Merged
Conversation
Signed-off-by: Ryan Cook <rcook@redhat.com>
Signed-off-by: Ryan Cook <rcook@redhat.com>
cooktheryan
added a commit
to cooktheryan/vTeam
that referenced
this pull request
Oct 7, 2025
Signed-off-by: Ryan Cook <rcook@redhat.com>
Gkrumbach07
added a commit
to Gkrumbach07/platform
that referenced
this pull request
Oct 8, 2025
Add changes tracking to ProjectRFEDetailPage and ProjectSessionsListPage - Introduced a new "Changes" column in both ProjectRFEDetailPage and ProjectSessionsListPage to display the status of repository changes. - Implemented logic to compute and display diff counts for each session, enhancing visibility into repository modifications. - Updated the NewProjectSessionPage to replace PR creation options with an auto-push feature, streamlining user interactions for session completion. These enhancements improve the user experience by providing clearer insights into repository changes and simplifying session management workflows. Enhance ProjectSessionDetailPage with diff tracking and GitHub integration - Updated the RepoDiffBadge component to include an onUpdate callback for tracking total diff counts per repository. - Introduced state management for diff totals and busy states for push/abandon actions, improving user feedback during operations. - Enhanced the buildGithubCompareUrl function to generate comparison links between branches, facilitating easier code reviews. - Improved rendering logic for diff counts and action buttons, ensuring a more intuitive user experience when managing repository changes. These changes significantly enhance the functionality and usability of the session detail page for managing GitHub repositories. Add Git diff functionality for session repositories - Introduced new endpoints for retrieving Git diff counts for session repositories, allowing users to view changes in their repositories directly from the session interface. - Implemented backend functions to handle diff requests, including error handling and response management. - Enhanced the frontend to display diff counts for each repository, improving user interaction and visibility into repository changes. - Updated session management to derive repository paths dynamically, ensuring accurate diff retrieval. These changes significantly enhance the functionality and user experience for managing session-related Git repositories. Refactor session workspace handling to utilize content service directly - Updated the session workspace management functions to build absolute paths without URL escaping, aligning with filesystem paths. - Replaced direct file reading and writing with HTTP requests to a content service, enhancing modularity and service interaction. - Improved token handling by checking multiple headers for authorization, ensuring compatibility with various client setups. - Enhanced error handling and response management for workspace file operations, providing more robust feedback to users. These changes streamline session workspace operations and improve the overall architecture of the backend service. Add session workspace management endpoints and frontend integration - Introduced new backend functions for listing, reading, and writing session workspace files, enhancing the content service's capabilities for agentic sessions. - Updated the main routing to include endpoints for workspace operations, allowing users to interact with session-specific file structures. - Modified frontend API calls to utilize the new backend endpoints for workspace management, improving user experience in handling session files. - Enhanced the session detail page to manage workspace state more efficiently, reducing unnecessary re-renders and flicker during updates. These changes significantly improve the functionality and user experience for managing session workspaces in the application. Add GitHub push and abandon functionality for session repositories - Introduced new endpoints for pushing and abandoning changes in session repositories, allowing users to manage their GitHub repositories directly from the session interface. - Implemented `contentGitPush` and `contentGitAbandon` functions to handle the respective operations, including validation and error handling. - Updated the frontend to provide buttons for push and abandon actions, enhancing user interaction with session repositories. - Enhanced the `SessionRepo` type to include a status field, reflecting the current state of each repository (e.g., pushed, abandoned). - Updated the CRD for agentic sessions to include the new status field for repositories, improving tracking of repository states. - Modified the operator to manage cleanup based on repository statuses, ensuring proper session termination when all repositories are finalized. These changes significantly improve the functionality and user experience for managing session-related GitHub repositories. Update mintSessionGitHubToken to use default audience for TokenReview - Modified the TokenReview in the mintSessionGitHubToken function to remove the audience specification, allowing for compatibility with standard service account tokens. This change simplifies the token review process and enhances flexibility in session management. Add runner secrets configuration to agentic session handling - Implemented logic to read runner secrets configuration from ProjectSettings in the session's namespace. - Enhanced job specification to conditionally import keys from the runner secret as environment variables and mount the secret as a volume if configured. These changes improve the flexibility and security of session management by allowing the use of runner secrets in job execution. Update token request in provisionRunnerTokenForSession to remove audience restrictions - Modified the token request in the `provisionRunnerTokenForSession` function to eliminate audience specifications, allowing for a more flexible token generation for CR status updates. This change simplifies the token handling process and enhances compatibility for various use cases. Enhance token audience specification in provisionRunnerTokenForSession - Updated the token request in the `provisionRunnerTokenForSession` function to include both backend and Kubernetes audiences. This change ensures compatibility for WebSocket authentication and backend mint/status operations. These modifications improve the functionality and security of token handling in session management. Add RBAC permissions for agentic sessions in provisionRunnerTokenForSession - Extended the role definition in the `provisionRunnerTokenForSession` function to include permissions for the `agenticsessions` resource, allowing "get", "list", and "watch" verbs. These changes enhance the role-based access control for agentic sessions, improving security and functionality in session management. Refactor AgenticSession annotation handling and enhance CRD with user context - Updated the `provisionRunnerTokenForSession` function to use a conflict-safe patch for annotating AgenticSession with runner token and service account names. - Added `userContext` properties to the AgenticSession CRD, capturing authenticated caller identity at creation time, including user ID, display name, and group memberships. These changes improve the robustness of session management and enhance user identity tracking in the system. Implement session runner token validation in agentic session handling - Added logic to ensure the backend has provisioned a per-session runner token before creating a job. - Updated session status to "Pending" with a message if the runner token secret is not yet available. These changes enhance the robustness of session management by ensuring necessary tokens are in place before job execution. Enhance token handling in backend and runner components - Added support for passing tokens via query parameters for websocket/agent callers in the project context validation middleware. - Updated frontend deployment manifest to correct GITHUB_APP_SLUG value. - Removed unused backend network policy and runner egress network policy manifests. - Expanded backend cluster role permissions to include agentic sessions and per-session RBAC objects. These changes improve the flexibility and security of token management and simplify the manifest structure. Remove unused mintSessionGitHubToken function and related logic from backend handlers and operator main files. This cleanup enhances code maintainability by eliminating redundant code and improving clarity in session management. Enhance session management and token handling in backend - Introduced environment variable support for `environmentVariables` in `AgenticSessionSpec`. - Added a new endpoint to mint GitHub tokens for session runners, validating service accounts via TokenReview. - Updated session creation logic to derive user context from authenticated callers, improving security. - Refactored token provisioning to streamline the process and ensure only necessary tokens are handled. These changes improve the flexibility and security of session management in the backend. Refactor token handling in backend and runner components - Updated environment variable names for GitHub tokens in backend handlers and operator main files to use "github-token" for consistency. - Removed fallback to ProjectSettings secret for GitHub and bot tokens in operator logic. - Simplified token retrieval in Claude Code runner by removing references to BOT_TOKEN. - Adjusted WebSocket transport to only use BOT_TOKEN, enhancing clarity in authorization handling. These changes improve the clarity and consistency of token management across components. New automation and workflow (ambient-code#144) Signed-off-by: Ryan Cook <rcook@redhat.com> Fix typo in GITHUB_APP_SLUG value in frontend deployment manifest Remove deprecated GitHub App secret manifest file Update GitHub Actions workflow to specify correct paths for Dockerfiles in frontend, backend, operator, and claude-code-runner components Update GitHub Actions workflow to specify Dockerfiles for frontend, backend, and operator components
Merged
sallyom
pushed a commit
that referenced
this pull request
Oct 15, 2025
Signed-off-by: Ryan Cook <rcook@redhat.com>
3 tasks
jeremyeder
added a commit
that referenced
this pull request
Apr 10, 2026
## Summary - Bump `next` 16.2.2 → 16.2.3 — fixes DoS via Server Components (alert #173) - Bump `aiohttp` ≥3.13.3 → ≥3.13.4 — fixes 9 CVEs: header injection, SSRF, DoS, credential leak, CRLF injection (alerts #149–158) - Bump `cryptography` 46.0.5 → 46.0.7 (transitive) — fixes buffer overflow (alert #172) - Bump `lupa` 2.6 → 2.7 (transitive) — fixes sandbox escape / RCE (alert #168) ### Remaining alerts (3) Alerts #144, #145, #146 (`fastmcp` 2.14.3 → 3.2.0) are **blocked on upstream**: `mcp-atlassian` 0.21.1 pins `fastmcp<2.15.0,>=2.13.0`. The CVEs affect fastmcp's OpenAPI provider and OAuth proxy — not in our code path, but the alerts will stay open until `mcp-atlassian` releases a version compatible with fastmcp 3.x. ## Test plan - [x] Frontend: 614 tests pass (`npx vitest run`) - [x] Runner: 543 tests pass (`uv run pytest tests/`) - [ ] CI passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Bumped frontend and runtime dependency minimums to newer patch releases. * **Refactor** * Code formatting and parameter/layout reflows across several modules for readability. * **Tests** * Cleaned up and reformatted unit tests, removing unused imports and improving fixture readability. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ambient Code Bot <bot@ambient-code.local> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.