v2.6.1 — RFC-015 web GUI hotfix
Hotfix release. Resolves three blockers found in code review of the
RFC-015 web GUI shipped in v2.6.0. No data migration. No config changes.
Fixed
/configHTML page now renders._to_dictwas defined as a closure
insideget_config_endpoint, so every render of/configraised
NameError, was silently swallowed by a bareexcept, and left the
YAML body blank on initial server-side render. Promoted to a module-level
_config_to_dicthelper used by both routes. (PR #131)PUT /api/configcorrectly reports nested restart-required fields.
The check compared top-level payload keys against a set of dotted-path
fields, so payloads like{"embedding": {"provider": "x"}}were
reported asapplied: ["embedding"],pending_restart: [], telling
operators a restart-required change had taken effect when it had not.
Added_flatten_keysto walk nested payloads to dotted leaf paths;
appliedandpending_restartnow contain accurate dotted paths.
(PR #131)/configHTML route is now auth-gated./api/configwas protected,
but the HTML shell (and once the_to_dictbug was fixed, its
server-rendered YAML body) was reachable without an API key. Added
Depends(require_api_guard)and made the YAML body redact secrets
before serialization. (PR #131)
Tests
- Added four regression tests in
tests/test_web_api.pycovering all
three fixes. 24 passed, 2 skipped (was 20 + 2).
Upgrade
pip install -U 'zettelforge==2.6.1'
No config or data migration required.