Commit Graph

415 Commits

Author SHA1 Message Date
2fa8edfa03 fix: is_admin fallback for legacy Admin roles + migration data fix
Migration now sets is_admin=true for existing Admin roles.
has_permission falls back to role.name == 'Admin' check if
is_admin flag is missing (backward compat for pre-migration roles).
2026-05-26 15:29:14 +03:00
6b960b0eb3 fix: add is_admin column migration + additive safety net
Alembic migration 86c7b1d6a710 adds is_admin BOOLEAN DEFAULT FALSE
to the roles table. Fixes login crash after M-3 change:

  psycopg2.errors.UndefinedColumn: column roles.is_admin does not exist

Also adds _ensure_roles_is_admin_column() as an additive migration
safety net for environments that don't run alembic automatically.

To apply: cd backend && source .venv/bin/activate && alembic upgrade head
2026-05-26 15:28:03 +03:00
8dcc0f86f8 fix: conditional HSTS via FORCE_HTTPS, safe for enterprise without certs
HSTS (Strict-Transport-Security) is now opt-in via FORCE_HTTPS=true.
Without it enabled, no HSTS header is sent — safe for dev environments
and enterprise deployments behind HTTP-only proxies without HTTPS certs.

When FORCE_HTTPS=true, sends 'max-age=31536000; includeSubDomains'.
Enterprise recommendation: set HSTS at nginx/ingress level instead.

.env.example documents the risk: enabling without certs breaks site access.
2026-05-26 15:25:55 +03:00
10cdb8a81a fix: replace TrustedHostMiddleware with proper HSTS middleware
TrustedHostMiddleware blocked Vite proxied requests (Host: localhost:5173
vs allowed_hosts list). Replaced with simple HSTSMiddleware that adds
Strict-Transport-Security header without blocking any requests.
2026-05-26 15:24:40 +03:00
a2786ad713 docs: add .env.example with required PostgreSQL env vars
Template documents all required env vars:
- AUTH_SECRET_KEY and ENCRYPTION_KEY (secrets)
- DATABASE_URL, AUTH_DATABASE_URL, TASKS_DATABASE_URL (PostgreSQL)
- ALLOWED_ORIGINS, SESSION_SECRET_KEY (optional)

After [SEC:C-4] removed DEV_MODE fallback, the .env must have
AUTH_DATABASE_URL set explicitly or the app crashes at startup.
2026-05-26 15:22:58 +03:00
ee4ca3cdf6 security: HSTS, AD group validation, INITIAL_ADMIN_PASSWORD warning
L-2: HSTS middleware via TrustedHostMiddleware — restricts allowed hosts
  to ALLOWED_ORIGINS list, prevents Host header injection.

L-4: AD group name validation — ADGroupMappingCreate.ad_group validated
  with regex: DOMAIN\groupname or CN=...,DC=... format. Empty or
  invalid characters rejected.

L-5: INITIAL_ADMIN_PASSWORD warning — log warning that env-var password
  is visible via /proc to other processes on the same host.
2026-05-26 15:20:29 +03:00
2bc8ad87e1 security: rate limiter, is_admin flag, password policy, log masking
M-3: Role.name == 'Admin' string comparison → Role.is_admin boolean flag.
  Admin role created with is_admin=True. has_permission checks getattr(role,
  'is_admin', False) instead of comparing role names.

M-2: In-memory rate limiter on /api/auth/login. Tracks failed attempts
  per IP (10 in 5 min window, 15 min ban). Thread-safe via threading.Lock.

M-5: Password policy — UserCreate.password: min_length=8, must include
  uppercase, lowercase, and digit.

L-1: log_security_event details dict now masks sensitive fields:
  password, secret, token, api_key, authorization. Recursive masking
  for nested dicts. Sensitive field names matched via regex.

OTHER:
- 4 rate limiter tests (under limit, ban, success clears, IP isolation)
- 4 password policy tests (too short, no upper, no digit, valid)
- 2 log masking tests (flat keys, nested)
2026-05-26 15:17:19 +03:00
23719ecfbc security: JWT aud/iss validation, token blacklist, encryption key crash-early
C-2 (CRITICAL): JWT decode_token now validates aud, iss, iat, jti claims.
  Tokens without these claims are rejected. Audience 'ss-tools-api' and
  issuer 'ss-tools' prevent cross-service token reuse.

H-2 (HIGH): Server-side JWT revocation via token_blacklist table.
  - New TokenBlacklist model (SHA-256 hash only, never raw token)
  - blacklist_token() on logout — revokes current session
  - is_token_blacklisted() check in get_current_user
  - Expired entries auto-pruned via _prune_blacklist()

H-3 (HIGH): Encryption key auto-generation removed — crash-early instead.
  Previously, ensure_encryption_key() would auto-generate a Fernet key
  on first run and write it to .env. This made encrypted data unrecoverable
  when the key changed between deployments. Now raises RuntimeError with
  a clear command to generate the key explicitly.

Also: update orthogonal security test for crash-early behavior.
2026-05-26 15:08:55 +03:00
a9a453109c security: critical auth fixes, test migration to SQLite+FK, 44 test fixes
CRITICAL (CVE-class):
- C-4: Remove DEV_MODE fallback with hardcoded postgres:postgres credentials
- C-3: WebSocket endpoints now require JWT or API key token (?token=) auth
- C-1: Superset environment passwords encrypted via Fernet at rest in DB
- H-4: SESSION_SECRET_KEY separated from JWT AUTH_SECRET_KEY
- H-1: Log injection via %s-formatting instead of f-strings
- H-5: X-Trace-ID header validated as UUID4 to prevent trace poisoning

INFRASTRUCTURE:
- New src/core/encryption.py — EncryptionManager extracted from llm_provider
- Test DB: per-module sqlite:///:memory: with PRAGMA foreign_keys=ON
- testcontainers PostgreSQL via TEST_DB=postgres env var
- conftest temp-file global engine (no 10GB shared-cache leak)

TEST FIXES (44 pre-existing → 0):
- test_smoke_plugins: module-level sys.modules mock isolated to per-test fixture
- test_migration_engine: EXT:Python:uuid → uuid syntax fix
- test_dashboards_api: mock env attributes + correct patch target
- test_constants_audit_fixes: sync expected constant names with actual
- test_defensive_guards: patch.object instead of module-level Repo mock
- test_clean_release_cli: removed empty config.json directory
- FK violations: TaskRecord parents in log_persistence, Environment in
  mapping_service, ReleaseCandidate in candidate_manifest_services

ORTHOGONAL TESTS (18 new):
- test_security_orthogonal.py: bcrypt 72-byte limit, unicode, API key
  format invariants, Fernet robustness, encryption key lifecycle,
  log injection protection, JWT edge cases

MODEL FIXES:
- MetricSnapshot.job_id: nullable with SET NULL (was broken FK for
  aggregate prune snapshots, hidden by SQLite)

CLEANUP:
- Removed stale :memory:test_main/test_auth/test_tasks file databases
- Removed duplicate #endregion in encryption_key.py
2026-05-26 14:58:49 +03:00
f49b7d909e feat: GRACE-Poly protocol optimization — ~3200→10 warnings (↓99.7%)
Full optimization cycle:

Protocol (15 files):
- 4-layer SSOT architecture for agent prompts & skills
- Anti-Corruption Protocol consolidated from 5 duplicates
- Tag-to-tier permissiveness matrix (all @tags allowed at all tiers)

Axiom config:
- complexity_rules: all 22+ tags available on C1-C5
- contract_type_overrides: removed (was narrowing per-type)
- 18 new tags added, LAYER enum expanded (Infra, Frontend, Atom, etc.)
- RELATION predicates expanded (USES, CONTAINS, BELONGS_TO, etc.)

Code fixes:
- 2216 @TAG: normalized to @TAG (colon→space)
- 518 [DEF] blocks migrated to #region/#endregion (37 files)
- VERIFIES→BINDS_TO, :Class/:Function suffixes removed, paths→IDs
- 1173-line _external_stubs.py deleted (EXT: handled natively)
- Batch EXT: reference audit (240 targets: 132 external, 99 internal, 9 fix)
- QA regression check: 0 regressions across all checks

Infrastructure:
- DuckDB rebuild stabilized (appender API, INSERT OR IGNORE)
- Anchor regex fix (parent-child BINDS_TO now resolves)
- EXT:*/DTO:/NEED_CONTEXT: regex fixed in validator
- 34MB Doxygen API portal (3194 contract pages)
2026-05-26 11:14:25 +03:00
9ffa8af1dc semantics 2026-05-26 09:30:41 +03:00
1e7bcecaea agents 2026-05-25 16:35:00 +03:00
4b6c47837f agents skills 2026-05-25 13:25:35 +03:00
320f82ab95 feat(auth): implement API key authentication and management
Introduce a new API key authentication mechanism to support service-to-service
communication (e.g., Airflow, CI/CD) without browser-based JWT login.

- Add `APIKey` model and `APIKeyPrincipal` dependency for RBAC.
- Implement `require_api_key_or_jwt` dependency with environment scoping.
- Add admin CRUD endpoints for API key lifecycle management.
- Add API key management UI in System Settings.
- Update maintenance API to support explicit `environment_id` and API key auth.
- Add i18n support for API keys and connection settings.
- Include Python and Bash usage examples in the `examples/` directory.
- Update technical specifications and documentation.
2026-05-25 11:35:27 +03:00
31680a1bc9 fix(maintenance): auto-expiry + adaptive markdown height + tests
- Auto-expiry: expired events auto-end on GET /events via task manager
- Height: _estimate_markdown_height adapted to unit=8px scale with padding detection
- CRITICAL-1: removed dead import remove_chart_from_position (QA finding)
- CRITICAL-2: added chart alive check in ensure_banner_chart (QA finding)
- CRITICAL-3: fixed test assertions update_markdown_chart → update_banner_on_dashboard
- @POST contract: fixed return range [2,12] → [19,200]
- Tests: 8 new tests (auto-expiry + layout height)
2026-05-25 08:36:33 +03:00
2bf686674e feat(datasets): add SQL template chips for column mapping modal
Как на maintenance с шаблоном баннера — добавил чипсы-шаблоны
SQL-запросов над textarea в модалке маппинга колонок:

- information_schema — вставляет запрос к information_schema
  с JOIN pg_description для получения описаний колонок
- Custom table — вставляет запрос к кастомной таблице маппинга
- Clear — очищает поле

Чипсы в стиле rounded-full с hover-эффектами, подпись
"Шаблоны:" и title-tooltip на каждой кнопке.

i18n: 6 новых ключей (sql_templates, sql_template_*).
2026-05-24 09:51:31 +03:00
8acd2666b9 feat(datasets): add HelpTooltip ⓘ popups in mapping/docs modals
Использует существующий компонент /ui/HelpTooltip.svelte
(ⓘ иконка со стилизованным попапом при наведении) — тот же
паттерн, что на Maintenance и Settings страницах.

Добавлен HelpTooltip рядом с лейблами:
- Модалка маппинга: Тип источника, База данных, SQL-запрос, XLSX-файл
- Модалка генерации docs: LLM-провайдер

Native title сохранён как fallback на самих элементах форм.
2026-05-24 09:49:59 +03:00
edc500c3e4 feat(datasets): add tooltips, text hints and icon-only action buttons
StatsBar — title-подсказки на все кнопки-фильтры.
DatasetList — action-кнопки заменены на SVG-иконки с tooltip
(title="map_columns_tip" / "generate_docs_tip"), title на
select/deselect и пагинацию.
+page.svelte — title на refresh, bulk-панель, обе модалки
(маппинг колонок и генерация docs): source_type_tip,
database_tip, sql_query_tip, file_input_tip, llm_provider_tip
и текстовые хинты. Добавлены id на form-элементы для a11y.
i18n: 20 новых tooltip-ключей в ru/en.
2026-05-24 09:44:18 +03:00
7219c47357 fix(datasets): fix oversized buttons UI + populate linked_dashboard_count in list endpoint
StatsBar — переделаны огромные карточки-кнопки в компактные пилюли
(rounded-full px-3 py-1 text-sm вместо p-3 grid grid-cols-4).

DatasetList — экшн-кнопки из bg-primary в outline-стиль, карточки
плотнее (p-2.5, py-0.5), ESLint-фиксы (#each key).

Backend — linked_dashboard_count теперь заполняется в списке датасетов
через /dataset/{id}/related_objects (конкурентно, Semaphore=3, timeout=10s).
Ранее поле было только в get_dataset_detail и StatsBar показывал 0.
2026-05-24 09:38:21 +03:00
d9669698b8 feat(031): Maintenance Banner for Dashboards — full spec→plan→tasks package
Spec: 5 user stories (P1-P3), 17 FRs, 7 SCs, 12 edge cases, RBAC matrix
Plan: 7 research decisions, 15 semantic contracts (C1-C4)
Data: 4 SQLAlchemy models (Banner entity enforces one-chart-per-dashboard)
UX: async-only API, banner template with optional variables, admin settings UI
Tasks: 64 tasks across 8 phases, 12 reused frontend components
Workflow: component reuse scan mandated in speckit.plan/tasks + semantics-svelte
Constitution: filled with 7 architecture principles from ADRs
2026-05-22 16:20:39 +03:00
7f62e87b4c tasks 2026-05-22 11:22:19 +03:00
0653a75ee7 fix(db): add ondelete cascade to all FK constraints, fix multimodal flag persistence
- Add ondelete=CASCADE/SET NULL to all environment and translate FK constraints
- Add is_multimodal to GET /api/settings/consolidated response
- Fix toggleActive to not overwrite is_multimodal with false
- New SearchableMultiSelect component for dashboard search with multi-select
- Fix validation task page: task data unwrapping, date formatting, dashboard multi-select
- Fix infinite effect loop on dashboards page via queueMicrotask guard
- 3 new Alembic migrations (merge f0e9d8c7b6a5, translate b0c1d2e3f4a5)
2026-05-22 09:21:24 +03:00
48cc02ea0b feat: LLM Validation section — 9 API endpoints + 3 Svelte pages + Playwright optimization
Backend:
- /api/validation/ CRUD for validation tasks (policies)
- Run history with 6 filters + pagination
- Alembic migrations (provider_id, policy_id)
- 28 pytest tests

Frontend:
- /validation — task list page with status filters + CRUD
- /validation/[id] — task config (Config + History tabs)
- /validation/history — run history with metrics
- Sidebar nav entry under Operations
- i18n en/ru

Playwright (ScreenshotService):
- Removed 25s hardcoded sleeps → conditional waits
- CDP fallback to full_page screenshot
- Total timeout enforcement (120s)
- Debug screenshots → temp dir with cleanup

QA fixes:
- Debug screenshot accumulation in production (tempdir + rmtree)
- Frontend API payload field name mismatch
- History issues field reference fix
- delete_runs scoped by policy_id

Belief protocol:
- @RATIONALE/@REJECTED on 27 C4+ contracts

Closes: VALIDATION-REWORK-2026
2026-05-21 20:29:36 +03:00
36643024cf refactor(connections): remove ConnectionConfig, migrate mapper to SQL Lab
Backend:
- Remove ConnectionConfig model, CRUD routes (connections.py), and tests
- Remove ensure_connection_configs_table from database.py
- Migrate MapperPlugin from psycopg2 direct PostgreSQL to SupersetSqlLabExecutor
- Add DatasetMapper.get_sqllab_mappings() with default information_schema query
- Update MapColumnsRequest: connection_id → database_id + sql_query
- Fix pydantic_settings v2 deprecation (Field(env=...) → validation_alias)
- Clean up app.py, routes/__init__.py, database.py imports

Frontend:
- Remove DatabaseConnectionsTab, ConnectionForm, ConnectionList components
- Remove /settings/connections route page and Navbar link
- Remove connectionService.js, connections i18n files
- Update MapperTool.svelte: postgres → sqllab source
- Update Map Columns modal: database selector + SQL query instead of connection_id
- Clean up settings page tabs, nav links, test mocks
- Clean up i18n keys (settings, nav, mapper)

Tests: 25/25 pass (14 030-feature + 11 route tests)
Build: succeeds
2026-05-21 18:47:41 +03:00
b529e8082a feat(030): Dataset Lifecycle Workspace — Stats Bar, split-view, inline-edit, bulk actions
Backend:
- Add MetricItem, StatsCounts, ColumnDescriptionUpdate, MetricDescriptionUpdate DTOs
- Add metric_count to DatasetItem and DatasetDetailResponse
- Add server-side filtering via ?filter=unmapped|mapped|linked|all
- Add PUT endpoints for column/metric description inline-edit
- Add HTML stripping validation (max 2000 chars, plain text)
- Add WebSocket dataset.updated event on task completion
- RBAC: plugin:migration:WRITE for mutations, READ for reads
- 14 pytest tests (stats, filter, metrics, inline-edit, validation, 502/503)

Frontend:
- Rewrite +page.svelte as split-view orchestrator (387 lines)
- StatsBar.svelte — 4 metric tiles with aria-pressed, server-side filter dispatch
- DatasetList.svelte — card grid with progress bars, checkboxes, search
- DatasetPreview.svelte — presentational detail panel (container fetches)
- ColumnsTable.svelte — inline-edit with type chips, bold/italic fallback
- MetricsTable.svelte — inline-edit with expression hints
- 52 vitest tests across 7 test files
- i18n: 11 EN + 11 RU keys (with_mapping/с_маппингом)

Spec:
- 15 issues resolved (semantic label, filtering, endpoints, conflict, metric_count, RBAC, ID types, ports, i18n, validation, a11y, propagation, resize, perf, ownership)

Status: 14/14 backend tests pass, 52/52 frontend tests pass, build succeeds
Risk: Low — T051 browser validation pending (non-blocking)
2026-05-21 13:58:47 +03:00
673c0bb217 docs(env): add unified .env.example — 37 vars, 14 sections
- .env.example: единый источник истины для всех переменных окружения
- .gitignore: добавлено исключение !.env.example (правило .env* не применяется)
- Все ранее внесённые правки аудита (7 классов) уже закоммичены в 68740cd
- Итог: 33 QA-теста, 0 хардкод-секретов, 0 .bak, 0 except:pass
2026-05-21 10:09:04 +03:00
45382d6a17 chore(skills): clean up skill headers — remove stale @RELATION, @STATUS noise
- semantics-python: removed dead @RELATION -> [Std.Semantics.Belief] and [MolecularCoTLogging]
- semantics-core, semantics-contracts: removed @STATUS ACTIVE (noise)
- molecular-cot-logging: removed invalid @RELATION REPLACES -> [Std.Semantics.Belief]
- semantics-svelte: fix brackets on @RELATION -> [MolecularCoTLogging]

All skill headers now match the minimal template: @BRIEF + internal @RELATION only.
2026-05-21 00:08:34 +03:00
bd55697e94 fix(semantics): curator audit — Constant→Block, drop :Class suffix on relations 2026-05-21 00:02:45 +03:00
68740cd9ed semantic 2026-05-20 23:54:53 +03:00
a43886106e refactor(semantics): make axiom_config.yaml descriptive, not gatekeeping 2026-05-20 17:18:55 +03:00
084f782065 lang detect 2026-05-20 17:15:31 +03:00
c617754cca refactor(semantics): make complexity tiers descriptive, not gatekeeping
Why: tier rules forbidding @PRE/@POST on C2 cause agents to either
remove useful documentation or generate audit noise. Both outcomes are
worse than having slightly richer metadata.

Changed:
- Tier table in all 4 agent prompts: removed 'Forbidden' column,
  replaced with 'descriptive signal, NOT gatekeeper'
- All tags (@PRE/@POST/@RATIONALE/@REJECTED) welcomed at any tier
- semantics-core: complexity table collapsed to descriptive
- qa-tester: removed tier-based reject rules from P1 and Phase 1

Hard rules preserved: CONTRACT-FIRST, ANCHOR SAFETY, FRACTAL LIMIT,
RESURRECTION BAN. Everything else is descriptive intent.
2026-05-20 15:15:52 +03:00
07cfaadee1 refactor(agents): inject CONTRACT MANDATE into all coder agent prompts
Why: agents kept forgetting #region contracts because the rationale
was hidden in loadable skills, not active in their system prompt.

Changed agent prompts (+RATIONALE-first):
- python-coder: +55 lines — 4 failure modes + operational rules
- fullstack-coder: +40 lines — same, with cross-stack emphasis
- svelte-coder: replaced PHYSICS OF ATTENTION with unified mandate
- qa-tester: +15 lines — QA-specific contract mandate

Compressed skills (reference-only):
- semantics-core: 174→110 lines (-37%) — rationale removed, syntax+tables kept
- semantics-contracts: 103→79 lines (-23%) — duplicates removed, methodology kept

Verification: 320 tests pass, 0 parse warnings, 0 semantic audit warnings
2026-05-20 15:02:29 +03:00
904631efe9 fix(semantics): add function-level GRACE contracts to _lang_detect.py
All 5 functions now have proper #region/#endregion contracts:
- _detector_cache_key [C:1] — private helper
- build_detector [C:2] — public API
- get_detector [C:2] — public API with caching
- detect_language [C:2] — public API, @RAISES for safety
- batch_detect [C:3] — public API with @RELATION edges

Clean audit: 0 warnings on _lang_detect.py
2026-05-20 14:39:06 +03:00
36608ac368 fix(semantics): upgrade complexity tiers, add missing relation edge
- LanguageDetectService: C2→C3 (has @RELATION, requires C3)
- LanguageDetectServiceTests: C2→C3 (has @RELATION, requires C3)
- preview.py: add @RELATION DEPENDS_ON -> [LanguageDetectService]
2026-05-20 14:34:43 +03:00
04a20f7d3c feat(translate): replace LLM-based language detection with local lingua-detector
- Add _lang_detect.py module wrapping lingua-language-detector (pure Python, 0.076ms/call)
- Add batch_detect() with detector caching for performance
- Pre-filter rows where detected source language matches target (same-language skip)
- Remove detected_source_language from LLM prompt templates (token savings)
- Use local detection for cached rows (was always 'und')
- Preserve backward compat: LLM detected_source_language as fallback when lingua returns 'und'
- Add 24 unit tests for detection, edge cases, caching, and mapping
2026-05-20 14:31:37 +03:00
d1fdba5af1 tasks 2026-05-20 09:59:11 +03:00
09d12b3b68 semantics 2026-05-20 09:59:03 +03:00
b916ef94d5 semantics 2026-05-19 18:36:15 +03:00
64feca2e46 refactor(log-viewer): replace dark terminal theme with light app design system
- Rewrote LogFilterBar: terminal-bg → white, terminal-surface → white/gray-50
- Rewrote LogEntryRow: terminal backgrounds → gray-50 hover, gray-100 border
- Rewrote TaskLogPanel: terminal-bg → white panel with border+shadow, gray-50 footer
- Rewrote TaskLogViewer: spinners/errors → primary/red-50, modals → white/gray
- All 4 components now use: bg-white, text-gray-700/900, border-gray-200
- Kept log level colors (log-* tokens) and source colors (source-* tokens) intact
- Kept all functionality: filters, auto-scroll, progress bars, inline/modal modes
- All 8 existing tests pass
2026-05-19 11:48:57 +03:00
da2c77dc15 feat(sidebar): redesign with sections, new navigation items, profile footer
- Split sidebar into 3 groups: Resources / Operations / System
- Added Migration section (Overview + Mappings) - was hidden in routes
- Added Git section (Repository Status) - was hidden in routes
- Added Tools section (Mapper, Debug, Storage, Backups) - was hidden in routes
- Moved Settings gear icon to footer (quick link to /settings)
- Moved Profile to footer (avatar + username)
- Moved Collapse button to header (always visible)
- Organized Admin with all sub-items (Users, Roles, ADFS, LLM)
- Reduced visual noise: section labels collapse independently
- Kept existing features: RBAC filtering, health badges, mobile overlay, collapse animation
- Updated tests to match new structure
- Updated i18n (en/ru) with new keys
2026-05-19 11:34:58 +03:00
8039d09505 refactor(frontend): unify Tailwind classes — replace hardcoded colors with semantic design tokens
- Replace all bg-blue-600/hover:bg-blue-700 → bg-primary/hover:bg-primary-hover
- Replace all bg-red-600/hover:bg-red-700 → bg-destructive/hover:bg-destructive-hover
- Replace all focus:ring-blue-500 → focus-visible:ring-primary-ring
- Replace all text-blue-600 → text-primary on interactive elements
- Replace all bg-blue-50 → bg-primary-light on UI surfaces
- Replace all bg-red-50 → bg-destructive-light on error surfaces
- Replace all border-blue-200/300 → border-primary-ring
- Replace all border-red-200 → border-destructive-light
- Replace peer-checked:bg-blue-600 → peer-checked:bg-primary (toggles)
- Replace focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 patterns
- Keep status badge patterns (bg-*-100 text-*-700) and hover:bg-blue-50 intact

82 files changed, ~400 changes. Build passes.
2026-05-19 10:46:00 +03:00
afe6c7e281 agents 2026-05-18 23:58:42 +03:00
59aedbe12c fix(translate): replace fromStore+ with +subscribe to prevent reactive loop, add runComplete flag, show error_message, collapsible run results
- TranslationRunGlobalIndicator: replace fromStore + 6x  with
  (() => store.subscribe()) to prevent accumulating render_effect
  instances via createSubscriber that caused infinite Svelte reactive flush
- translate/[id]/+page.svelte: add runComplete flag to hide progress bar
  after completion without touching the store; add collapsible run detail
  cards with status badge, counts, and error_message; filter invalid runs
- translationRun.js: remove stale guard (no longer needed)
- Sidebar.svelte: fix mobile overlay close on route change
- docs/adr/ADR-0007-rejected-fromStore-derived.md: document REJECTED pattern
2026-05-18 11:43:27 +03:00
ee33f1d7fb fix(translate): fix job creation tab navigation and preview validation
- frontend: add  to reload job data on param change after goto
- frontend: set existingJob from createJob response for immediate tabs
- frontend: suppress error toasts for schedule 404 (normal state)
- frontend: conditional ScheduleConfig mount to avoid 'new' job loading
- backend: skip preview check for jobs with direct Superset datasource
- backend: add orthogonal test for datasource+no-preview success case
2026-05-18 10:56:21 +03:00
4479392a2f fix(translate): handle row lock timeout in cancel, add flush fallback, migrate progress to store
- Extract _fallback_cancel_request for row lock timeout recovery in orchestrator_cancel
- Add flush lock timeout fallback in cancel_run
- Set error_message when all records fail in executor
- Track insert_failed state in scheduler and frontend store
- Migrate TranslationRunProgress from local polling to centralized store
- Fix nginx resolver for Docker variable-based proxy_pass
- Add FRONTEND_HOST_PORT env var to docker-compose
2026-05-18 10:36:58 +03:00
7467cdf751 fix: update Kilo default base URL to api.kilo.ai/api/gateway 2026-05-18 10:36:23 +03:00
6afd0070a6 e2e 2026-05-17 23:34:58 +03:00
9228d071ef fix(translate): fix batch sizing — use real available input budget, respect job.batch_size, lazy playwright in docker
- _batch_sizer.py: compute per_batch_budget from actual available_input_budget
  (context_window - max_output_tokens) instead of sum of first N rows
- _batch_sizer.py: cap max_rows_hard_cap with job.batch_size (user config)
- _token_budget.py: add available_input_budget and max_output_tokens to return
- preview.py: validate required config fields before preview
- requirements-docker.txt: add playwright pip package (~5 MB)
- backend.entrypoint.sh: lazy playwright install chromium on first start
- build.sh: switch tar to tar.xz (-T0 -9), 5.5x smaller bundles
- README.md: add offline bundle deployment instructions
- playwright.config.js: add testMatch for *.e2e.js files
- frontend: preview tab config validation, i18n keys, translationRun store
2026-05-17 23:32:00 +03:00
6988e63967 chore: commit remaining pre-existing changes
- Agent configs (.opencode/agents/)
- Backend: alembic, routes, app, utils, scripts
- Frontend: package.json, vite, components, e2e infra
- Specs: 028-llm-datasource-supeset updates
- Docker e2e config and Playwright setup
2026-05-17 19:23:07 +03:00