deps(deps): bump the npm-minor-patch group in /frontend with 8 updates by dependabot[bot] · Pull Request #249 · clac-ca/automatic-data-extractor

dependabot · 2026-02-09T19:41:16Z

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

jrkropp · 2026-02-11T02:53:21Z

@dependabot rebase

dependabot · 2026-02-11T02:53:24Z

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

jrkropp · 2026-02-11T02:53:48Z

@dependabot recreate

--- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) * feat(documents): stabilize rename flow and expand preview (#362) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) * feat(documents): stabilize rename flow and expand preview (#362) * feat(documents): persist rows per page preference (#369) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 9, 2026

github-actions bot previously approved these changes Feb 9, 2026

View reviewed changes

jrkropp enabled auto-merge (squash) February 10, 2026 08:03

dependabot bot dismissed github-actions[bot]’s stale review via 9efe8a0 February 11, 2026 02:56

dependabot bot force-pushed the dependabot/npm_and_yarn/frontend/development/npm-minor-patch-9099a8fd2f branch from 884bd24 to 9efe8a0 Compare February 11, 2026 02:56

github-actions bot approved these changes Feb 11, 2026

View reviewed changes

jrkropp merged commit 0bfa644 into development Feb 11, 2026
7 of 8 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/frontend/development/npm-minor-patch-9099a8fd2f branch February 11, 2026 02:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the npm-minor-patch group in /frontend with 8 updates#249

deps(deps): bump the npm-minor-patch group in /frontend with 8 updates#249
jrkropp merged 1 commit intodevelopmentfrom
dependabot/npm_and_yarn/frontend/development/npm-minor-patch-9099a8fd2f

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading

Uh oh!

jrkropp commented Feb 11, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 11, 2026

Uh oh!

jrkropp commented Feb 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jrkropp commented Feb 11, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 11, 2026

Uh oh!

jrkropp commented Feb 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Feb 9, 2026 •

edited

Loading