AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app
History
Petr Simecek 2dfb246996
release(0.11.5): post-merge follow-up — Devin review fixes + authlib warning silenced (#74) 
Cuts 0.11.5 with all the [Unreleased] bullets that landed on top of PR #73
between commit a899877 (the original "v0.11.4" tag in the chain) and the
final merge commit on main. No new public-API surface; the user-visible
payoff is that v8→v9-migrated installations work end-to-end (login flows,
GET /api/users, admin nav, the new role-management REST API and its
last-admin protection) and `make local-dev` startup is finally quiet.

Bullets covered (full text in CHANGELOG.md [0.11.5]):
- _hydrate_legacy_role re-resolves from grants on every request — fixes
  privilege-retention after grant revoke via the role-management API.
- Dev-bypass + OAuth callback now pass user_id to resolve_internal_roles
  so direct grants land in the session cache (not the DB-fallback path).
- GET /api/users hydrates user dicts before Pydantic validation
  (HTTP 500 on every migrated install) + same fix for update/delete
  paths so last-admin protection triggers on migrated admins.
- Scheduler stopped spamming POST /auth/token 401 — the auto-fetch
  fallback was always broken; SCHEDULER_API_TOKEN is now the only path.
- POST /auth/token / Google OAuth / password / email-magic-link all
  hydrate user["role"] before issuing the JWT (Pydantic 500 + wrong
  token payload). New TestAuthLoginFlowsPostMigration regression class.
- docs/RBAC.md no longer documents the non-existent implies= keyword
  on register_internal_role.
- _seed_core_roles now actually runs on every connect (the docstring
  was lying — only ran during fresh install + v8→v9). New
  TestSeedCoreRolesSafetyNet regression class.

This commit also adds:
- AuthlibDeprecationWarning suppression at app/main.py top — upstream-
  internal forward-compat note from authlib._joserfc_helpers, not
  actionable on our side. Filter is targeted by class (with a
  message-based fallback) so other DeprecationWarnings remain visible.
- pyproject.toml version: 0.11.4 → 0.11.5.
- CHANGELOG.md: [Unreleased] → [0.11.5] — 2026-04-27, new empty
  [Unreleased] skeleton appended for the next PR to land on.

Tag v0.11.5 follows; keboola-deploy-v0.11.5 tag triggers the
keboola-deploy.yml workflow for agnes-dev.keboola.com.
2026-04-27 02:32:18 +02:00
..
api feat(auth): unified role management — UI + REST API + CLI + schema v9 (v0.11.4) (#73) 2026-04-27 02:23:01 +02:00
auth feat(auth): unified role management — UI + REST API + CLI + schema v9 (v0.11.4) (#73) 2026-04-27 02:23:01 +02:00
web feat(auth): unified role management — UI + REST API + CLI + schema v9 (v0.11.4) (#73) 2026-04-27 02:23:01 +02:00
__init__.py feat: add FastAPI server with auth, RBAC, and all API endpoints 2026-03-27 15:19:18 +01:00
instance_config.py fix: address PR review findings — config write, CalVer, error handling 2026-04-10 13:16:40 +02:00
main.py release(0.11.5): post-merge follow-up — Devin review fixes + authlib warning silenced (#74) 2026-04-27 02:32:18 +02:00
secrets.py fix: address Devin review round 5 — empty secret file, CI .env 2026-04-10 14:55:31 +02:00
utils.py feat: add graceful shutdown handler 2026-04-09 07:03:45 +02:00