mirror of
https://github.com/coder/coder.git
synced 2026-06-03 13:08:25 +00:00
75f5b60eb6a674220249e7da73158faef44db289
3442 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Mathias Fredriksson
|
75f5b60eb6 |
fix: return 409 Conflict instead of 502 when task agent is busy (#23424)
The "Task app is not ready to accept input" error occurs when the agent responds successfully but its status is not "stable" (e.g. "running"). This is a state conflict, not a gateway error. 502 was semantically wrong because the gateway communication succeeded. 409 Conflict is correct because the request conflicts with the agent's current state. This is consistent with how authAndDoWithTaskAppClient already returns 409 for pending, initializing, and paused agent states. |
||
|
Kerem Kacel
|
b763b72b53 |
feat: add user:read scope (#23348)
Enables [23270](https://github.com/coder/coder/discussions/23270). Makes it possible for admin users to create API tokens scoped for reading users' data. |
||
|
Asher
|
47daca6eea |
feat: add filtering to org members (#23334)
Continuation of https://github.com/coder/coder/pull/23067 Add filtering to the paginated org member endpoint (pretty much the same as what I did in the previous PR with group members, except there I also had to add pagination since it was missing). |
||
|
Michael Suchacz
|
b8a5344c92 |
feat: add inline editing of usage limit overrides (#23380)
## Summary Adds inline editing of existing per-user and per-group chat usage limit overrides from the Limits tab. Admins can now click Edit on any override row to modify the spend limit in-place, using the same form used for adding overrides. ## Changes **Backend** (`coderd/chats_test.go`) - Added `UpdateUserOverride` and `UpdateGroupOverride` test cases covering the upsert-in-place behavior. **Frontend** (3 component files + 2 story files) - `LimitsTab.tsx`: Edit state management, mutual-exclusion between user/group edit modes, and handlers that prefill the form from the existing override. - `GroupLimitsSection.tsx`: Edit button per row, read-only group identity in edit mode, Save/Cancel actions, disable states during pending operations. - `UserOverridesSection.tsx`: Same pattern as groups — Edit button, read-only user identity, Save/Cancel, proper disable states. - New Storybook stories for both sections (Default, EmptyState, AddForm, EditForm). ## UX behavior - Clicking Edit opens the inline form with the current spend limit prefilled and the entity shown as read-only. - Save uses the existing PUT upsert endpoint (no new API surface). - Cancel returns to normal list view with form state cleared. - Edit modes are mutually exclusive — editing a user override closes any open group form and vice versa. - All buttons and inputs disable during pending mutations. - Add and delete continue to work after editing. |
||
|
Asher
|
24ab216dd1 |
feat: add new group members endpoint with filtering and pagination (#23067)
Partially addresses #21813 (still need to make changes to the "add user" button to be complete) Since there are a lot of user tests already, I moved them into `coderdtest` to be shared. |
||
|
Jon Ayers
|
f135ffdb3a |
fix: limit calls to GetWorkspaceAgentByID in agentapi (#23015)
We currently call GetWorkspaceAgentByID millions of times at scale unnecessarily. This PR embeds immutable fields into the relevant services instead of fetching for them every time. resolves https://github.com/coder/scaletest/issues/84 Confirmed with a 10k scaletest that this changeset takes the query from 10M+ queries down to 39k |
||
|
Mathias Fredriksson
|
4aa94fcd4c |
fix: StatusWriter Unwrap and process output error recovery (#23383)
Add Unwrap() to StatusWriter so http.ResponseController.SetWriteDeadline can reach the underlying net.Conn through the middleware wrapper. Without this, the agent's 20s WriteTimeout killed blocking process output connections. Also add 30s headroom to the write deadline in handleProcessOutput so the response can be written after a full-duration blocking wait. On the tool layer, waitForProcess and the process_output tool now try a non-blocking snapshot on any error, not just context timeout. Transport errors (like the WriteTimeout EOF) previously returned with no process ID and no recovery path. Now if the process finished, the result is returned transparently. If still running, the error includes the process ID and tells the agent to use process_output. |
||
|
Michael Suchacz
|
a6ba61e607 | fix: use upstream fantasy fix for store=false replay (#23368) | ||
|
Cian Johnston
|
ff8dcca2c7 |
feat: add global chat workspace TTL setting (#23265)
- Add `agents_workspace_ttl` site config (default: whatever the template says a.k.a. `0s`) - Expose via GET/PUT `/api/experimental/chats/config/workspace-ttl` - Chat tool reads setting and passes `TTLMillis` on workspace creation - Existing autostop infrastructure handles the rest (zero changes to LifecycleExecutor, CalculateAutostop, or activity bumping) - ⚠️ Template-level `UserAutostopEnabled=false` overrides this global default. Not touching this. - Frontend: "Workspace Lifetime" control in /agents/settings Behavior tab (admin-only) > This PR was created with the help of Coder Agents, and has been reviewed by several humans and robots. 🤖🤝🧑💻 |
||
|
Kyle Carberry
|
e388a88592 |
feat(coderd/chatd): connect to external MCP servers for chat tool invocation (#23333)
## Summary
Adds a new `coderd/chatd/mcpclient` package that connects to
admin-configured MCP servers and wraps their tools as
`fantasy.AgentTool` values that the chat loop can invoke.
## What changed
### New: `coderd/chatd/mcpclient/mcpclient.go`
The core package with a single entry point:
```go
func ConnectAll(
ctx context.Context,
logger slog.Logger,
configs []database.MCPServerConfig,
tokens []database.MCPServerUserToken,
) (tools []fantasy.AgentTool, cleanup func(), err error)
```
This:
1. Connects to each enabled MCP server using `mark3labs/mcp-go`
(streamable HTTP or SSE transport)
2. Discovers tools via the MCP `tools/list` method
3. Wraps each tool as a `fantasy.AgentTool` with namespaced name
(`serverslug__toolname`)
4. Applies tool allow/deny list filtering from the server config
5. Handles auth: OAuth2 bearer tokens, API keys, and custom headers
6. Skips broken servers with a warning (10s connect timeout per server)
7. Returns a cleanup function to close all MCP connections
### Modified: `coderd/chatd/chatd.go`
In `runChat()`, after loading the model/messages but before assembling
the tool list:
- Reads `chat.MCPServerIDs` from the chat record
- Loads the MCP server configs from the database
- Resolves the user's auth tokens
- Calls `mcpclient.ConnectAll()` to connect and discover tools
- Appends the MCP tools to the chat's tool set
- Defers cleanup to close connections when the chat turn ends
The chat loop (`chatloop.Run`) already handles tools generically —
MCP-backed tools are invoked identically to built-in workspace tools. No
changes needed in `chatloop/`.
### New: `coderd/chatd/mcpclient/mcpclient_test.go`
10 tests covering:
- Tool discovery and namespacing
- Tool call forwarding and result conversion
- Allow/deny list filtering
- Connection failure handling (graceful skip)
- Multi-server support with correct prefixes
- OAuth2 auth header injection
- Disabled server skipping
- Invalid input handling
- Tool info parameter propagation
## Design decisions
- **Tool namespacing**: `slug__toolname` with double underscore
separator. Avoids collisions with tools containing single underscores.
Stripped when forwarding to `tools/call`.
- **Connection lifecycle**: Fresh connections per chat turn, closed via
`defer`. Matches the `turnWorkspaceContext` pattern.
- **Failure isolation**: Each server connects independently. A broken
server doesn't fail the chat — its tools are simply unavailable.
- **No chatloop changes**: The existing `[]fantasy.AgentTool` interface
is already fully generic.
## What's NOT in this PR (follow-ups)
- Frontend MCP server picker UI (selecting servers for a chat)
- System prompt additions describing available MCP tools
- Token refresh on expiry mid-chat
- The deprecated `aibridged` MCP proxy cleanup
|
||
|
Ethan
|
a1e912a763 |
fix(chatd): deliver retry control events via pubsub (#23349)
> **PR Stack** > 1. #23351 ← `#23282` > 2. #23282 ← `#23275` > 3. #23275 ← `#23349` > 4. **#23349** ← `main` *(you are here)* --- Retry events were published only to the local in-process stream via `publishEvent()`. When pubsub is active, `Subscribe()`'s merge loop only forwarded durable events (messages, status, errors) from pubsub notifications, so retry events were silently dropped for cross-replica subscribers. This adds a `publishRetry()` helper that publishes both locally and via pubsub, and extends the `Subscribe()` notification handler to forward retry events. **Changes:** - `coderd/pubsub/chatstreamnotify.go`: add `Retry` field to notify message - `coderd/chatd/chatd.go`: add `publishRetry()`, update `OnRetry` callback, extend `Subscribe()` to forward `notify.Retry` - `coderd/chatd/chatd_internal_test.go`: focused pubsub delivery test - `enterprise/coderd/chatd/chatd_test.go`: cross-replica end-to-end test |
||
|
Cian Johnston
|
f1d333f0e6 |
refactor: deduplicate utility helpers across the codebase (#23338)
Audited exported helpers in `coderd/util/*`, `testutil`, `cryptorand`, and friends, then replaced duplicated implementations with canonical versions. - **fix: `maps.SortedKeys` generic signature** — value type was hardcoded to `any`, making it impossible to actually call. Added second type parameter `V any`. Added table-driven tests with `cmp.Diff`. - **refactor: replace ad-hoc ptr helpers with `ptr.Ref`** — removed `int64Ptr`, `stringPtr`, `boolPtr`, `i64ptr`, `strPtr`, `PtrInt32` across 6 files. - **refactor: replace local `sortedKeys`/`sortKeys` with `maps.SortedKeys`** — now that the signature is fixed, scripts can use it. - **refactor: replace hand-rolled `capitalize` with `strings.Capitalize`** — the typegen version was also not UTF-8 safe. > 🤖 This PR was created with the help of Coder Agents, and was reviewed by my human. 🧑💻 |
||
|
Ethan
|
2a3be30a88 |
fix(coderd): return human-readable error when deleting chat provider with active chats (#23347)
## Problem Deleting a chat provider that has models referenced by existing chats returns a raw PostgreSQL foreign key violation error to the user: ``` pq: update or delete on table "chat_model_configs" violates foreign key constraint "chat_messages_model_config_id_fkey" on table "chat_messages" ``` This happens because `DELETE FROM chat_providers` cascades to hard-delete `chat_model_configs` rows, but `chat_messages` and `chats` still reference them with the default `RESTRICT` behavior. ## Fix Check for `IsForeignKeyViolation` on the two relevant constraints and return a 400 Bad Request with `"Provider models are still referenced by existing chats."`, matching the existing FK error handling pattern used elsewhere in the same file. |
||
|
Mathias Fredriksson
|
41e15ae440 |
feat: make process output blocking-capable (#23312)
Replace the 200ms polling loop in chatd's execute and
process_output tools with server-side blocking via sync.Cond
on HeadTailBuffer.
The agent's GET /{id}/output endpoint accepts ?wait=true to
block until the process exits or a 5-minute server cap expires.
The process_output tool blocks by default for 10s (overridable
via wait_timeout), and falls back to a non-blocking snapshot on
timeout. The execute tool's foreground path makes a single
blocking call instead of polling.
Related #23316
|
||
|
Cian Johnston
|
c8e58575e0 |
chore: attempt to nudge agents away from dbauthz.AsSystemRestricted (#23326)
Adds a warning comment to dbauthz.AsSystemRestricted to hopefully nudge agents away from it. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Cian Johnston
|
d8cad81ada |
fix(coderd/chatd): rate-limit stream drop WARN logs to avoid log spam (#23340)
- Rate-limit "chat stream buffer full" and "dropping chat stream event" WARN logs to at most once per 10s per chat. - Intermediate drops not logged; WARN includes `dropped_count`. - Per-chat tracking on `chatStreamState` using timestamp comparison against `quartz.Clock` — no global tickers, no new `Server` fields. - Subscriber and buffer drop counters reset at all lifecycle boundaries. > 🤖 This PR was created with the help of Coder Agents, and was reviewed by my human. 🧑💻 |
||
|
Susana Ferreira
|
139594a4f4 |
feat: block CONNECT tunnels to private/reserved IP ranges (#23109)
## Description Blocks `CONNECT` tunnels to private and reserved IP ranges in aibridgeproxyd, preventing the proxy from being used to reach internal networks. The Coder access URL is always exempt (hostname+port match) so the proxy can reach its own deployment. It is possible to exempt additional ranges via `CODER_AIBRIDGE_PROXY_ALLOWED_PRIVATE_CIDRS`. DNS rebinding is handled differently per path: * Direct (no upstream proxy): validate the resolved IP right before the TCP dial, no window between check and connect. * Upstream proxy: Resolves and checks before forwarding to the upstream dialer. A small rebinding window exists since the upstream proxy re-resolves independently. ## Changes * Add blocked IP denylist covering private, reserved, and special-purpose ranges * Add `AllowedPrivateCIDRs` option with CLI flag and env var * Wire IP checks into `proxy.ConnectDial` for both upstream and direct paths * Add tests for blocked/allowed cases across direct dial, upstream proxy, CIDR exemptions, and CoderAccessURL exemption Notes: documentation will be handled in a follow-up PR. Closes: https://github.com/coder/security/issues/124 |
||
|
dependabot[bot]
|
abd7b7aeba |
ci: bump the github-actions group across 1 directory with 9 updates (#23345)
Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.40.0` | `1.44.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [actions/attest](https://github.com/actions/attest) | `3.2.0` | `4.1.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.1` | `47.0.5` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [linear/linear-release-action](https://github.com/linear/linear-release-action) | `0.4.0` | `0.5.0` | | [benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch) | `1.2.4` | `1.3.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `c1824fd6edce30d7ab345a9989de00bbd46ef284` | `57a97c7e7821a5776cebc9bb87c984fa69cba8f1` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | Updates `crate-ci/typos` from 1.40.0 to 1.44.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.44.0</h2> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1488">February 2026</a> changes</li> </ul> <h2>v1.43.5</h2> <h2>[1.43.5] - 2026-02-16</h2> <h3>Fixes</h3> <ul> <li><em>(pypi)</em> Hopefully fix the sdist build</li> </ul> <h2>v1.43.4</h2> <h2>[1.43.4] - 2026-02-09</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>pincher</code></li> </ul> <h2>v1.43.3</h2> <h2>[1.43.3] - 2026-02-06</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Adjust how typos are reported to github</li> </ul> <h2>v1.43.2</h2> <h2>[1.43.2] - 2026-02-05</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>certifi</code> in Python</li> </ul> <h2>v1.43.1</h2> <h2>[1.43.1] - 2026-02-03</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>consts</code></li> </ul> <h2>v1.43.0</h2> <h2>[1.43.0] - 2026-02-02</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1453">January 2026</a> changes</li> </ul> <h2>v1.42.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="https://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.44.0] - 2026-02-27</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1488">February 2026</a> changes</li> </ul> <h2>[1.43.5] - 2026-02-16</h2> <h3>Fixes</h3> <ul> <li><em>(pypi)</em> Hopefully fix the sdist build</li> </ul> <h2>[1.43.4] - 2026-02-09</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>pincher</code></li> </ul> <h2>[1.43.3] - 2026-02-06</h2> <h3>Fixes</h3> <ul> <li><em>(action)</em> Adjust how typos are reported to github</li> </ul> <h2>[1.43.2] - 2026-02-05</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>certifi</code> in Python</li> </ul> <h2>[1.43.1] - 2026-02-03</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>consts</code></li> </ul> <h2>[1.43.0] - 2026-02-02</h2> <h3>Compatibility</h3> <ul> <li>Bumped MSRV to 1.91</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/631208b7aac2daa8b707f55e7331f9112b0e062d"><code>631208b</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/3d3c6e376823e66c4f3e2583fc47b8be83b66d71"><code>3d3c6e3</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/ba1f545443d223c6bc2c821dad76c210fa78b46f"><code>ba1f545</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/102f66c093f0eb1a69937d3d1c589d5f16c5569b"><code>102f66c</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1510">#1510</a> from epage/feb</li> <li><a href="https://github.com/crate-ci/typos/commit/d303c9398affd88fc562292a2ec9433a37817b28"><code>d303c93</code></a> feat(dict): February updates</li> <li><a href="https://github.com/crate-ci/typos/commit/30eea72e385d435c00a24eeba0d96f87048f42ec"><code>30eea72</code></a> chore(ci): Update pre-build binary workflow</li> <li><a href="https://github.com/crate-ci/typos/commit/57b11c6b7e54c402ccd9cda953f1072ec4f78e33"><code>57b11c6</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/105ced22a5a7fedc36cbef6e5dec31b708e9ec5b"><code>105ced2</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/4f89be7e4a7933f8d9693a9da7a9e9258a8671ba"><code>4f89be7</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1504">#1504</a> from schnellerhase/bump-maturin</li> <li><a href="https://github.com/crate-ci/typos/commit/d8547ad9c141d0e2c568b2344f0804a446ff25ab"><code>d8547ad</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1503">#1503</a> from 1195343015/patch-1</li> <li>Additional commits viewable in <a href="https://github.com/crate-ci/typos/compare/2d0ce569feab1f8752f1dde43cc2f2aa53236e06...631208b7aac2daa8b707f55e7331f9112b0e062d">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a> Add proxy integration test</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare view</a></li> </ul> </details> <br /> Updates `docker/login-action` from 3.7.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/929">docker/login-action#929</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/927">docker/login-action#927</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/919">docker/login-action#919</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.77.0 in <a href="https://redirect.github.com/docker/login-action/pull/910">docker/login-action#910</a> <a href="https://redirect.github.com/docker/login-action/pull/928">docker/login-action#928</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/login-action/pull/921">docker/login-action#921</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/901">docker/login-action#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.7.0...v4.0.0">https://github.com/docker/login-action/compare/v3.7.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/b45d80f862d83dbcd57f89517bcf500b2ab88fb2"><code>b45d80f</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/929">#929</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/login-action/commit/176cb9c12abea98dfe844071c0999ff6ee9688a7"><code>176cb9c</code></a> node 24 as default runtime</li> <li><a href="https://github.com/docker/login-action/commit/cad89843109a11cb6f69f52fe695c42cf69d57d3"><code>cad8984</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/920">#920</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/92cbcb231ed341e7dc71693351b21f5ba65f8349"><code>92cbcb2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/5a2d6a71bd3e0cb4abb6faae33f3dde61ece8e5b"><code>5a2d6a7</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/44512b6b2e08b878e82b107b394fcd1af5748e63"><code>44512b6</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/928">#928</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/28737a5e46bc0c62910ef429b2e55f9cabbbd5df"><code>28737a5</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/dac079354afbd8db4c3b58b8cc6946573479b2a6"><code>dac0793</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.76.0 to 0.77.0</li> <li><a href="https://github.com/docker/login-action/commit/62029f315d6d05c8646343320e4a1552e5f1c77a"><code>62029f3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/919">#919</a> from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li> <li><a href="https://github.com/docker/login-action/commit/08c8f064bf22a1c55918ee608a81d87b13cc4461"><code>08c8f06</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2">compare view</a></li> </ul> </details> <br /> Updates `actions/attest` from 3.2.0 to 4.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/attest/releases">actions/attest's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/attest</code> from 3.0.0 to 3.1.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/362">actions/attest#362</a></li> <li>Bump <code>@actions/attest</code> from 3.1.0 to 3.2.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/365">actions/attest#365</a></li> <li>Add new <code>subject-version</code> input for inclusion in storage record by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/364">actions/attest#364</a></li> <li>Add storage record content to README by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/366">actions/attest#366</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v4.0.0...v4.1.0">https://github.com/actions/attest/compare/v4.0.0...v4.1.0</a></p> <h2>v4.0.0</h2> <p>All of the capabilities of <a href="https://github.com/actions/attest-build-provenance"><code>actions/attest-build-provenance</code></a>, and <a href="https://github.com/actions/attest-sbom"><code>actions/attest-sbom</code></a> have now been folded into <code>actions/attest</code>.</p> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/core</code> from 2.0.1 to 2.0.2 in the npm-production group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/323">actions/attest#323</a></li> <li>Bump tar from 7.4.3 to 7.5.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/333">actions/attest#333</a></li> <li>Bump <code>@actions/github</code> from 6.0.1 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/324">actions/attest#324</a></li> <li>Bump <code>@actions/attest</code> from 2.1.0 to 2.2.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/325">actions/attest#325</a></li> <li>Bump tar from 7.4.3 to 7.5.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/337">actions/attest#337</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/342">actions/attest#342</a></li> <li>Consolidate attestation actions by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/346">actions/attest#346</a></li> <li>ESM Conversion by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/347">actions/attest#347</a></li> <li>Test suite refactor by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/356">actions/attest#356</a></li> <li>Bump tar from 7.5.7 to 7.5.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/attest/pull/354">actions/attest#354</a></li> <li>Bump version in package.json to v4.0.0 by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/attest/pull/360">actions/attest#360</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/attest/compare/v3.2.0...v4.0.0">https://github.com/actions/attest/compare/v3.2.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/attest/commit/59d89421af93a897026c735860bf21b6eb4f7b26"><code>59d8942</code></a> add storage record content to README (<a href="https://redirect.github.com/actions/attest/issues/366">#366</a>)</li> <li><a href="https://github.com/actions/attest/commit/ec072a1cb2a95a9fb38f16ee92f72e0270cbf263"><code>ec072a1</code></a> add new subject-version input (<a href="https://redirect.github.com/actions/attest/issues/364">#364</a>)</li> <li><a href="https://github.com/actions/attest/commit/8b290b8d865f4d5d2caca84a45d0de9620d2187a"><code>8b290b8</code></a> bump <code>@actions/attest</code> from 3.1.0 to 3.2.0 (<a href="https://redirect.github.com/actions/attest/issues/365">#365</a>)</li> <li><a href="https://github.com/actions/attest/commit/35cfe2422ed5658cfc87b5cca7e50507f7d478da"><code>35cfe24</code></a> bump <code>@actions/attest</code> from 3.0.0 to 3.1.0 (<a href="https://redirect.github.com/actions/attest/issues/362">#362</a>)</li> <li><a href="https://github.com/actions/attest/commit/c32b4b8b198b65d0bd9d63490e847ff7b53989d4"><code>c32b4b8</code></a> bump version in package.json to v4.0.0 (<a href="https://redirect.github.com/actions/attest/issues/360">#360</a>)</li> <li><a href="https://github.com/actions/attest/commit/1e73be196c8840af1fa1fbff376890066093a323"><code>1e73be1</code></a> Bump typescript-eslint in the npm-development group (<a href="https://redirect.github.com/actions/attest/issues/358">#358</a>)</li> <li><a href="https://github.com/actions/attest/commit/e1345cbec46c2ad797722d96bfa19e14e3548b70"><code>e1345cb</code></a> Bump the npm-development group across 1 directory with 3 updates (<a href="https://redirect.github.com/actions/attest/issues/357">#357</a>)</li> <li><a href="https://github.com/actions/attest/commit/09cd5f66cb420c0389c6f725c641e08df274410e"><code>09cd5f6</code></a> Bump tar from 7.5.7 to 7.5.9 (<a href="https://redirect.github.com/actions/attest/issues/354">#354</a>)</li> <li><a href="https://github.com/actions/attest/commit/19ad753d23453c7b9e9caf8a907f1d9e08816359"><code>19ad753</code></a> test suite re-write (<a href="https://redirect.github.com/actions/attest/issues/356">#356</a>)</li> <li><a href="https://github.com/actions/attest/commit/7d7ff4475a8e98e172944ad0b6687ab116043a85"><code>7d7ff44</code></a> ESM Conversion (<a href="https://redirect.github.com/actions/attest/issues/347">#347</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/attest/compare/e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d...59d89421af93a897026c735860bf21b6eb4f7b26">compare view</a></li> </ul> </details> <br /> Updates `tj-actions/changed-files` from 47.0.1 to 47.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v47.0.5</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v47.0.4 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2802">tj-actions/changed-files#2802</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2803">tj-actions/changed-files#2803</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2805">tj-actions/changed-files#2805</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.2.2 to 25.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2811">tj-actions/changed-files#2811</a></li> <li>chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2810">tj-actions/changed-files#2810</a></li> <li>chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2809">tj-actions/changed-files#2809</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2799">tj-actions/changed-files#2799</a></li> <li>chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2806">tj-actions/changed-files#2806</a></li> <li>chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2775">tj-actions/changed-files#2775</a></li> <li>chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2774">tj-actions/changed-files#2774</a></li> <li>chore(deps): bump lodash and <code>@types/lodash</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2807">tj-actions/changed-files#2807</a></li> <li>chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2764">tj-actions/changed-files#2764</a></li> <li>chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2815">tj-actions/changed-files#2815</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 25.3.2 to 25.3.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2814">tj-actions/changed-files#2814</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5</a></p> <h2>v47.0.4</h2> <h2>What's Changed</h2> <ul> <li>update: release-tagger action to version 6.0.6 by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2801">tj-actions/changed-files#2801</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4</a></p> <h2>v47.0.3</h2> <h2>What's Changed</h2> <ul> <li>chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2790">tj-actions/changed-files#2790</a></li> <li>update: release-tagger action to version 6.0.0 by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2800">tj-actions/changed-files#2800</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3">https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3</a></p> <h2>v47.0.2</h2> <h2>What's Changed</h2> <ul> <li>chore(deps-dev): bump eslint-plugin-jest from 29.2.1 to 29.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2751">tj-actions/changed-files#2751</a></li> <li>chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2741">tj-actions/changed-files#2741</a></li> <li>chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2743">tj-actions/changed-files#2743</a></li> <li>chore(deps): bump <code>@actions/core</code> from 2.0.0 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2757">tj-actions/changed-files#2757</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2768">tj-actions/changed-files#2768</a></li> <li>chore: update dist by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2769">tj-actions/changed-files#2769</a></li> <li>chore: update matrix-example.yml by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2752">tj-actions/changed-files#2752</a></li> <li>feat: add support for excluding symlinks and fix bug with commit not found by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2770">tj-actions/changed-files#2770</a></li> <li>chore(deps): bump github/codeql-action from 4.31.7 to 4.31.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2761">tj-actions/changed-files#2761</a></li> <li>Updated README.md by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2771">tj-actions/changed-files#2771</a></li> <li>chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2756">tj-actions/changed-files#2756</a></li> <li>chore(deps-dev): bump <code>@types/lodash</code> from 4.17.21 to 4.17.23 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2759">tj-actions/changed-files#2759</a></li> <li>fix: Update test.yml by <a href="https://github.com/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2781">tj-actions/changed-files#2781</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5">47.0.5</a> - (2026-03-03)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2805">#2805</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> (<a href="https://github.com/tj-actions/changed-files/commit/35dace0375d89e25e78db5f0a44127b61f4e5c20">35dace0</a>) - (github-actions[bot])</p> <ul> <li>Updated README.md (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2803">#2803</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/9ee99eb5bda5d6a67fedcd50ecd24fb10add2f41">9ee99eb</a>) - (github-actions[bot])</p> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.3.2 to 25.3.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2814">#2814</a>) (<a href="https://github.com/tj-actions/changed-files/commit/22103cc46bda19c2b464ffe86db46df6922fd323">22103cc</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.4 to 4.32.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2815">#2815</a>) (<a href="https://github.com/tj-actions/changed-files/commit/6c02e900a24488df269842eb1cf6ffe3391ce182">6c02e90</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2764">#2764</a>) (<a href="https://github.com/tj-actions/changed-files/commit/05f9457d921137103bb9687b6b571075f75a65f2">05f9457</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump lodash and <code>@types/lodash</code> (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2807">#2807</a>) (<a href="https://github.com/tj-actions/changed-files/commit/52ed872dd71bea01a73ce5c7c595e78cb9566401">52ed872</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2774">#2774</a>) (<a href="https://github.com/tj-actions/changed-files/commit/1cc574637935a98713e34cbd4e8cf01a985f942c">1cc5746</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump prettier from 3.7.4 to 3.8.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2775">#2775</a>) (<a href="https://github.com/tj-actions/changed-files/commit/de2962f9f408abd241f7c1a8b6cac3ab44358d1a">de2962f</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump github/codeql-action from 4.32.2 to 4.32.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2806">#2806</a>) (<a href="https://github.com/tj-actions/changed-files/commit/37e96ccbfefb9100f34f87d75c890c50c6e78d15">37e96cc</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2799">#2799</a>) (<a href="https://github.com/tj-actions/changed-files/commit/2180b0f05d03655e0bedd1657d13f6abc6313014">2180b0f</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2809">#2809</a>) (<a href="https://github.com/tj-actions/changed-files/commit/cf021c158c722f81dea97fe5edc8bd2de1cc2bc1">cf021c1</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Bump actions/download-artifact from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2810">#2810</a>) (<a href="https://github.com/tj-actions/changed-files/commit/b54ac6f17f95fdc4ec5ee3bf355ea7c354dc9c53">b54ac6f</a>) - (dependabot[bot])</li> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 25.2.2 to 25.3.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2811">#2811</a>) (<a href="https://github.com/tj-actions/changed-files/commit/0f2a510bd7ac84bc12cdc52c2094298bc26b1692">0f2a510</a>) - (dependabot[bot])</li> </ul> <h2><!-- raw HTML omitted -->⬆️ Upgrades</h2> <ul> <li>Upgraded to v47.0.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2802">#2802</a>)</li> </ul> <p>Co-authored-by: github-actions[bot] <41898282+github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com> Co-authored-by: Tonye Jack <a href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a href="https://github.com/tj-actions/changed-files/commit/b7ac303c8684d5e668c6c810e61a6fe32a53fe25">b7ac303</a>) - (github-actions[bot])</p> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4">47.0.4</a> - (2026-02-17)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Release-tagger action to version 6.0.6 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2801">#2801</a>) (<a href="https://github.com/tj-actions/changed-files/commit/7dee1b0c1557f278e5c7dc244927139d78c0e22a">7dee1b0</a>) - (Tonye Jack)</li> </ul> <h1><a href="https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3">47.0.3</a> - (2026-02-17)</h1> <h2><!-- raw HTML omitted -->🔄 Update</h2> <ul> <li>Release-tagger action to version 6.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2800">#2800</a>) (<a href="https://github.com/tj-actions/changed-files/commit/28b28f6e4e9e3d997beb9dce86cfd8cf0ce7c7f6">28b28f6</a>) - (Tonye Jack)</li> </ul> <h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Bump github/codeql-action from 4.31.10 to 4.32.2 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2790">#2790</a>) (<a href="https://github.com/tj-actions/changed-files/commit/875e6e5df8b8b00995fe6f0afd7ff1531ac1c47d">875e6e5</a>) - (dependabot[bot])</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tj-actions/changed-files/commit/22103cc46bda19c2b464ffe86db46df6922fd323"><code>22103cc</code></a> chore(deps-dev): bump <code>@types/node</code> from 25.3.2 to 25.3.3 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2814">#2814</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/6c02e900a24488df269842eb1cf6ffe3391ce182"><code>6c02e90</code></a> chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2815">#2815</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/05f9457d921137103bb9687b6b571075f75a65f2"><code>05f9457</code></a> chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2764">#2764</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/52ed872dd71bea01a73ce5c7c595e78cb9566401"><code>52ed872</code></a> chore(deps): bump lodash and <code>@types/lodash</code> (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2807">#2807</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/1cc574637935a98713e34cbd4e8cf01a985f942c"><code>1cc5746</code></a> chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2774">#2774</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/de2962f9f408abd241f7c1a8b6cac3ab44358d1a"><code>de2962f</code></a> chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2775">#2775</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/37e96ccbfefb9100f34f87d75c890c50c6e78d15"><code>37e96cc</code></a> chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2806">#2806</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/2180b0f05d03655e0bedd1657d13f6abc6313014"><code>2180b0f</code></a> chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2799">#2799</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/cf021c158c722f81dea97fe5edc8bd2de1cc2bc1"><code>cf021c1</code></a> chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2809">#2809</a>)</li> <li><a href="https://github.com/tj-actions/changed-files/commit/b54ac6f17f95fdc4ec5ee3bf355ea7c354dc9c53"><code>b54ac6f</code></a> chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2810">#2810</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tj-actions/changed-files/compare/e0021407031f5be11a464abee9a0776171c79891...22103cc46bda19c2b464ffe86db46df6922fd323">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li> <li>Remove deprecated inputs/outputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd"><code>4d04d5d</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/485">#485</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d"><code>cd74e05</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84"><code>eee38ec</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.79.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24"><code>7a83f65</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/484">#484</a> from docker/dependabot/github_actions/docker/setup-qe...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327"><code>a5aa967</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/464">#464</a> from crazy-max/rm-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3"><code>e73d53f</code></a> build(deps): bump docker/setup-qemu-action from 3 to 4</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312"><code>28a438e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/483">#483</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf"><code>034e9d3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be"><code>b4664d8</code></a> remove deprecated inputs/outputs</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba"><code>a8257de</code></a> node 24 as default runtime</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd">compare view</a></li> </ul> </details> <br /> Updates `linear/linear-release-action` from 0.4.0 to 0.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/linear/linear-release-action/releases">linear/linear-release-action's releases</a>.</em></p> <blockquote> <h2>v0.5.0</h2> <h2>What's Changed</h2> <ul> <li>Documentation improvements by <a href="https://github.com/RomainCscn"><code>@RomainCscn</code></a> in <a href="https://redirect.github.com/linear/linear-release-action/pull/8">linear/linear-release-action#8</a></li> <li>Add support for release_version, same as the CLI by <a href="https://github.com/RomainCscn"><code>@RomainCscn</code></a> in <a href="https://redirect.github.com/linear/linear-release-action/pull/9">linear/linear-release-action#9</a></li> <li>Set CLI version default to latest</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/linear/linear-release-action/compare/v0.4.0...v0.5.0">https://github.com/linear/linear-release-action/compare/v0.4.0...v0.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/linear/linear-release-action/commit/5cbaabc187ceb63eee9d446e62e68e5c29a03ae8"><code>5cbaabc</code></a> Make latest the default cli version</li> <li><a href="https://github.com/linear/linear-release-action/commit/7fb27ceb7e17ef4353a87f85f4fc1e3d3416c057"><code>7fb27ce</code></a> Add support for release_version, same as the CLI (<a href="https://redirect.github.com/linear/linear-release-action/issues/9">#9</a>)</li> <li><a href="https://github.com/linear/linear-release-action/commit/fbf0176c7348aa6444e5e3d14db454cb4f4baab8"><code>fbf0176</code></a> Ensure name is properly used when creating scheduled release (<a href="https://redirect.github.com/linear/linear-release-action/issues/8">#8</a>)</li> <li>See full diff in <a href="https://github.com/linear/linear-release-action/compare/v0.4.0...5cbaabc187ceb63eee9d446e62e68e5c29a03ae8">compare view</a></li> </ul> </details> <br /> Updates `benc-uk/workflow-dispatch` from 1.2.4 to 1.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/benc-uk/workflow-dispatch/releases">benc-uk/workflow-dispatch's releases</a>.</em></p> <blockquote> <h2>v1.3.1</h2> <h2>Features</h2> <ul> <li><strong>New <code>sync-status</code> input</strong> — when used with <code>wait-for-completion</code>, mirrors the triggered workflow's conclusion (failure/cancelled) back to this action's status (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Alternate <code>ref</code> default for PRs</strong> — automatically uses <code>github.head_ref</code> when running in a pull request context, avoiding <code>refs/pull/.../merge</code> errors (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/79">#79</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li><strong>Safer JSON input parsing</strong> — invalid <code>inputs</code> JSON now logs an error instead of throwing an unhandled exception (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Improved timeout handling</strong> — timeout now sets a distinct <code>timed_out</code> status and emits a warning instead of silently breaking (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><strong>Improved warning message formatting</strong> for workflow run timeout</li> </ul> <h2>Internal Changes & Chores</h2> <ul> <li>Replaced <code>console.log</code> calls with <code>core.info</code> for proper Actions log integration (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Removed stale <code>ref</code>/<code>inputs</code> parameters from the workflow list API call (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Expanded CI test matrix from 3 sequential steps to 9 parallel test jobs covering workflow lookup, output assertions, wait-for-completion, sync-status, and error handling (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Added CI path filters to skip docs-only changes (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Changed echo-3 test fixture from <code>workflow_call</code> to <code>workflow_dispatch</code> with deterministic failure (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Removed unused <code>.vscode/settings.json</code> (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>Added <code>.github/copilot-instructions.md</code> (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li>General project chores</li> </ul> <h2>Documentation Updates</h2> <ul> <li>No documentation updates in this release</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/7a027648b88c2413826b6ddd6c76114894dc5ec4"><code>7a02764</code></a> Improvements: sync-status, error handling, CI test coverage & path filters (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/84">#84</a>)</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/3162154e5e0697f47fb76f12ed5508c5f3c066d7"><code>3162154</code></a> Use alternate <code>ref</code> default for PRs (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/79">#79</a>)</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/4085c9787530f7d3f497838f77fce7b96a554397"><code>4085c97</code></a> project chores</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/6fd6de2826a993af5b50dfb55da903d4f1ca05ee"><code>6fd6de2</code></a> Improve warning message formatting for workflow run timeout</li> <li><a href="https://github.com/benc-uk/workflow-dispatch/commit/a54f9d194fed472732282ed1597dc4909e4b4080"><code>a54f9d1</code></a> 2026 refresh (<a href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/83">#83</a>)</li> <li>See full diff in <a href="https://github.com/benc-uk/workflow-dispatch/compare/e2e5e9a103e331dad343f381a29e654aea3cf8fc...7a027648b88c2413826b6ddd6c76114894dc5ec4">compare view</a></li> </ul> </details> <br /> Updates `aquasecurity/trivy-action` from c1824fd6edce30d7ab345a9989de00bbd46ef284 to 57a97c7e7821a5776cebc9bb87c984fa69cba8f1 | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aquasecurity/trivy-action/commit/57a97c7e7821a5776cebc9bb87c984fa69cba8f1"><code>57a97c7</code></a> chore(deps): Update trivy to v0.69.3 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/519">#519</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/97e0b3872f55f89b95b2f65b3dbab56962816478"><code>97e0b38</code></a> chore: bump Trivy version to v0.69.2 in test workflow and README (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/515">#515</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/4c61e6329bab9be735ca35291551614bc663dff3"><code>4c61e63</code></a> chore: bump default Trivy version to v0.69.2 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/513">#513</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/1bd062560b422f5944df1de50abd05162bea079e"><code>1bd0625</code></a> Merge pull request <a href="https://redirect.github.com/aquasecurity/trivy-action/issues/508">#508</a> from nikpivkin/feat/pass-yaml-ignore-file</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/bce3086c4aa186dadd6671d45ad6dd5d1b8440ac"><code>bce3086</code></a> remove unused init-cache target</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/5a9fbb1236dc1b5ee9e73b5a515009a1dc684548"><code>5a9fbb1</code></a> supress progress bar when download db</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/16154502cae788884830e8df2671639b8cbaa03f"><code>1615450</code></a> update trivyignores input description</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/df85774a457f1f0a32a8e5744c2bced057257d65"><code>df85774</code></a> add comment about fd3</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/56c8daebb96c35cabeeda8187a6dd3ec711d0a72"><code>56c8dae</code></a> remove unused variable</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li><a href="https://github.com/aquasecurity/trivy-action/commit/e368e328979b113139d6f9068e03accaed98a518"><code>e368e32</code></a> ci(test): add zizmor security linter for GitHub Actions (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/502">#502</a>)</li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | <li>Additional commits viewable in <a href="https://github.com/aquasecurity/trivy-action/compare/c1824fd6edce30d7ab345a9989de00bbd46ef284...57a97c7e7821a5776cebc9bb87c984fa69cba8f1">compare view</a></li> | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.16.0` | </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | crate-ci/typos | [>= 1.30.a, < 1.31] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Atif Ali <atif@coder.com> |
||
|
Matt Vollmer
|
0c9771a38b |
fix: search usage by name or username (#23317)
## Summary The search field on `/agents/settings/usage` previously only matched against usernames. This updates the SQL query to also match against the user's display name via `ILIKE`, and updates the frontend placeholder and variable names to reflect the broader search scope. ## Changes - **SQL** (`coderd/database/queries/chats.sql`, `coderd/database/queries.sql.go`): Added `OR u.name ILIKE '%' || @username::text || '%'` to the `GetChatCostPerUser` query's WHERE clause. - **Frontend** (`site/src/pages/AgentsPage/SettingsPageContent.tsx`): Renamed `usernameFilter`/`debouncedUsername` to `searchFilter`/`debouncedSearch`, updated placeholder to "Search by name or username". --- PR generated with Coder Agents |
||
|
Mathias Fredriksson
|
6afc1bac0b |
fix(coderd/chatd): exclude |& from background detection, add tests (#23313)
The ampersand detection treated bash's pipe-stderr operator (|&) as a trailing & for backgrounding, stripping it and producing a broken pipe command. Also adds tests for execute.go and chatloop context limit helpers, covering previously untested edge cases. |
||
|
Cian Johnston
|
2f50e89afd |
fix(coderd): bump workspace autostop deadline on chat heartbeat (#23314)
- Wire `workspacestats.ActivityBumpWorkspace` into `trackWorkspaceUsage` so the workspace build deadline is extended each time the chat heartbeat fires - Prevents mid-conversation autostop for chat workspaces - Updates `TestHeartbeatBumpsWorkspaceUsage` verifying the deadline bump > This PR was created with the help of Coder Agents, and was reviewed by two humans and their pet robots 🧑💻🤝🤖 |
||
|
Cian Johnston
|
7c3c7bb5e6 | refactor: extract test helpers in coderd/jobreaper to reduce duplication (#23001) | ||
|
Steven Masley
|
cc6766e64a |
chore: apply monotonic validation to workspace builds (#23180)
Still not applying at the dynamic parameters websocket. The wsbuilder is the source of truth for previous values, so this is the most accurate and still will fail in the synchronous api call to build a workspace. This mirrors how we handle immutable params. Closes https://github.com/coder/coder/issues/19064 |
||
|
Mathias Fredriksson
|
0a0c976a1a |
test(coderd/chatd): add P0 coverage tests for subagent auth and panic recovery (#23309)
The processChat defer at line 2464 catches panics on its main goroutine and transitions the chat to error status. This was previously untested. The test wraps the database Store to panic during PersistStep's InTx call, which runs synchronously on the processChat goroutine. A tool-level panic wouldn't work because executeTools has its own recover that converts panics into tool error results. |
||
|
Steven Masley
|
91d7516dc1 |
test: remove classic params from ephemeral params test (#23302)
Dynamic parameters supports ephemeral parameters. Updated the test to use dynamic parameters. Ephemeral params **require** a default value. Closes https://github.com/coder/coder/issues/19065 |
||
|
Kyle Carberry
|
742694eb20 |
fix: filter empty text/reasoning parts before sending to LLM (#23284)
## Problem Anthropic rejects requests containing empty text content blocks with: ``` messages: text content blocks must be non-empty ``` Empty text parts (`""` or whitespace-only like `" "`) get persisted in the database when a stream sends `TextStart`/`TextEnd` with no `TextDelta` in between. On the next turn, these parts are loaded from the DB and sent to Anthropic, which rejects them. ## Fix Filter empty/whitespace-only text and reasoning parts at the two LLM dispatch boundaries, without modifying persistence (the raw record is preserved): - **`partsToMessageParts()`** in `chatprompt.go` — filters when converting persisted DB messages to fantasy message parts for LLM calls. This is the last gateway before the Anthropic provider creates `TextBlockParam` objects. - **`toResponseMessages()`** in `chatloop.go` — filters when building in-flight conversation messages between steps within a single turn. Note: `flushActiveState()` (the interruption path) already had this guard — the normal `TextEnd` streaming path did not, but since we're not changing persistence, the fix is applied at the dispatch layer. |
||
|
Kyle Carberry
|
86cb313765 |
fix: update fantasy to fix OpenAI reasoning replay with Store enabled (#23297)
## Problem When `Store: true` is set for OpenAI Responses API calls (the new default), multi-turn conversations with reasoning models fail on the second message: ``` stream response: bad request: Item 'rs_xxx' of type 'reasoning' was provided without its required following item. ``` The fantasy library was reconstructing full `OfReasoning` input items (with encrypted content and summary) when replaying assistant messages. The API cannot pair these reconstructed reasoning items with the output items that originally followed them because the output items are sent as plain `OfMessage` without server-side IDs. ## Fix Updates the fantasy dependency (`kylecarbs/fantasy@cj/go1.25`) to skip reasoning parts during conversation replay in `toResponsesPrompt`. With `Store` enabled, the API already has the reasoning persisted server-side — it doesn't need to be replayed in the input. Fantasy PR: https://github.com/charmbracelet/fantasy/pull/181 ## Testing Adds `TestOpenAIReasoningRoundTrip` integration test that: 1. Sends a query to `o4-mini` (reasoning model with `Store: true`) 2. Verifies reasoning content is persisted 3. Sends a follow-up message — this was the failing step 4. Verifies the follow-up completes successfully Requires `OPENAI_API_KEY` env var to run. |
||
|
Michael Suchacz
|
6d214644f6 |
fix: make TestInterruptAutoPromotionIgnoresLaterUsageLimitIncrease deterministic (#23279)
Eliminates the timing flake in
`TestInterruptAutoPromotionIgnoresLaterUsageLimitIncrease` by making the
chatd worker loop clock-controllable.
## Changes
**`coderd/chatd/chatd.go`**
- Replace `time.NewTicker` calls in `Server.start()` with
`p.clock.NewTicker` using named quartz tags `("chatd", "acquire")` and
`("chatd", "stale-recovery")`.
**`coderd/chatd/chatd_test.go`**
- Inject `quartz.NewMock(t)` into the test via `newActiveTestServer`
config override.
- Trap the acquire ticker so the test controls exactly when pending
chats are reacquired.
- Rewrite the test flow as explicit clock-advance steps instead of
wall-clock polling.
**`AGENTS.md`**
- Document the PR title scope rule (scope must be a real path containing
all changed files).
## Validation
- `go test ./coderd/chatd -run
TestInterruptAutoPromotionIgnoresLaterUsageLimitIncrease -count=100` ✅
- `go test ./coderd/chatd` ✅
- `make lint` ✅
|
||
|
Thomas Kosiewski
|
83809bb380 |
feat: add token-to-cookie endpoint for embedded chat WebSocket auth (#23280)
## Problem The VS Code extension embeds the Coder agent chat UI in an iframe, passing the session token via `postMessage`. HTTP requests use the `Coder-Session-Token` header, but browser WebSocket connections **cannot carry custom headers** — they rely on cookies. This causes all WebSocket requests (e.g. streaming chat messages) to fail with authorization errors in the embedded iframe. ## Solution Add `POST /api/v2/users/me/session/token-to-cookie` — a lightweight endpoint that converts the current (already-validated) session token into a `Set-Cookie` response. The frontend embed bootstrap flow calls this immediately after `API.setSessionToken(token)`, before any WebSocket connections are opened. ### Backend (`coderd/userauth.go`, `coderd/coderd.go`) - New handler `postSessionTokenCookie` behind `apiKeyMiddleware`. - Reads the validated token via `httpmw.APITokenFromRequest(r)`. - Sets an `HttpOnly` cookie with the API key's expiry, applying site-wide cookie config (Secure, SameSite, host prefix) via `HTTPCookies.Apply`. - Returns `204 No Content`. ### Frontend (`site/src/pages/AgentsPage/EmbedContext.tsx`) - `bootstrapChatEmbedSessionFn` now calls the new endpoint after setting the header token and before fetching user/permissions. - The cookie is in place before any WebSocket connections are opened. ## Security - **No privilege escalation**: The token is already valid — this just moves it from a header credential to a cookie credential. - **POST only**: Avoids CSRF-via-navigation. - **Same origin**: The iframe loads from the Coder server, so the cookie applies to the correct domain. - **HttpOnly**: The cookie is not accessible to JavaScript. > Built with [Coder Agents](https://coder.com/agents) 🤖 |
||
|
Kyle Carberry
|
d8ff67fb68 |
feat: add MCP server configuration backend for chats (#23227)
## Summary
Adds the database schema, API endpoints, SDK types, and encryption
wrappers for admin-managed MCP (Model Context Protocol) server
configurations that chatd can consume. This is the backend foundation
for allowing external MCP tools (Sentry, Linear, GitHub, etc.) to be
used during AI chat sessions.
## Database
Two new tables:
- **`mcp_server_configs`**: Admin-managed server definitions with URL,
transport (Streamable HTTP / SSE), auth config (none / OAuth2 / API key
/ custom headers), tool allow/deny lists, and an availability policy
(`force_on` / `default_on` / `default_off`). Includes CHECK constraints
on transport, auth_type, and availability values.
- **`mcp_server_user_tokens`**: Per-user OAuth2 tokens for servers
requiring individual authentication. Cascades on user/config deletion.
New column on `chats` table:
- **`mcp_server_ids UUID[]`**: Per-chat MCP server selection, following
the same pattern as `model_config_id` — passed at chat creation,
changeable per-message with nil-means-no-change semantics.
## API Endpoints
All routes are under `/api/experimental/mcp/servers/` and gated behind
the `agents` experiment.
**Admin endpoints** (`ResourceDeploymentConfig` auth):
- `POST /` — Create MCP server config
- `PATCH /{id}` — Update MCP server config (full-replace)
- `DELETE /{id}` — Delete MCP server config
**Authenticated endpoints** (all users, enabled servers only for
non-admins):
- `GET /` — List configs (admins see all, members see enabled-only with
admin fields redacted)
- `GET /{id}` — Get config by ID (with `auth_connected` populated
per-user)
**OAuth2 per-user auth flow:**
- `GET /{id}/oauth2/connect` — Initiate OAuth2 flow (state cookie CSRF
protection)
- `GET /{id}/oauth2/callback` — Handle OAuth2 callback, store tokens
- `DELETE /{id}/oauth2/disconnect` — Remove stored OAuth2 tokens
## Security
- **Secrets never returned**: `OAuth2ClientSecret`, `APIKeyValue`, and
`CustomHeaders` are never in API responses — only boolean indicators
(`has_oauth2_secret`, `has_api_key`, `has_custom_headers`).
- **Field redaction for non-admins**: `convertMCPServerConfigRedacted`
strips `OAuth2ClientID`, auth URLs, scopes, and `APIKeyHeader` from
non-admin responses.
- **dbcrypt encryption at rest**: All 5 secret fields use `dbcrypt_keys`
encryption with full encrypt-on-write / decrypt-on-read wrappers (11
dbcrypt method overrides + 2 helpers), following the same pattern as
`chat_providers.api_key`.
- **OAuth2 CSRF protection**: State parameter stored in `HttpOnly`
cookie with `HTTPCookies.Apply()` for correct `Secure`/`SameSite` behind
TLS-terminating proxies.
- **dbauthz authorization**: All 18 querier methods have authorization
wrappers. Read operations use `ActionRead`, write operations use
`ActionUpdate` on `ResourceDeploymentConfig`.
## Governance Model
| Control | Implementation |
|---------|---------------|
| **Global kill switch** | `enabled` defaults to `false` |
| **Availability policy** | `force_on` (always injected), `default_on`
(pre-selected), `default_off` (opt-in) |
| **Per-chat selection** | `mcp_server_ids` on `CreateChatRequest` /
`CreateChatMessageRequest` |
| **Auth gate** | OAuth2 servers require per-user auth before tools are
injected |
| **Tool-level allow/deny** | Arrays on `mcp_server_configs` for
granular tool filtering |
| **Secrets encrypted at rest** | Uses `dbcrypt_keys` (same pattern as
`chat_providers.api_key`) |
## Tests
8 test functions covering:
- Full CRUD lifecycle (create, list, update, delete)
- Non-admin visibility filtering (enabled-only, field redaction)
- `auth_connected` population for OAuth2 vs non-OAuth2 servers
- Availability policy validation (valid values + invalid rejection)
- Unique slug enforcement (409 Conflict)
- OAuth2 disconnect idempotency
- Chat creation with `mcp_server_ids` persistence
## Known Limitations (Deferred)
These are documented and intentional for an experimental feature:
- **Audit logging** not yet wired — will add when feature stabilizes
- **Cross-field validation** (e.g., OAuth2 fields required when
`auth_type=oauth2`) — admin-only endpoint, will add when stabilizing
- **`force_on` auto-injection** — query exists but not yet wired into
chatd tool injection (follow-up)
- **Additional test coverage** — 403 auth tests, GET-by-ID tests,
callback CSRF tests planned for follow-up
## What's NOT in this PR
- Frontend UI (admin panel + chat picker)
- Actual MCP client connections (`chatd/chatmcp/` manager)
- Tool injection into `chatloop/`
|
||
|
Kyle Carberry
|
fdc2366227 |
chore: update fantasy dep to rebased cj/go1.25 branch (#23242)
Updates the `charm.land/fantasy` replace to the rebased `cj/go1.25` branch on `kylecarbs/fantasy`, which now includes: - **chore: downgrade to Go 1.25** - **feat: anthropic computer use** - **chore: use kylecarbs/openai-go fork for coder/coder compat** Switches the `openai-go/v3` replace from `SasSwart/openai-go` → `kylecarbs/openai-go`, which is the same SasSwart perf fork plus a fix for `WithJSONSet` being clobbered by deferred body serialization. Without the fix, `NewStreaming` silently drops `stream: true` from requests. See https://github.com/kylecarbs/openai-go/pull/2 for details. |
||
|
Ehab Younes
|
7a98b4a876 |
fix(coderd): gate OAuth2 well-known endpoints behind experiment flag (#23278)
- Add `RequireExperimentWithDevBypass` middleware to `/.well-known/oauth-authorization-server` and `/.well-known/oauth-protected-resource` routes, matching the existing `/oauth2` routes. - Clients can now detect OAuth2 support via unauthenticated discovery (404 = not available). Fixes #21608 |
||
|
Ethan
|
cda460f5df |
perf(coderd/chatd): skip same-replica stream DB rereads (#23218)
## Problem Scaletest follow-up storms showed that the chat stream path was doing a same-replica DB reread for every durable message it had already delivered locally. In a 600-chat / 10-turn run, `/stream`-attributed `GetChatMessagesByChatID` calls reached about 14.2k across 5,400 follow-up turns — roughly **2.63 rereads per turn**. The primary coderd replicas saturated their DB pools at 60/60 open connections during the storm window. The root cause: when pubsub was active, `Subscribe()` suppressed local durable `message` events and relied entirely on pubsub notify → `GetChatMessagesByChatID` for catch-up. Same-replica subscribers paid the full DB round-trip even though the persisting process was on the same replica. ## Solution Add a bounded per-chat **durable message cache** to `chatStreamState` so that same-replica subscribers can catch up from memory instead of the database. ### How it works 1. `publishMessage()` caches the SDK event in `chatStreamState` before local fanout and pubsub notify. 2. `publishEditedMessage()` replaces the cache with only the edited message, then publishes `FullRefresh`. 3. `Subscribe()` handles ordinary `AfterMessageID` notifies by first consulting the per-chat durable cache and only falling back to `GetChatMessagesByChatID` on cache miss. 4. `FullRefresh` always forces a DB reread (cache is bypassed). ### Safety properties - If the cache misses (e.g. message expired or remote replica), the DB catch-up still runs — no silent message loss. - `FullRefresh` (edits) always rereads from the database. - Remote replicas still use the pubsub + DB path unchanged. - The cache is bounded (`maxDurableMessageCacheSize = 256`) and scoped per chat — no unbounded memory growth. ## Impact This change removes the entire same-replica portion of the stream rereads. Based on the 600-chat follow-up run, the upper bound on saved work is the same-replica share of about 14.2k `GetChatMessagesByChatID` rereads, with the observed total stream reread rate at about 2.63 rereads per follow-up turn. |
||
|
Cian Johnston
|
be1c06dec9 |
feat: add endpoint and CLI for users to view their own OIDC claims (#23053)
- Adds a new API endpoint `GET /api/v2/users/oidc-claims` that returns only the **merged claims** (not the separate id_token/userinfo breakdown). Scoped exclusively to the authenticated user's own identity — no user parameter, so users cannot view each other's claims. - Adds a new CLI command:** `coder users oidc-claims` that hits the above endpoint. - The existing owner-only debug endpoint is preserved unchanged for admins who need the full claim breakdown. > 🤖 This PR was created with the help of Coder Agents, and will be reviewed by my human. 🧑💻 |
||
|
Hugo Dutka
|
d285a3e74e |
fix: handle null bytes in chat messages (#22946)
This PR fixes a bug where if a tool result contained binary data it wouldn't be persisted to the database. `jsonb` in Postgres is unable to store null bytes which are sometimes output by tool results. This change makes it so that we encode them with a special escape sequence before saving them to the database, and decode them on read. <img width="808" height="637" alt="Screenshot 2026-03-11 at 13 14 06" src="https://github.com/user-attachments/assets/9be353eb-ff26-40ec-9f0a-195022b11f43" /> |
||
|
Kyle Carberry
|
147d627505 |
fix: deduplicate PR insights, fix cost computation, simplify UI (#23251)
## Problem The `/agents/settings/insights` page had several issues: 1. **Duplicate PRs** in "Recent Pull Requests" — multiple chats referencing the same PR URL each produced a row 2. **Wildly wrong costs** — the cost subquery summed ALL messages across the entire chat *tree* (`GROUP BY root_chat_id`), so every chat in a tree got the same inflated total. When aggregated, the same tree cost was counted N× per PR in that tree 3. **UI clutter** — too many stat cards, too many table columns, mixed naming conventions ## Fix ### Backend (SQL) - **Deduplicate by PR URL** using `DISTINCT ON (COALESCE(cds.url, c.id::text))` across all 4 queries - **Fix cost computation**: use two CTEs — `pr_costs` sums cost from ALL chats that reference a PR (so review chats contribute), `deduped` picks one row per PR for state/additions/deletions via DISTINCT ON - **Tests**: 3 subtests covering multi-chat cost summing, different PRs no duplication, and duplicate URL counted once ### Frontend - **3 stat cards** (down from 5): Merged, Merge rate, Cost / merge - **2-line chart** (down from 3): created (dashed) + merged (solid) - **4-column model table** (down from 7): Model, Merged, Merge rate, Cost/merge - **4-column recent table** (down from 7): Title, Status, Cost, Created — with `table-fixed` to prevent overflow - **Consistent naming**: no mixed PR/PRs abbreviation, contextual labels since page title establishes context |
||
|
Cian Johnston
|
14ed3e3644 |
feat: bump workspace last_used_at on chat heartbeat (#23205)
- coderd: Wires `options.WorkspaceUsageTracker` into the chatd config. - chatd: Adds `UsageTracker` and calls `UsageTracker.Add(workspaceID)` on each heartbeat tick - chatd: adds tests to verify `last_used_at` bump behaviour > 🤖 This PR was created with the help of Coder Agents, and will be reviewed by my human. 🧑💻 |
||
|
Kyle Carberry
|
1f0d896fc9 |
feat: add deleted flag to chat messages for soft-delete (#23223)
Adds a `deleted` boolean column to the `chat_messages` table. Messages are never physically deleted from the database — instead they are marked as deleted so that usage and cost data is preserved. ## Changes ### Migration - New migration (000444) adds `deleted boolean NOT NULL DEFAULT false` to `chat_messages` ### SQL queries - `DeleteChatMessagesAfterID` → `SoftDeleteChatMessagesAfterID` (UPDATE SET deleted=true instead of DELETE) - New `SoftDeleteChatMessageByID` query for single-message soft-delete - All read queries now filter `deleted = false`: - `GetChatMessageByID` - `GetChatMessagesByChatID` - `GetChatMessagesByChatIDDescPaginated` - `GetChatMessagesForPromptByChatID` (both CTE and main query) - `GetLastChatMessageByRole` - Cost/usage queries (`GetChatCostSummary`, `GetChatCostPerModel`, etc.) intentionally still include deleted messages to preserve accurate spend tracking ### EditMessage behavior - Previously: updated the message content in-place + hard-deleted subsequent messages - Now: soft-deletes the original message + soft-deletes subsequent messages + inserts a new message with the updated content - This preserves the original message data (tokens, cost, content) in the database |
||
|
Kyle Carberry
|
cbe29e4e25 |
fix: encode non-ASCII filenames in chat file upload header (#23241)
## Problem Uploading a file on the `/agents` chat page fails with: ``` Failed to execute 'setRequestHeader' on 'XMLHttpRequest': String contains non ISO-8859-1 code point. ``` This happens when the image filename contains non-ASCII characters (e.g. CJK characters from macOS screenshots like `スクリーンショット.png`, accented characters, emoji, etc.). HTTP headers only support ISO-8859-1 code points, and the filename was being interpolated directly into the `Content-Disposition` header. ## Fix Use [RFC 5987](https://datatracker.ietf.org/doc/html/rfc5987) `filename*=UTF-8''` encoding so the percent-encoded name is always valid in the header. A static ASCII `filename="file"` fallback is included for older clients. The server already uses Go's `mime.ParseMediaType` which decodes `filename*` automatically, so no backend changes are needed. ### Before ```ts "Content-Disposition": `attachment; filename="${file.name}"` ``` ### After ```ts "Content-Disposition": `attachment; filename="file"; filename*=UTF-8''${encodeURIComponent(file.name)}` ``` ## Testing Added a server-side test (`TestGetChatFile/UnicodeFilename`) that uploads with a Japanese filename and verifies it round-trips correctly through the `Content-Disposition` header. |
||
|
Kyle Carberry
|
90cf4f0a91 |
refactor: consolidate chat streaming endpoints under /stream (#23248)
Moves per-chat streaming/watch endpoints under a `/stream` sub-route for
better API consistency:
| Before | After |
|--------|-------|
| `GET /{chat}/stream` | `GET /{chat}/stream/` |
| `GET /{chat}/desktop` | `GET /{chat}/stream/desktop` |
| `GET /{chat}/git/watch` | `GET /{chat}/stream/git` |
### Changes
- **`coderd/coderd.go`** — Route definitions: replaced flat routes with
`r.Route("/stream", ...)` sub-router
- **`site/src/api/api.ts`** — Updated WebSocket URLs for `watchChatGit`
and `watchChatDesktop`
- **`coderd/chats_test.go`** — Updated desktop test URL
- **`coderd/workspaceagents_internal_test.go`** — Updated git watcher
test URLs (route mounts + dial URLs)
- **`site/src/pages/AgentsPage/AgentDetail.stories.tsx`** — Updated
storybook WebSocket mock paths
|
||
|
Cian Johnston
|
0b13ba978a |
fix: rename chat logger from coderd.chats.chat-processor to coderd.chatd.processor (#23246)
- Rename logger `coderd.chats` to `coderd.chatd` in `coderd.go` - Rename sub-logger `chat-processor` to `processor` in `chatd/chatd.go` |
||
|
Kyle Carberry
|
d4a072b61e |
fix: address review comments on InsertChatMessages (#23239)
Follow-up to #23220, addressing Cian's review comments: - **SQL casing**: Uppercase `UNNEST` to match `NULLIF`/`COALESCE` convention in the query. - **Builder pattern**: `chatMessage` struct now uses unexported fields with a `newChatMessage` constructor for required fields (role, content, visibility, modelConfigID, contentVersion) and chainable builder methods (`withCreatedBy`, `withCompressed`, `withUsage`, `withContextLimit`, `withTotalCostMicros`, `withRuntimeMs`) for optional/nullable fields. - **Batch test in chats_test**: Replaced the `for i := 0; i < 2` loop with a single batch insert of 2 messages to actually exercise the batch logic. - **Multi-message querier test**: Added `BatchInsertMultipleMessages` test verifying 3-message batch insert with role ordering, sequential IDs, nullable field semantics (NULL for zero UUIDs and zero ints), and token/cost assertions. --------- Co-authored-by: Cian Johnston <cian@coder.com> |
||
|
Steven Masley
|
c46136ff73 |
chore: update coder/trivy override (#23230)
Coder/preview does this update as well. Because it is a `replace`, we have to manually update our `replace` too |
||
|
Cian Johnston
|
65b7658568 |
chore: extract testutil.FakeSink for slog test assertions (#23208)
Follow-up to [review comment on #23025](https://github.com/coder/coder/pull/23025#discussion_r2930309487) from @mafredri. Extracts the repeated `logSink` / `fakeSink` test pattern into a shared `testutil.FakeSink` and migrates all existing call sites. > 🤖 This PR was created with the help of Coder Agents, and will be reviewed by my human. 🧑💻 --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
Kyle Carberry
|
483adc59fe |
feat: replace InsertChatMessage with batch InsertChatMessages (#23220)
Replaces the singular `InsertChatMessage` query with `InsertChatMessages` that uses PostgreSQL's `unnest()` for batch inserts. This reduces the number of database round-trips when inserting multiple messages in a single transaction. ## Changes - **SQL**: New `InsertChatMessages :many` query using `unnest()` arrays following the existing codebase pattern (e.g., `InsertWorkspaceAgentStats`). Preserves the CTE that updates `chats.last_model_config_id` using the last non-null model config from the batch. Uses `NULLIF` for UUID columns to handle NULL foreign keys. - **Go layers**: Updated `querier.go`, `dbauthz.go`, `dbmetrics/querymetrics.go`, `dbmock/dbmock.go`, and `queries.sql.go` to use the new batch signature (`[]ChatMessage` return type, array params). - **chatd.go**: All call sites converted to batch inserts: - **CreateChat**: System prompt + user message batched into one call - **persistStep**: Assistant message + tool messages batched into one call - **persistSummary**: Hidden summary + assistant + tool messages batched into one call - Single-message sites use the same API with single-element arrays - **Helper**: New `appendChatMessage` function simplifies building batch params at each call site. - **Tests**: All test files updated to use the new API. Builds on top of #23213. |
||
|
Kyle Carberry
|
d6fef96d72 |
feat: add PR insights analytics dashboard (#23215)
## What Adds a new admin-only **PR Insights** page for the `/agents` analytics view — a dashboard for engineering leaders to understand code shipped by AI agents. ### Backend - `GET /api/v2/chats/insights/pull-requests` — admin-only endpoint - 4 SQL queries in `chatinsights.sql` aggregating `chat_diff_statuses` joined with chat cost data (via root chat tree rollup) - Runs 5 parallel DB queries: current summary, previous summary (for trends), time series, per-model breakdown, recent PRs - SDK types auto-generate to TypeScript ### Frontend (`PRInsightsView`) - **Stat cards**: PRs created, Merged, Merge rate, Lines shipped, Cost/merged PR — with trend badges comparing to previous period - **Activity chart**: Stacked area chart (created/merged/closed) using git color tokens (`git-added-bright`, `git-merged-bright`, `git-deleted-bright`) - **Model performance table**: Per-model PR counts, inline merge rate bars, diff stats, cost breakdown - **Recent PRs table**: Status badges, review state icons, author info, external links - **Time range filter**: 7d/14d/30d/90d button group - **4 Storybook stories**: Default, HighPerformance, LowVolume, NoPRs ### Data source All PR data comes from the existing `chat_diff_statuses` table (populated by the `gitsync.Worker` background job that polls GitHub every 120s). No new data collection required. ### Screenshot View in Storybook: `pages/AgentsPage/PRInsightsView` |
||
|
Kyle Carberry
|
4dd8531f37 |
feat: track step runtime_ms on chat messages (#23219)
## Summary Adds a `runtime_ms` column to `chat_messages` that records the wall-clock duration (in milliseconds) of each LLM step. This covers LLM streaming, tool execution, and retries — the full time the agent is "alive" for a step. This is the foundation for billing by agent alive time. The column follows the same pattern as `total_cost_micros`: stored per assistant message, aggregatable with `SUM()` over time periods by user. ## Changes - **Migration**: adds nullable `runtime_ms bigint` to `chat_messages`. - **chatloop**: adds `Runtime time.Duration` field to `PersistedStep`, measures `time.Since(stepStart)` at the beginning of each step (covering stream + tool execution + retries). - **chatd**: passes `step.Runtime.Milliseconds()` to the assistant message `InsertChatMessage` call; all other message types (system, user, tool) get `NULL`. - **Tests**: adds `runtime > 0` assertion in chatloop tests. ## Billing query pattern Once ready, aggregation mirrors the existing cost queries: ```sql SELECT COALESCE(SUM(cm.runtime_ms), 0)::bigint AS total_runtime_ms FROM chat_messages cm JOIN chats c ON c.id = cm.chat_id WHERE c.owner_id = @user_id AND cm.created_at >= @start_time AND cm.created_at < @end_time AND cm.runtime_ms IS NOT NULL; ``` |
||
|
Kacper Sawicki
|
1e07ec49a6 |
feat: add merge_strategy support for coder_env resources (#23107)
## Description Implements the server-side merge logic for the `merge_strategy` attribute added to `coder_env` in [terraform-provider-coder v2.15.0](https://github.com/coder/terraform-provider-coder/pull/489). This allows template authors to control how duplicate environment variable names are combined across multiple `coder_env` resources. Relates to https://github.com/coder/coder/issues/21885 ## Supported strategies | Strategy | Behavior | |----------|----------| | `replace` (default) | Last value wins — backward compatible | | `append` | Joins values with `:` separator (e.g. PATH additions) | | `prepend` | Prepends value with `:` separator | | `error` | Fails the build if the variable is already defined | ## Example ```hcl resource "coder_env" "path_tools" { agent_id = coder_agent.dev.id name = "PATH" value = "/home/coder/tools/bin" merge_strategy = "append" } ``` ## Changes - **Proto**: Added `merge_strategy` field to `Env` message in `provisioner.proto` - **State reader**: Updated `agentEnvAttributes` struct and proto construction in `resources.go` - **Merge logic**: Added `mergeExtraEnvs()` function in `provisionerdserver.go` with strategy-aware merging for both agent envs and devcontainer subagent envs - **Tests**: 15 unit tests covering all strategies, edge cases (empty values, mixed strategies, multiple appends) - **Dependency**: Bumped `terraform-provider-coder` v2.14.0 → v2.15.0 - **Fixtures**: Updated `duplicate-env-keys` test fixtures and golden files ## Ordering When multiple resources `append` or `prepend` to the same key, they are processed in alphabetical order by Terraform resource address (per the determinism fix in #22706). |
||
|
Steven Masley
|
84de391f26 |
chore: add tallyman events for ai seat tracking (#22689)
AI seat tracking inserted as heartbeat into usage table. |
||
|
Kyle Carberry
|
b83b93ea5c |
feat: add workspace awareness system message on chat creation (#23213)
When a chat is created via `chatd`, a system message is now inserted informing the model whether the chat was created with or without a workspace. **With workspace:** > This chat is attached to a workspace. You can use workspace tools like execute, read_file, write_file, etc. **Without workspace:** > There is no workspace associated with this chat yet. Create one using the create_workspace tool before using workspace tools like execute, read_file, write_file, etc. This is a model-only visibility system message (not shown to users) that helps the model understand its available capabilities upfront — particularly important for subagents spawned without a workspace, which previously would attempt to use workspace tools and fail. **Changes:** - `coderd/chatd/chatd.go`: Added workspace awareness constants and inserted the system message in `CreateChat` after the system prompt, before the initial user message. - `coderd/chatd/chatd_test.go`: Added `TestCreateChatInsertsWorkspaceAwarenessMessage` with sub-tests for both with-workspace and without-workspace cases. |