fix: fetch user/group names from API in ShareKnowledgeDialog#3990
Merged
fix: fetch user/group names from API in ShareKnowledgeDialog#3990
Conversation
…to SLM (#3604) Adds a new playbook that rsync's the dev machine's local checkout to /opt/autobot/code_source on the SLM manager. Integrated into deploy-slm-manager.yml as a no-op step when controller_repo_root is not set, and active when passed via -e: ansible-playbook ... -e "controller_repo_root=/path/to/AutoBot-AI" Closes the offline-deployment gap where the pre-flight GitHub pull silently falls back to stale code_source, causing fixes that exist in the local repo to never reach the SLM. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ith filesystem stat The _is_slm_manager check relied on inventory group membership (slm_server/slm) or node_roles values, both of which are absent in temp inventories generated by per-node provisioning from the SLM UI. This caused Phase 4c to skip the nginx co-location re-render entirely, leaving / → /slm/ redirect intact even when the user frontend was deployed on the same host. Replace with filesystem-based detection: 1. Stat /etc/nginx/sites-available/autobot-slm to identify the SLM manager 2. Stat autobot-frontend/package.json to confirm co-location Both stats work regardless of inventory shape (wizard, per-node, static). Also remove the role_path fallback in the template src — the playbook_dir relative path is always correct and avoids a None-based string. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…de_vars beats task vars include_vars has Ansible precedence 18 while task-level vars: has 17. Loading slm_manager/defaults/main.yml (which has slm_colocated_frontend: false) via include_vars was silently overriding vars: slm_colocated_frontend: true on the template task, so the template always rendered in non-co-located mode. Replace vars: on the template task with an explicit set_fact (precedence 19) that runs after include_vars, ensuring the template sees true. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…re-flight sync Earlier sudo cp commands left provision-fleet-roles.yml owned by root:root in code_source, causing git reset --hard to fail with EPERM. Add a pre-flight chown (become: true) that runs before the git pull so force: yes can always overwrite any root-owned file regardless of how it got there. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ct; fix include_vars precedence in Phase 4c slm_manager role set_fact was unconditionally overwriting slm_colocated_frontend with the file-detection result, discarding the True value the wizard set in the inventory. Change to OR expression so a wizard-supplied True is preserved. Phase 4c had include_vars (precedence 18) loading defaults with false, then task vars: (precedence 17) trying to set true — always losing. Add an explicit set_fact after include_vars so the correct value wins. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sync tasks lacked notify — service ran stale code after rsync, causing 502 on /api/health and login failures. All three sync tasks now notify handlers. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…3609) - autobot-backend: redis.service → redis-stack-server.service (was silently ignored by systemd); add Wants= + network-online.target - autobot-celery: same redis fix; keep After=autobot-backend.service - autobot-slm-backend: add redis-stack-server + postgresql dependencies (had none — could race both on every boot) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… (#3615) * fix(backend): replace naive datetime.now() with UTC-aware calls throughout (#3613) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(backend): fix aware/naive datetime comparisons in agent_client + auth_middleware (#3613) - agent_client.py: default sentinel for last_health_check was datetime.min (naive); cold-start subtraction from datetime.now(tz=utc) raised TypeError — use datetime.min.replace(tzinfo=timezone.utc) instead - auth_middleware.py: fromisoformat() of pre-migration Redis strings returns naive; normalize to UTC before comparing against now(tz=utc) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
… semantic search (#3612) (#3616) * feat(memory-graph): add semantic search and hybrid scoring to autobot_memory_graph (#3612) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(memory-graph): fix _parse_ft_results, SECRET_USAGE pattern, ssot_config.get, asyncio.run (#3612) - _parse_ft_results now extracts keys and _redis_search calls _fetch_entities_by_keys - Add SECRET_USAGE to secret/credential pattern in _ENTITY_TYPE_PATTERNS - Replace ssot_config.get() with getattr() (Pydantic model, not dict) - Replace asyncio.get_event_loop().run_until_complete() with asyncio.run() in all 6 test sites Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…he TTL literals (#3614) (#3617) * refactor(constants): add TTL_1_HOUR/TTL_5_MINUTES and replace raw cache TTL literals (#3614) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(constants): fix orphan TTL import, residual literals, noqa suppressions in #3617 - router.py: replace raw 300 with TTL_5_MINUTES (resolves orphan import) - advanced_cache_manager.py: add TTL_1_HOUR import, replace all 8 raw 300/3600 literals - embedding_cache.py: remove incorrect # noqa: F401 comment - token_optimizer.py: remove incorrect # noqa: F401 comment Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(slm): add admin password reset to user management UI (#3625) - POST /slm-users/{id}/change-password and /autobot-users/{id}/change-password backend endpoints using UserService.change_password(require_current=False) - changeSlmUserPassword() + changeAutobotUserPassword() in useSlmUserApi.ts - PasswordChangeForm: apiEndpoint prop replaces hardcoded /api/users/ URL - UserManagementSettings: key (lock) icon in each user row opens reset modal; selectedUserType tracks slm/autobot/legacy to route to correct endpoint Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(slm): remove unreachable InvalidCredentialsError handler; use getSlmApiBase() for password change URLs (#3625) - Drop except InvalidCredentialsError blocks — require_current=False means the service never raises it; dead code flagged in code review - passwordChangeApiEndpoint now uses getSlmApiBase() from ssot-config instead of hardcoded /api/ prefix, fixing co-located /slm/api deployments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
… prefix (#3628) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
#3618) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…3 remaining files (#3627) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
- Added getApiBase() to ssot-config.ts (prerequisite from #3628) - Replaced ~133 hardcoded '/api/' occurrences across 36 composable files - All replacements use template literals: `${getApiBase()}/path` - Imports added or extended in each modified file Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…#3631) (#3641) - Added getApiBase() to ssot-config.ts (prerequisite from #3628) - Replaced 110 hardcoded /api/ occurrences across 8 files: - stores/useKnowledgeStore.ts (7 paths) - stores/usePermissionStore.ts (10 paths) - stores/useUserStore.ts (2 paths) - models/repositories/KnowledgeRepository.ts (36 paths) - models/repositories/ChatRepository.ts (12 paths) - models/repositories/SystemRepository.ts (37 paths) - models/repositories/ApiRepository.ts (5 paths incl. cache keys) - components/ChatInterface.ts (1 path) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…http_exceptions (#3566) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…ic 0.8 in orchestrator.py (#3607) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…ardizedAgent (#3606) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
#3408) Align pyproject.toml isort line_length from 100 to 120 to match Black's line-length and the explicit --line-length=120 args in pre-commit and CI. Black and isort hooks were already present in both pre-commit-config.yaml and code-quality.yml; this fix resolves the config inconsistency that caused isort --settings-path=. to use a conflicting line_length value. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
The backend role only synced code_source/autobot_shared/ into backend_install_dir/autobot_shared/ (the in-backend copy). The separate /opt/autobot/autobot_shared/ directory — resolved via PYTHONPATH by Celery workers and other services — was never updated, causing ModuleNotFoundError for newly added modules (pagination.py, task_result.py, error_boundaries.py, alert_cooldown.py). Add a synchronize task immediately after the existing backend sync that also pushes to the standalone path, plus a file ownership fix task. Introduce backend_shared_standalone_dir default (/opt/autobot/autobot_shared) so the path is a named variable, not a hardcoded literal. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…-config.ts (#3631) All target files (stores, model repositories, ChatInterface) already had getApiBase() imported and in use from prior development. Fixed the only remaining issue: three duplicate getApiBase() function declarations in ssot-config.ts (added by parallel PRs #3628-#3630) — reduced to a single canonical declaration. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…url() helper Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…nto Dev_new_gui
) (#3968) The grep pattern for hardcoded paths used POSIX non-capturing group syntax (?:...) which is not supported in ERE. Updated to standard alternation syntax ["'](...) that works with both single and double quoted strings. Tested: grep now correctly detects both 'path' and "path" literals. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolved merge conflicts with Dev_new_gui: - Kept error_handler.py TTL_7_DAYS from Dev_new_gui - Kept package-lock.json from Dev_new_gui (auto-generated) - Kept nodes_execution.py security fixes from Dev_new_gui - Kept nodes_execution_test.py from Dev_new_gui Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…updates (#3949) * fix(workflow): prevent checkpoint expiry for paused workflows (#3231) (#3448) * fix(security): add auth to /events/sync endpoint (#3452) (#3459) Apply get_current_user dependency at APIRouter level so every route under /events requires a valid bearer token. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(security): add auth to browser MCP endpoints (#3451) (#3460) /browser/mcp/status requires get_current_user. /browser/mcp/navigate and /browser/mcp/screenshot require require_admin as they can trigger arbitrary page loads and screenshot capture. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(security): revert get_current_user on /events/sync — agents have no bearer token (#3452) The router-level get_current_user dependency breaks all node agent event syncs: agents post to /api/events/sync with no Authorization header and are identified by node_id validated against the Node table. The endpoint is intentionally exempt from bearer-token auth per security_headers.py (#3193). Add explanatory comment documenting the intended security model. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(security): harden ALLOWED_EXECUTABLES — dpkg/git-stash/find guards (#3450) * fix(slm): remove write-capable executables from ALLOWED_EXECUTABLES (#3450) - Remove apt, yum, dnf, rpm (package install/remove) from allowlist entirely - Remove wget, curl (arbitrary file write/exfiltration), nmap (network scanner with --script exploit support) from allowlist entirely - Add _GIT_ALLOWED_SUBCOMMANDS frozenset; _validate_command now rejects any git subcommand not in the read-only set (status, log, diff, show, branch, tag, remote, describe, shortlog, rev-parse, ls-files, ls-remote, stash) - find: _validate_command rejects any command containing -exec or -execdir tokens - Fix the inaccurate inline comment that claimed callers enforce git read-only; enforcement is now in _validate_command itself - Add tests for all new guards (write-capable rejection, git subcommand guard, find -exec guard) Closes #3450 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(security): add dpkg and git-stash argument guards (#3450) Address review findings on PR #3457: - dpkg: restrict to read-only query flags (-l/-s/-L/-S/--list etc); -i/--install/--purge/--unpack and all write flags now return HTTP 400 - git stash: tokens[2] is now validated; only stash list/show pass; stash pop/drop/clear/push/apply return HTTP 400 - Add tests for both guards in nodes_execution_test.py Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * chore(deps): bump defu (#3624) Bumps the npm_and_yarn group with 1 update in the /autobot-frontend directory: [defu](https://github.com/unjs/defu). Updates `defu` from 6.1.4 to 6.1.6 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.6) --- updated-dependencies: - dependency-name: defu dependency-version: 6.1.6 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates (#3623) Bumps the npm_and_yarn group with 2 updates in the /autobot-frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [defu](https://github.com/unjs/defu). Bumps the npm_and_yarn group with 1 update in the /autobot-slm-frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 8.0.3 to 8.0.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.5/packages/vite) Updates `defu` from 6.1.4 to 6.1.6 - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.6) Updates `vite` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: defu dependency-version: 6.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the npm_and_yarn group across 4 directories with 2 updates Bumps the npm_and_yarn group with 2 updates in the /.mcp directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /autobot-infrastructure/shared/mcp/tools/mcp-autobot-tracker directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /autobot-infrastructure/shared/mcp/tools/mcp-structured-thinking directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono). Bumps the npm_and_yarn group with 2 updates in the /autobot-infrastructure/shared/mcp/tools/mcp-task-manager-server directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono). Updates `@hono/node-server` from 1.19.11 to 1.19.13 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.11...v1.19.13) Updates `hono` from 4.12.7 to 4.12.12 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.7...v4.12.12) Updates `@hono/node-server` from 1.19.11 to 1.19.13 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.11...v1.19.13) Updates `hono` from 4.12.7 to 4.12.12 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.7...v4.12.12) Updates `@hono/node-server` from 1.19.11 to 1.19.13 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.11...v1.19.13) Updates `hono` from 4.12.7 to 4.12.12 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.7...v4.12.12) Updates `@hono/node-server` from 1.19.11 to 1.19.13 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.11...v1.19.13) Updates `hono` from 4.12.7 to 4.12.12 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.7...v4.12.12) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@hono/node-server" dependency-version: 1.19.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Martins Veiss <martins.veiss@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- LLMInterface initialization happens completely in __init__ - No async initialize() method exists on LLMInterface - Remove from line 412 asyncio.gather() and line 1145 reinit call - Fixes orchestrator initialization failure in all workers
- add max-h-48 overflow-y-auto to .attached-files-list - add max-h-48 overflow-y-auto to .upload-progress - fixes issue where many attached files/uploads overflow with no scroll
- LLMInterface.initialize() fix (orchestrator.py) - Missing scrollbars for file lists (ChatInput.vue)
…ation (#3972) Added detailed documentation for: - AsyncInitializable pattern usage with Redis clients - Proper async initialization in service classes - Clarified that async client returns a coroutine that must be awaited - Best practices for initializing Redis in async contexts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
) Root cause: opentelemetry-exporter-otlp-proto-grpc requires protobuf <6.0.0 compatible packages, but earlier versions had proto descriptor issues. Solution: - Protobuf pin >=5.29.6,<6.0.0 was already correct - Removed unnecessary PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python workaround from chromadb systemd service (line 14) - Added clarifying comments to requirements.txt files The pin ensures pip resolves all transitive opentelemetry dependencies to versions compatible with protobuf 5.x. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(sec): document vanna CVE monitoring (#3445)
fix(frontend): remove duplicate KnowledgeRepository instance (#3969)
fix(deps): relax protobuf constraint to <7.0.0 for opentelemetry compatibility (#3971)
docs(security): monitor unpatched diskcache CVE with 90-day escalation (#3446)
fix(kb): add ChromaDB service monitoring to health checks and API (#3461)
Replace TODO comments with actual API calls to fetch user and group names. Implement caching to avoid repeated API requests for the same entities. Changes: - Add getUserById() and getGroupById() methods to ApiService - Implement fetchEntityName() helper with caching in ShareKnowledgeDialog - Update initializeAccessList() to fetch and display human-readable names - Gracefully fallback to IDs if API calls fail Closes #3984
…#3986) (#3994) Replace hardcoded role mocking with real API integration: - Added ParticipantResponse and SessionParticipantsResponse interfaces - Implemented getSessionParticipants() API method - Updated ParticipantList to fetch real roles from backend API - Added loading state and error handling - Re-fetches when session or presence changes - Supports role levels: owner, editor, viewer Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Replace hardcoded mock secrets with real backend data: - Removed hardcoded mockSecrets array - Added API integration via SecretsApiClient - Implemented getSecrets() from /api/secrets/ endpoint - Added loading state and error handling - Implemented delete/revoke functionality - Enhanced display with metadata (created_at, updated_at) - Proper TypeScript typing and error handling Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
…#3991) Replace hardcoded mock audit entries with real backend data: - Created useSecretsAuditApi composable for fetching/filtering audit logs - Updated SecretAuditLog.vue to use real API data instead of mocks - Added loading/error states and pagination support - Implemented filtering by action type and user - Added proper timestamp formatting and audit entry transformation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix #3984 by replacing TODO comments with actual API calls to fetch user and group names from the backend.
Changes
getUserById()andgetGroupById()methods to ApiService to fetch user/group detailsfetchEntityName()helper in ShareKnowledgeDialog with client-side cachinginitializeAccessList()to fetch human-readable names instead of displaying raw IDsImplementation Details
GET /user-management/users/{user_id}endpointGET /user-management/teams/{team_id}endpointdisplay_name>email>username> IDname> IDTest Plan
Closes #3984