fix(api): enforce invitation lifecycle states and SCIM phone remove semantics#309
Merged
jrkropp merged 3 commits intodevelopmentfrom Feb 12, 2026
Merged
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d84dae1bd9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
This was referenced Feb 12, 2026
jrkropp
added a commit
that referenced
this pull request
Feb 23, 2026
…emantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local>
jrkropp
added a commit
that referenced
this pull request
Feb 23, 2026
…emantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local>
jrkropp
added a commit
that referenced
this pull request
Mar 12, 2026
* fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Mar 12, 2026
* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Mar 18, 2026
) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Mar 30, 2026
* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Mar 30, 2026
* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Apr 1, 2026
* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) * feat(documents): stabilize rename flow and expand preview (#362) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
jrkropp
added a commit
that referenced
this pull request
Apr 13, 2026
* fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(ci): reconcile PR gate scope outputs (#275) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * fix(api): canonicalize download filenames across documents and runs (#323) * chore: sync development with main (#328) * fix(ci): publish production stage image in docker-image workflow (#264) * fix(ci): publish production Docker target to GHCR (#263) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> (cherry picked from commit c331172) * fix(ci): harden azurite readiness probe in PR gates * fix(ci): scope backend integration gates to backend changes --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.1 (#265) * fix(ci): restore release semver and latest tag publishing (#266) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.7.2 (#267) * Promote development into main (main-based replacement for #274) (#277) * fix(ci): stabilize PR gates and lighten docs-only PR checks (#260) * fix(ci): make Azurite readiness checks deterministic * fix(ci): skip heavy PR gates for docs-only changes * fix(api): stabilize integration settings injection and test harness * fix(api): make blob integration test container setup deterministic --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(ci): harden dependabot auto-merge scope and cadence (#261) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps-dev): bump jsdom from 27.4.0 to 28.0.0 in /frontend (#252) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(ci): align release/rebuild image publishing and docs (#262) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * deps(deps): bump the npm-minor-patch group in /frontend with 8 updates (#249) --- updated-dependencies: - dependency-name: nuqs dependency-version: 2.8.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: openapi-fetch dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: react-day-picker dependency-version: 9.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@types/node" dependency-version: 25.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: "@types/react" dependency-version: 19.2.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: typescript-eslint dependency-version: 8.55.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch - dependency-name: vite-tsconfig-paths dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * feat(infra): add cloudflare fronting automation for container apps (#268) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(api): deliver first-class API docs experience (#269) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * chore: upgrade docs experience with README hubs (#273) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(release): document release trigger for squash merges (#281) Release-As: 1.8.0 Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * chore(main): release 1.8.0 (#282) * feat(ops): add azure launch infra bootstrap workflow (#259) * feat(ops): add azure launch infrastructure bootstrap guide and script * docs: update bootstrap guide with prerequisites and preflight commands * feat(ops): add Log Analytics workspace for ACA diagnostics and update related scripts * chore(scripts): simplify Azure CLI commands in bootstrap script * docs: enhance quick start instructions in bootstrap script * Add Bicep template for Azure resources deployment - Define parameters for Azure location, resource names, and configurations. - Create resources for Log Analytics workspace, Virtual Network, and Container Apps environment. - Implement PostgreSQL flexible server with firewall rules and Entra admin configuration. - Set up Azure Storage account with blob and file shares, including dev and prod configurations. - Configure Container Apps with environment variables and secrets for production and development. - Output relevant resource IDs and FQDNs for further integration. * feat(bicep): add workload profile configuration to Container Apps environment * feat(infra): standardize azure deployment on bicep scenarios * fix: simplify azure bicep deployment flow * chore: remove legacy bicep artifact drift ci job * chore: reorganize azure infra and inline bicep bootstrap * fix: align azure postgres auth mode terminology * feat(infra): modularize azure bicep deployment and access automation * docs(infra): simplify azure deployment docs and script examples * chore(ci): add azure infra validation gate * fix(infra): use deterministic rg-based names and order aca storage deps * feat!: enforce Entra-only Azure auth and simplify Bicep surface * chore: streamline Azure deployment scripts and documentation * fix: simplify azure deploy scripts and docs * fix: escape powershell parser command in infra validate --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix: align Entra SSO identity model and bootstrap claims (#271) * fix(auth): standardize Entra SSO claim handling * fix(infra): configure Entra optional claims in deploy scripts * fix(test): set runtime auth mode in sso callback integration tests * fix(test): bind SSO integration settings into app state * fix(infra): use API health probes and document manual config overwrite (#278) * fix(infra): ignore local cloudflare deploy scripts and cert material (#279) * fix(api): enable API docs by default (#283) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * deps(deps): bump the uv-minor-patch group in /backend with 9 updates (#280) * deps(deps): bump the uv-minor-patch group in /backend with 9 updates Bumps the uv-minor-patch group in /backend with 9 updates: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.7` | | [alembic](https://github.com/sqlalchemy/alembic) | `1.18.3` | `1.18.4` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.0` | `1.38.1` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.2` | | [orjson](https://github.com/ijl/orjson) | `3.11.4` | `3.11.7` | | [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.7` | | [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.21.2` | | [uv](https://github.com/astral-sh/uv) | `0.9.28` | `0.10.2` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` | Updates `fastapi` from 0.128.0 to 0.128.7 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.0...0.128.7) Updates `alembic` from 1.18.3 to 1.18.4 - [Release notes](https://github.com/sqlalchemy/alembic/releases) - [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/alembic/commits) Updates `azure-core` from 1.38.0 to 1.38.1 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.0...azure-core_1.38.1) Updates `azure-identity` from 1.25.1 to 1.25.2 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.2) Updates `orjson` from 3.11.4 to 3.11.7 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.7) Updates `authlib` from 1.6.6 to 1.6.7 - [Release notes](https://github.com/authlib/authlib/releases) - [Changelog](https://github.com/authlib/authlib/blob/main/docs/changelog.rst) - [Commits](authlib/authlib@v1.6.6...v1.6.7) Updates `typer` from 0.20.0 to 0.21.2 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.20.0...0.21.2) Updates `uv` from 0.9.28 to 0.10.2 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.9.28...0.10.2) Updates `ruff` from 0.14.14 to 0.15.0 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.128.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: alembic dependency-version: 1.18.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.38.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * deps: unblock dependabot uv-minor-patch by pinning ruff and refreshing api artifacts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> Co-authored-by: jrkropp <132182384+jrkropp@users.noreply.github.com> * fix(web): remove vulnerable workbook sheet parsing on upload (#287) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(worker): use UTC-aware cutoff in garbage collection (#288) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): honor document stream resume cursor on connect (#292) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(documents): force resync signal on stream queue overflow (#293) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(documents): polish preview tab with glide-first UX (#291) * feat(documents): polish preview tab with glide-first UX * fix(web): align preview hook test sheets with api types * fix(web): respect trimmed column width in preview grid --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cutover first-class access management model and UI (#284) * feat(access): implement hard-cutover principal access model * fix(access): sync idp groups for known users and hydrate on sign-in * feat(access): finalize first-class access management cutover * fix(access): align role-assignment contracts with runtime behavior * feat(access): rewrite unified settings console with contextual navigation * fix(access): remove legacy settings compatibility and simplify hard-cutover paths --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): derive preview column summary from returned preview width (#302) * fix(web): correct visible column summary in document preview * fix(api): handle SCIM update conflicts and member filter removes (#301) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): correct visible column summary in document preview --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix: remove jit group sync and enforce scim-only idp groups (#304) Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(api): enforce invitation lifecycle states and SCIM phone remove semantics (#309) * fix(api): enforce invitation lifecycle and SCIM phone removes * test(api): refresh session before asserting SCIM phone removal * fix(api): avoid invitation writes in read transactions --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * fix(web): align document preview Glide grid with ADE theme modes (#310) * fix(web): align Glide preview grid theme with app light/dark mode * fix(web): make glide theme adapter pass strict typecheck --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> * feat(access): hard-cut invitation lifecycle and cursor paging (#311) * feat(access): hard-cut invitation lifecycle and cursor paging * fix(db): shorten invitation migration revision id * fix(db): backfill workspace ids for uuidv7 invitations --------- Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * chore: remove obsolete codex workpackage skills * chore(main): release 1.9.0 * docs: add 2026-02-23 premerge readiness audit * fix(api): canonicalize download filenames across documents and runs (#323) (#324) * chore(main): release 1.9.1 (#325) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan> * feat(documents): redesign activity threads (#329) * feat(documents): redesign activity threads * fix(documents): polish activity threads * fix(documents): stabilize activity integration tests * fix(documents): harden mention range handling * fix(documents): handle anchored thread races * feat(documents): support deleting activity comments (#330) * fix(api): align workspace mention search and validation (#334) Ensure @mention search matches principal display names and emails, and accept workspace user role principals during document mention validation.\n\nRelease-As: 1.10.1 * chore: sync development with main release metadata (#336) * feat(documents): archive documents instead of deleting them (#342) * fix(api): align workspace members with effective access (#347) * fix(api): align workspace members with effective access * fix(api): satisfy workspace member typing checks * feat(documents): simplify documents table pagination and filtering (#354) * feat(documents): simplify documents table pagination and filtering * fix(tests): align documents query state fixture * fix(tests): align archive integration assertion * fix(api): scope documents page-size limit * fix(web): widen rows per page selector * feat(documents): add download events log action (#358) * feat(documents): stabilize rename flow and expand preview (#362) * feat(documents): persist rows per page preference (#369) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-MacBook-Air.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Kropp <justinkropp@Justins-Air.lan>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
expiredwhenexpires_athas passed409for resend attempts on cancelled/accepted invitations and avoid mutating cancelled invitation expiry on conflictphoneNumbersremove clears mobile + business phonesphoneNumbers[type eq "mobile"].valueremove clears mobile phoneIssues
Testing
cd backend && uv run ade api lintcd backend && uv run ade api testcd backend && uv run pytest tests/api/integration/users/test_invitations_router.py tests/api/integration/features/scim/test_scim_router.py(fails locally withoutADE_TEST_DATABASE_URL; CI runs these with integration env)