor never silently corrupts a file. * fix(files): chain autosave unmount flush after in-flight save The unmount flush no longer fires a concurrent PUT alongside an in-flight save; it awaits the in-flight save and then writes the latest content sequentially, so an out-of-order completion can't clobber newer edits with a stale snapshot (addresses Cursor Bugbot). * fix(files): read pasted images from clipboard items, not just files Some browsers expose a pasted or copied image only via DataTransfer.items (with an empty files list), so screenshot paste was silently ignored. extractImageFiles now falls back to items; moved to a testable module with unit tests (addresses Cursor Bugbot). * fix(files): destroy round-trip probe editor on serialization error Wrap the probe serialize() in try/finally so the throwaway Editor is always destroyed even if setContent/getMarkdown throws (addresses Greptile). Adds a test proving PipeSafeTable escapes only interior cell pipes, not structural delimiters. * fix(resource): hold breadcrumb nav latch across the route swap scheduleClose fired on the pointer/focus exit that immediately follows a click-to-navigate and was clearing the reopen latch before the route swapped, letting the popover flash back open. The latch is now released by a short timer instead (addresses Cursor Bugbot). * chore(files): drop platform references and non-essential inline comments * fix(files): scope inline markdown editor to the files view The mothership preview was routing streaming markdown through the inline editor path: it showed Monaco during streaming (previewMode fell back to 'editor') and lost the streamed content on the TextEditor→MarkdownFileEditor swap (the TextEditor unmounted before it could reconcile + autosave). The inline rich editor is now opt-in via a FileViewer prop that only the files view sets, so the mothership keeps its raw/preview streaming editor and persists as before. * fix(mothership): use the inline markdown editor in the chat resource view Idle markdown in the chat resource view now renders the single-surface inline editor (no raw/split/preview pencil toggle), matching the files view. While the agent streams, FileViewer forces the rendered preview instead of Monaco, and the streamed file persists via the agent's server write + the existing content-query invalidation on tool completion — so the idle editor refetches the persisted content. * refactor(files): collapse the duplicate raw-editor fallback branch in the markdown gate * fix(mothership): swap to the inline editor once a file preview finishes streaming The preview session keeps status='complete' and previewText after streaming ends, so streamingContent stayed defined and the file stuck on the read-only rendered preview. Treat content as streaming only while status==='streaming'; once complete the EmbeddedFile sees no streamingContent and mounts the editable inline editor (which refetches the persisted content). The synthetic streaming-file stays a pure preview. * Revert "fix(mothership): swap to the inline editor once a file preview finishes streaming" This reverts commit 25b12e4. * Revert "fix(mothership): use the inline markdown editor in the chat resource view" This reverts commit 9430aa7. * feat(files): rich markdown editor across files + chat, read-only for unsafe, robust load/save - chat resource view streams into the rich editor (streamdown while streaming → editable on completion); agent persists server-side, editor never saves mid-stream - round-trip-unsafe / >128KB markdown renders read-only in the rich editor (no Monaco, no corruption) - markdown always uses the rich editor (dropped the inline-markdown opt-in flag) - editor loads content as TipTap's initial content keyed by file id — strict-mode/SSR-safe, no content-sync effect - fix autosave "Saving…" status suppression under React strict mode - lock the streamed-file persistence handoff with a state-machine lifecycle test * chore(files): remove dead code (unused FileViewer logger + EmbeddedWorkflowActions router) * fix(files): derive markdown round-trip verdict from live content, not a locked stale snapshot The gate locked isRoundTripSafe on the first post-stream snapshot, which is often the empty create_file buffer before the agent's server write lands — wrongly leaving an unsafe document editable. Derive the verdict from the current content (memoized on the bytes) so canEdit tracks the real payload. * test(files): guard the rich editor dirty signal — open is never dirty, edits emit * fix(files): lock the markdown round-trip verdict on opened content, never strand dirty edits The round-trip-safety verdict now gates editability only at open time — computed once, on the exact content the editor mounts with, and locked for its lifetime. A dirty document is round-trip-safe by construction (the editor only emits safe markdown), so the verdict must never flip off mid-edit: doing so disabled autosave, ⌘S, the toolbar Save and the unmount flush, stranding unsaved edits. Locking on the opened (reconciled) content also fixes the stale post-stream empty-buffer snapshot, and lets the redundant MarkdownFileEditor gate (plus its duplicate content fetch) be deleted. * improvement(file-viewer): reuse shared copy hook, lazy frontmatter split - code-block: replace hand-rolled copy-with-timeout with shared useCopyToClipboard - rich-markdown-editor: compute frontmatter split once via lazy ref, drop redundant frontmatterRef - round-trip-safety: correct stale comments (read-only, not raw editor fallback) * feat(file-viewer): linked images, typed-link input rule, drag-to-reorder, churn fixes - image: round-trip linked images/badges via an href attr + custom markdown tokenizer; make the image a drag handle so it can be grabbed and reordered - link-input-rule: convert typed [text](url) to a link on the closing paren (normalized href) - markdown-paste: render pasted markdown as rich content, guarded against code blocks - round-trip-safety: behavioral link-count check replaces the static linked-image rejection - extensions: trim the table serializer's blank lines to stop interior-table whitespace churn * improvement(file-viewer): Backspace at start of a heading reverts it to a paragraph Notion-style: ProseMirror's default joins or no-ops at a heading boundary, stranding the heading style. A second Backspace then merges as usual. * fix(file-viewer): don't upload pasted/dropped images into a read-only editor handlePaste/handleDrop ran the workspace image upload without checking editability, so a read-only doc (canEdit=false or a round-trip-unsafe file) could still trigger an upload. Guard both on view.editable. * fix(file-viewer): sanitize linked-image href; drop global leading-newline strip - image: run the linked-image (badge) anchor target through normalizeLinkHref so a javascript:/data: href in a file can't execute on click; the markdown still preserves the raw target (file content unchanged) - markdown-fidelity: the table serializer now trims its own surrounding blank lines, so the global leading-newline strip in postProcessSerializedMarkdown is redundant — removing it stops clobbering content that legitimately begins with whitespace * feat(file-viewer): stream agent output directly into the rich editor; add more code languages - rich-markdown-editor: the TipTap editor is now the only markdown surface. Agent output streams into it read-only (synced per chunk, autoscrolled), then the same instance hands off to an editable editor on settle — no separate streamdown preview, so no stream→edit flash. The round-trip verdict + frontmatter lock when the content settles. - code-block/code-highlight/detect-language: register Go, Rust, Java, C, C++, C#, Ruby, PHP grammars and add detectors, so those blocks highlight and the picker offers them. - css: style h5/h6 in the prose stylesheet. * fix(sidebar): hydrate collapse state before paint to stop refresh flash The collapsed sidebar swaps entire subtrees (collapsed flyout vs expanded lists), but isCollapsed only resolved after the first paint via auto rehydration, so a collapsed reload rendered the expanded tree into the 51px rail and then reflowed — the misplaced/flashing content on refresh. Adopt zustand's documented SSR pattern: skipHydration on the persist config (first render keeps the default false, matching SSR HTML) and flush persist.rehydrate() from a useLayoutEffect so the correct structure commits in the same pre-paint frame. Removes the old race where onRehydrateStorage lifted the data-sidebar-collapsed mask before React committed the rail. * refactor(file-viewer): audit fixes — stale docs, DRY settle-lock, language detection - rich-markdown-editor: rewrite the now-stale single-surface docstring (no PreviewPanel); extract a shared lockSettled() helper used by both the mount and stream-settle paths; guard the settle re-seed so it only setContent's when the body actually changed (no redundant doc rebuild) - detect-language: stop misreading generics (List<String>) as HTML markup; detect Go type/struct - code-block: export LANGUAGE_OPTIONS + add a test asserting every picker language has a registered Prism grammar (prevents picker/highlighter drift) * refactor(file-viewer): remove dead markdown-preview renderer now superseded by the rich editor Markdown files route exclusively to RichMarkdownEditor on both the read-only and editable paths, so PreviewPanel's markdown branch and its Streamdown-based renderer were unreachable. Delete MarkdownPreview and its renderers, callout/ frontmatter/checkbox machinery, and the now-unused remark/rehype/prism/streamdown imports; drop the dead toggleMarkdownCheckbox/onCheckboxToggle plumbing in text-editor. Keep the html/csv/svg/mermaid branches intact. * refactor(file-viewer): drop dead streamingMode/append path, align naming, cover autosave The streaming engine only ever runs in 'replace' mode (the only runtime callers pass it); the 'append' branch of resolveStreamingEditorContent was unreachable. Remove streamingMode + the StreamingMode type and thread it out of the 6 components that forwarded it — nextContent is now simply the streamed snapshot, behavior-identical on the live path. Rename for codebase semantics: the boolean prop streaming -> isStreaming, EditorKeymap -> RichMarkdownKeymap, the highlight PluginKey KEY -> HIGHLIGHT_PLUGIN_KEY. Add a defensive isEditable guard to the markdown paste handler (parity with the image handler; read-only must never mutate). Add a dependency-free useAutosave test suite (debounce, min-display window, no-data-loss when an edit lands mid-save, error/no-retry, Cmd+S flush, streaming-disabled lock, unmount flush). * fix(file-viewer): re-lock round-trip verdict + frontmatter on each stream settle LoadedRichMarkdownEditor stays mounted across multiple agent edits to the same file within a chat (previewContextKey is the chat id), but the settle effect only locked settledRef when it was null — so a second stream into the same instance kept editability and frontmatter tied to the first settled snapshot. A repeat edit that is round-trip-unsafe would stay editable, and saves would re-attach the stale frontmatter. Track wasStreaming and re-derive the verdict + frontmatter on every stream->settle transition (user edits never re-derive, preserving the don't-strand-edits rule). Verified red/green in the e2e streaming harness. * test(file-viewer): lock link href sanitization for dangerous schemes from file content Greptile flagged a possible javascript: link XSS. Verified TipTap 3.26.1 already neutralizes javascript:/data:/vbscript: (and mixed-case/whitespace variants) from file-loaded markdown to an empty href. Add a committed regression test that asserts this against the real headless editor, so a future TipTap bump can't silently reintroduce the issue. * perf(file-viewer): cap the round-trip probe at 24KB and coalesce streaming syncs @tiptap/markdown's parse is superlinear (~O(n2)) in document size — measured ~170ms at 11KB, ~875ms at 23KB, multiple seconds past ~35KB — and it runs synchronously at mount inside the round-trip-safety probe (twice) and the editor's own setContent. The 128KB cap allowed multi-second main-thread freezes; lower it to 24KB so the worst-case mount stays near a second while still covering the vast majority of real markdown files (larger files open read-only). Separately, coalesce streaming chunk-syncs to one re-parse per animation frame so a fast-streaming agent doesn't re-parse the whole accumulating doc per token. Typing latency was measured to be already excellent (sub-ms median, no change needed); the only hot cost was the mount parse. * perf(file-viewer): chunked markdown parsing to remove the O(n2) mount cost @tiptap/markdown's whole-document setContent(md,'markdown') is superlinear in size, freezing the main thread at mount for large files (~2.5s at 34KB, ~11s at 65KB) and forcing a restrictive read-only cap. Parse block-by-block instead: a conservative blank-line/fence-aware splitter (merges list/quote runs and indented continuations so ambiguous structures stay atomic; reference-link/footnote/raw-HTML docs fall back to a whole parse), each block parsed with the editor's own lexer via one reused headless parser, assembled into a doc. This is linear and byte-identical to the one-shot parse — measured ~15ms vs multiple seconds at 124KB+ — so the editor mount, streaming sync, and round-trip probe are all linear, and the editable-size cap goes 24KB -> 256KB (covers the p99 of real files). Fidelity + idempotency are pinned by unit tests, a 400-document property/fuzz test, and adversarial edge cases (nested/loose lists, blockquotes, setext, indented code, lazy continuation, HTML, reference links). * fix(sidebar): render collapse state from a cookie so SSR matches The server couldn't read localStorage, so a collapsed user's first paint rendered the *expanded* tree at 51px — prefetched chat/workflow lists, pinned-chat pin icons, and loading skeletons all crammed into the rail and then reflowed once the store hydrated. Mirror the collapse state into a sidebar_collapsed cookie (the shadcn/ui sidebar pattern), read it in the workspace server layout, and seed the sidebar's first render with it: structure is now correct on the server, so the first paint is the real rail with no skeleton/pin/shift. The store remains the post-hydration source of truth; the blocking script honors the cookie for width when localStorage is absent so width and structure agree. * refactor(sidebar): make the cookie the single source of truth for collapse Consolidates the collapse machinery onto one source of truth instead of layering the cookie on top of the legacy localStorage + CSS-mask system: - Collapse persists only in the sidebar_collapsed cookie; the store seeds isCollapsed from it and drops it from localStorage (partialize + merge), removing the dual-write and the cross-tab desync it caused. - Retire the redundant html[data-sidebar-collapsed] attribute + CSS mask now that the server emits the correct data-collapsed structure; also delete the dead sidebar-collapse-show/-remove/-btn rules. - Blocking script reads the cookie for collapse (width stays in localStorage) and seeds the cookie once from the legacy flag so existing collapsed users keep their preference. - Keep skipHydration + a pre-paint rehydrate for width only — the documented zustand SSR pattern, so _hasHydrated is deterministically false during SSR. Width stays in localStorage; each field now has exactly one home. * refactor(file-viewer): simplify + cleanup chunked-parse (linear merge, parse-once seed) From the /simplify + /cleanup passes: - splitMarkdownBlocks: build continuation runs and join each once instead of concatenating onto the growing previous block per group, which was O(n2) for a pathological single long loose list (now linear: 208KB loose list splits in ~3ms). - rich-markdown-editor: seed the editor's initial content via a lazy useState initializer instead of useRef(parseMarkdownToDoc(...)), whose argument re-parsed the whole document on every render (i.e. every keystroke). Parses exactly once at mount. - Document that the indent-merge rule is load-bearing for nested fenced code, and tighten the verbose inline comment blocks. * refactor(sidebar): drop orphaned sidebar-collapse-btn class Its CSS rule was removed with the data-sidebar-collapsed mask; the button's collapse behavior is fully driven by the React isCollapsed ternary, leaving the class name pointing at nothing. * test(file-viewer): consolidate split test files into one per module Match the dir's one-test-per-module convention: fold the markdown-parse property/fuzz suite into markdown-parse.test.ts and the editability corpus into round-trip-safety.test.ts (both already tested the same module from a separate-concern file). No coverage change — same assertions, fewer files (12 -> 10). * fix(file-viewer): make all editor controls respect read-only permissions Every interactive control that calls updateAttributes/dispatches a command mutates the doc even when read-only (ProseMirror commands run regardless of editable), so gate them on editor.isEditable: - bubble menu: the Cmd/Ctrl+K shortcut and shouldShow now bail when not editable, so a read-only doc can't open the link bar and setLink into it (Cursor finding). - code block: the language picker renders as a static label when read-only (its onSelect mutates); copy + view-only wrap stay. - image: no drag-to-reorder (draggable=false, no drag handle) and no resize handle when read-only; the image still renders and follows its link. - links: a plain click now follows the link in read-only (reader) mode, while edit mode still requires a modifier so a plain click can place the cursor (Cursor finding). Verified with new read-only permission e2e tests. * fix(sidebar): honor collapsed cookie even when localStorage is corrupt The blocking script read the collapse cookie inside the same try as JSON.parse(localStorage); invalid persisted JSON fell through to the 248px fallback and ignored a collapsed cookie, painting an expanded-width rail on first load. Read collapse from the cookie first and parse the persisted width in its own try so the two are independent. * docs(sidebar): convert inline comments to TSDoc * fix(file-viewer): resolve in-app workspace image URLs in the rich editor The removed MarkdownPreview rewrote /workspace/{id}/files/{fileId} image src to the serving endpoint /api/files/view/{fileId}; without it, in-app image URLs 404 in the rich editor (Cursor finding). Re-add the rewrite as a display-only transform on the rendered <img src> — the node's stored src attribute keeps the original path so markdown round-trips unchanged. Absolute/non-workspace URLs pass through. Unit tested. * fix(files): restore same-page anchor links in the rich markdown editor Headings rendered by the TipTap editor had no slug ids (the old MarkdownPreview got them from rehype-slug), so in-document table-of-contents links like [section](#section) had no targets. Resolve the slug to its heading on click (GitHub-style, duplicate-disambiguated) and scroll to it, with zero per-keystroke cost. * feat(files): render mermaid diagrams in the rich markdown editor A code block renders as a Mermaid diagram when it is fenced ```mermaid or auto-detected (an untagged fence whose first line opens with a diagram keyword, the Linear/GitHub heuristic). Detection is display-only — the node stays an ordinary code block and the markdown round-trips unchanged. - Source while the caret is inside the block, diagram on blur; a Show source / Show diagram control plus copy, matching the code block's hover chrome. - Clicking the diagram selects the node (same ring as an image), not flips source. - Theme-aware (light/dark) via next-themes; the diagram frame shares the code block's chrome (one CSS source of truth). - Extracted MermaidDiagram into a shared module so the editor reuses it without pulling preview-panel's heavy deps; rendered SVGs are memoized so toggling the source view and back is instant. Covered by mermaid-diagram unit tests and the editor e2e harness. * fix(files): harden the markdown editor (CRLF chunking, href allowlist, image escaping) Final-audit follow-ups: - splitMarkdownBlocks normalizes CRLF/CR first — a closing fence ending in \r no longer fails to match, which had collapsed Windows-authored files with fenced code into one block and defeated the linear chunker (perf regression). - normalizeLinkHref rejects file://, blob:, and other non-network schemes (script/data schemes already rejected); network scheme:// (http/ftp/…) and bare host:port still pass. - Image markdown serialization escapes alt/title delimiters and angle-brackets a src with spaces/parens, so they round-trip losslessly; linked-image anchors open in a new tab (target=_blank). - Markdown paste routes through the chunker so a large pasted blob can't freeze the main thread. * test(files): cover the code-highlight incremental re-tokenization gate Export and unit-test changeTouchesCodeBlock: prose-only edits map decorations (false), edits inside a code block or a setNodeMarkup language change re-tokenize (true) — the perf-correctness path that keeps highlighting off the keystroke path. * fix(files): keep relative links relative, navigate in-app links within the SPA - normalizeLinkHref no longer prefixes `./`/`../` relative paths into `https://./…` (they round-trip and resolve correctly). - Following a same-origin in-app link (e.g. /workspace/…) routes through the Next router (same tab) instead of always opening a new tab; modifier-click and external URLs still open a new tab. * fix(files): linked images don't open a tab on a plain click in the editor The linked-image anchor's native navigation was firing on a plain click in edit mode (where handleClick intentionally returns false for caret placement). Prevent the anchor's default so the editor's handleClick — gated on editable/modifier, matching text links via openOnClick:false — is the sole navigator. * fix(sidebar): match the collapse cookie value strictly (not a substring) A substring search for 'sidebar_collapsed=1' also matched 'sidebar_collapsed=10', desyncing the pre-paint sidebar rail and client store from the strict server read. Parse the cookie value and compare it to '1' exactly, in both the pre-paint inline script and readCollapsedCookie. Added a store test. * fix(sidebar): reconcile migrated-legacy collapse before paint A user whose collapse lived only in localStorage has no sidebar_collapsed cookie at SSR (initialCollapsed=false), but the pre-paint script migrates them to a cookie. The store's persist.rehydrate() is async (flips _hasHydrated after paint), so the first paint showed expanded labels in the collapsed 51px rail. Reconcile to the cookie synchronously in a useLayoutEffect (first render still matches the server, so no hydration mismatch) — no narrow-rail flash.
Contributor
|
Too many files changed for review. ( |
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryLow Risk Overview
The docs site wires Sportmonks into the integration catalog: new Reviewed by Cursor Bugbot for commit ecbe191. Configure here. |
github-actions
Bot
added
the
requires-mothership-merge
|
* feat(pii): gate data retention PII redaction behind feature flag * fix(pii): evaluate pii-redaction flag globally with no org/user context
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| renderTableToMarkdown(node, { | ||
| ...h, | ||
| renderChildren: (nodes, separator) => | ||
| h.renderChildren(nodes, separator).replace(/\|/g, '\\|'), |
#5146) * feat(scheduled-tasks): expose Google Calendar-style recurrence options Add a per-day weekly toggle (repeat on arbitrary weekdays), monthly nth-/last-weekday anchoring, and a yearly frequency to the scheduled task modal, closing the gap with a calendar app's recurrence picker. The recurrence UI compiles to cron, so this is front-end only: croner already speaks the nth/last-weekday (#/#L) syntax, and the display path normalizes #L to cronstrue's L so labels read "last Monday" not "null". * fix(scheduled-tasks): preserve monthly anchor when reselecting Monthly Selecting Monthly from the frequency dropdown hard-reset monthlyMode to day-of-month, silently dropping a previously chosen nth-/last-weekday anchor when switching cadence away and back. Preserve the existing mode on reselect, mirroring how the last recurring cadence is restored across the recurring toggle. * fix(scheduled-tasks): fold 5th-occurrence monthly into last-weekday; align weekday-digit parsing Address review edge cases in the monthly recurrence anchors: - The picker no longer offers a fifth weekday (a 5th occurrence is always the month's last), and recurrenceToCron clamps any nth-weekday that resolves to a 5th occurrence to #L — so a launch date drifting to day 29-31 can never emit #5 and silently skip months without one. - cronToRecurrence accepts croner's alternate Sunday digit (7) for the #/#L monthly anchors, matching parseCronToHumanReadable's normalizer; externally-authored 7#L crons now round-trip (canonicalized to 0#L). - #5 crons are left as custom pass-through so their month-skipping behavior is preserved verbatim rather than rewritten.
* feat(connectors): add Google Meet knowledge base connector Syncs Google Meet meeting transcripts into a knowledge base via the Meet REST API v2. Lists conference records, fetches transcript entries lazily per meeting (contentDeferred), resolves speaker display names, and maps participants/duration/meeting-date tags. OAuth via the existing google-meet provider (meetings.space.readonly). * fix(connectors): finalize Google Meet transcripts before indexing - Only index a meeting once every transcript is FILE_GENERATED, so a partial transcript is never stored under an endTime-keyed hash that would never refresh - Sort merged transcript entries by start time to preserve chronology across multiple transcripts in one conference * refactor(connectors): dedicated TRANSCRIPTS_PAGE_SIZE constant for Meet transcripts * fix(connectors): only flag Meet listing capped when cap truncates source Previously listingCapped was set whenever the fetched count reached maxMeetings, even when the API returned every record and no next page existed. That suppressed the sync engine's deletion reconciliation when the cap happened to equal the true source size. Now flag only when more pages remain or records were dropped from the page.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.