Commit graph

658 commits

Author SHA1 Message Date
Rousseau Vincent
ff3525e46b
Update surrealdb user and add gpu for ollama
Added user root for surrealdb service and nvidia GPU support in ollama service.
2026-04-08 10:22:33 +02:00
Luis Novo
89eac04c63
Merge pull request #731 from lfnovo/fix/surrealdb-injection
fix: prevent SurrealDB injection via unsanitized query parameters
2026-04-07 14:52:22 -03:00
Luis Novo
3d560b4248 chore: bump version to 1.8.3 and update changelog
Add 1.8.2 and 1.8.3 entries to CHANGELOG.md.
1.8.3 documents the SurrealDB injection security fix.
2026-04-07 07:59:16 -03:00
Luis Novo
e5b253b11d fix: prevent SurrealDB injection via order_by and unparameterized queries
- Add allowlist validation for order_by param in notebooks endpoint
- Parameterize session_id query in source_chat router
- Add regex validation in base.py get_all() order_by parameter
- Convert async_migrate bump/lower_version to parameterized queries
2026-04-07 07:58:54 -03:00
Luis Novo
6274358b21
Merge pull request #725 from lfnovo/feat/dashscope-minimax-providers
feat: add DashScope (Qwen) and MiniMax provider support
2026-04-06 13:42:45 -03:00
Luis Novo
3934fe7e5e chore: bump version to 1.8.2 and update changelog and provider docs
- Bump version from 1.8.1 to 1.8.2
- Add changelog entry for DashScope and MiniMax provider support
- Update provider counts across README and docs (16+ → 18+, 15+ → 17+)
- Add DashScope and MiniMax to README provider support matrix
2026-04-06 10:59:47 -03:00
Luis Novo
adc03e56bb feat: add DashScope (Qwen) and MiniMax provider support
- Bump esperanto dependency to >=2.20.0 for new provider profiles
- Register both providers in credentials, key provider, connection tester, model discovery, and models router
- Add frontend provider entries (display names, modalities, docs links)
- Add documentation sections for both providers in ai-providers.md, environment-reference.md, and provider comparison
2026-04-06 10:54:37 -03:00
Luis Novo
c42dc10d2b
Merge pull request #723 from lfnovo/docs/deprecate-single-container
docs: deprecate single-container image
2026-04-06 08:21:06 -03:00
Luis Novo
746218248c docs: add surrealdb service notes to docker-compose snippets
The v1-latest image requires a separate surrealdb service unlike the
deprecated single-container image. Add comments pointing to the full
base docker-compose.yml in all partial code examples.
2026-04-06 08:15:33 -03:00
Luis Novo
309004aef4 docs: deprecate single-container image in favor of Docker Compose
The v1-single image is being phased out ahead of v2. This adds
deprecation notices to the single-container docs and replaces
v1-latest-single image references with v1-latest across all
configuration guides and issue templates.

Closes #498
2026-04-06 08:10:32 -03:00
Luis Novo
33920285ca
Merge pull request #722 from lfnovo/fix/source-and-credential-bugs
fix: source asset persistence, title preservation, credential cascade delete
2026-04-06 08:01:56 -03:00
Luis Novo
bcec7e89ef refactor: move tests from test_bug_fixes.py to proper test modules
- Title preservation tests → test_graphs.py (TestSaveSourceTitlePreservation)
- Source asset persistence tests → test_sources_api.py (new file)
- Credential cascade delete tests → test_credentials_api.py (new file)
- Delete test_bug_fixes.py
2026-04-06 07:45:49 -03:00
Luis Novo
18a7cab36f fix: improve test quality for #627 and #651
- #627: Replace model-construction tests with endpoint-level tests that
  exercise the real create_source async path via TestClient, capturing
  the Source instance passed to save() using patch.object(autospec=True)
- #651: Use assert_awaited_once() instead of assert_called_once() on
  AsyncMock methods to catch missing await bugs
- Remove redundant class-level @patch for Source.save in title tests
2026-04-06 07:42:20 -03:00
Luis Novo
e91a825f68 fix: persist source asset, preserve custom titles, cascade-delete credential models
- #627: Set source.asset (URL/file_path) before save() in async creation
  path so failed sources are identifiable and retry works
- #670: Only overwrite source title if it's a placeholder ("Processing...")
  or empty, preserving user-set custom titles
- #651: Cascade-delete linked models when credential is deleted instead of
  returning 409 Conflict; remove unused delete_models parameter
- Add tests for all three fixes (12 new tests)
- Add .harness and .mcp.json to .gitignore
2026-04-06 07:38:37 -03:00
Luis Novo
c36782e5c5
Merge pull request #671 from lfnovo/dependabot/uv/orjson-3.11.6
chore(deps): bump orjson from 3.11.5 to 3.11.6
2026-04-06 07:37:28 -03:00
Luis Novo
859b1e23ac
Merge pull request #678 from lfnovo/dependabot/uv/authlib-1.6.9
chore(deps): bump authlib from 1.6.7 to 1.6.9
2026-04-06 07:37:04 -03:00
Luis Novo
55a54710c6
Merge pull request #672 from lfnovo/dependabot/uv/pyjwt-2.12.0
chore(deps): bump pyjwt from 2.10.1 to 2.12.0
2026-04-06 07:36:48 -03:00
Luis Novo
5d408f744a
Merge pull request #680 from lfnovo/dependabot/npm_and_yarn/frontend/next-16.1.7
chore(deps): bump next from 16.1.5 to 16.1.7 in /frontend
2026-04-06 07:36:29 -03:00
Luis Novo
2644c89ce0
Merge pull request #679 from lfnovo/dependabot/uv/pyasn1-0.6.3
chore(deps): bump pyasn1 from 0.6.2 to 0.6.3
2026-04-06 07:36:14 -03:00
Luis Novo
1b14b90ec8
Merge pull request #702 from lfnovo/dependabot/uv/cryptography-46.0.6
chore(deps): bump cryptography from 46.0.5 to 46.0.6
2026-04-06 07:36:02 -03:00
dependabot[bot]
e2120338a0
chore(deps): bump pyasn1 from 0.6.2 to 0.6.3
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.2 to 0.6.3.
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3)

---
updated-dependencies:
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-06 10:35:52 +00:00
Luis Novo
5e73124709
Merge pull request #697 from lfnovo/dependabot/uv/requests-2.33.0
chore(deps): bump requests from 2.32.5 to 2.33.0
2026-04-06 07:35:46 -03:00
Luis Novo
a110f562ac
Merge pull request #684 from lfnovo/dependabot/npm_and_yarn/frontend/flatted-3.4.2
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 in /frontend
2026-04-06 07:35:32 -03:00
dependabot[bot]
8eddc611ea
chore(deps): bump authlib from 1.6.7 to 1.6.9
Bumps [authlib](https://github.com/authlib/authlib) from 1.6.7 to 1.6.9.
- [Release notes](https://github.com/authlib/authlib/releases)
- [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst)
- [Commits](https://github.com/authlib/authlib/compare/v1.6.7...v1.6.9)

---
updated-dependencies:
- dependency-name: authlib
  dependency-version: 1.6.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-06 10:35:31 +00:00
dependabot[bot]
020fb46a8f
chore(deps): bump orjson from 3.11.5 to 3.11.6
Bumps [orjson](https://github.com/ijl/orjson) from 3.11.5 to 3.11.6.
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ijl/orjson/compare/3.11.5...3.11.6)

---
updated-dependencies:
- dependency-name: orjson
  dependency-version: 3.11.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-06 10:35:25 +00:00
Luis Novo
6da7d1f95e
Merge pull request #688 from lfnovo/dependabot/npm_and_yarn/frontend/picomatch-2.3.2
chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /frontend
2026-04-06 07:35:16 -03:00
Luis Novo
12368067e3
Merge pull request #701 from lfnovo/dependabot/uv/langchain-core-1.2.22
chore(deps): bump langchain-core from 1.2.11 to 1.2.22
2026-04-06 07:35:00 -03:00
Luis Novo
8240d469ed
Merge pull request #707 from lfnovo/dependabot/uv/pygments-2.20.0
chore(deps): bump pygments from 2.19.2 to 2.20.0
2026-04-06 07:34:42 -03:00
Luis Novo
abfa52c191
Merge pull request #709 from lfnovo/dependabot/uv/fastmcp-3.2.0
chore(deps): bump fastmcp from 2.14.3 to 3.2.0
2026-04-06 07:34:25 -03:00
Luis Novo
750befbe52
Merge pull request #714 from lfnovo/dependabot/uv/aiohttp-3.13.4
chore(deps): bump aiohttp from 3.13.3 to 3.13.4
2026-04-06 07:34:05 -03:00
Luis Novo
2008a6b4d1
Merge pull request #721 from lfnovo/fix/source-list-auto-refresh-526
fix: source list auto-refresh after adding new source (#526)
2026-04-06 07:15:46 -03:00
Luis Novo
3f07c68143 chore: remove temporary planning files 2026-04-06 07:08:56 -03:00
Luis Novo
ab9e29b9a7 chore: update progress notes for session 2 2026-04-06 07:05:38 -03:00
Luis Novo
22f06af0bc fix: invalidate sourcesInfinite query key on source creation (#526)
useCreateSource and useFileUpload only invalidated QUERY_KEYS.sources()
which doesn't match the infinite scroll query key used by the notebook
page (QUERY_KEYS.sourcesInfinite()). Added sourcesInfinite invalidation
to both hooks so the source list auto-refreshes after adding sources.
2026-04-06 07:05:02 -03:00
Luis Novo
992c23d524 chore: initial setup for source list auto-refresh fix (#526) 2026-04-06 06:51:57 -03:00
dependabot[bot]
4a0fe7f6a1
chore(deps): bump aiohttp from 3.13.3 to 3.13.4
---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.13.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-01 22:23:29 +00:00
dependabot[bot]
295c906d97
chore(deps): bump fastmcp from 2.14.3 to 3.2.0
Bumps [fastmcp](https://github.com/PrefectHQ/fastmcp) from 2.14.3 to 3.2.0.
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](https://github.com/PrefectHQ/fastmcp/compare/v2.14.3...v3.2.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-31 22:28:50 +00:00
dependabot[bot]
4943d27dec
chore(deps): bump pygments from 2.19.2 to 2.20.0
Bumps [pygments](https://github.com/pygments/pygments) from 2.19.2 to 2.20.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](https://github.com/pygments/pygments/compare/2.19.2...2.20.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-version: 2.20.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-30 19:50:20 +00:00
dependabot[bot]
5f2e105b40
chore(deps): bump cryptography from 46.0.5 to 46.0.6
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-29 04:14:00 +00:00
dependabot[bot]
f142d98c15
chore(deps): bump langchain-core from 1.2.11 to 1.2.22
Bumps [langchain-core](https://github.com/langchain-ai/langchain) from 1.2.11 to 1.2.22.
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](https://github.com/langchain-ai/langchain/compare/langchain-core==1.2.11...langchain-core==1.2.22)

---
updated-dependencies:
- dependency-name: langchain-core
  dependency-version: 1.2.22
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-28 01:32:47 +00:00
dependabot[bot]
845118e250
chore(deps): bump requests from 2.32.5 to 2.33.0
Bumps [requests](https://github.com/psf/requests) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.5...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-26 15:07:47 +00:00
dependabot[bot]
16e6f64f01
chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 in /frontend
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-26 07:26:11 +00:00
dependabot[bot]
b3efb1164e
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 in /frontend
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-21 11:19:40 +00:00
dependabot[bot]
2f47be3331
chore(deps): bump next from 16.1.5 to 16.1.7 in /frontend
Bumps [next](https://github.com/vercel/next.js) from 16.1.5 to 16.1.7.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v16.1.5...v16.1.7)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.1.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-17 21:11:25 +00:00
dependabot[bot]
9b74c8f406
chore(deps): bump pyjwt from 2.10.1 to 2.12.0
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.12.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.10.1...2.12.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-version: 2.12.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-14 00:42:38 +00:00
Luis Novo
a42e2a347e
Merge pull request #666 from lfnovo/fix/podcast-uuid-directory
fix: use UUID for podcast episode directory names
2026-03-11 19:11:28 -03:00
Luis Novo
e9040ef97b fix: extract build_episode_output_dir helper and test production code
Tests were reimplementing UUID logic locally instead of testing the
actual production code path. Extract the path-building logic into a
testable helper function and import it directly in tests.
2026-03-11 17:05:42 -05:00
Luis Novo
0619fa4d3b fix: use UUID for podcast episode directory names
Podcast episode names with spaces or special characters caused
filesystem errors when used directly as directory names.
Use UUID-based directory names instead, keeping the original
episode name in the database for display purposes.

Closes #663
2026-03-11 17:00:00 -05:00
Luis Novo
d0479b956c
Merge pull request #665 from lfnovo/fix/bump-esperanto-2.19.7
fix: bump esperanto to 2.19.7
2026-03-11 17:53:01 -03:00
Luis Novo
b7bba2461c fix: bump esperanto to 2.19.7 to fix base_url/api_key config in multiple embedding providers
Fixes the same kwargs vs self.* issue found in Azure, OpenAI, Voyage,
Google, and Jina embedding providers.
2026-03-11 15:51:52 -05:00