64cf78860d
* feat(unified-stack): Browse + My Stack + Recipes + RBAC matrix (v49–v55)
Squash of 94 commits spanning the v49 → v55 unified-stack rewrite.
Full per-feature breakdown lives in CHANGELOG.md under [Unreleased].
Major buckets:
* v49 schema — first-class user_groups + user_group_members +
resource_grants; admin can CRUD groups and grants; Google
Workspace nightly sync writes into the new tables.
* v49 data_packages — admin-curated bundles of tables, RBAC-gated,
first-class section on /catalog Browse + My Stack.
* v49 memory_domains — row-backed (replaces hardcoded VALID_DOMAINS
enum); admin can CRUD; grants follow the same shape as tables and
packages.
* v50 cover_image_url + admin sidebar collapsibles + per-row Mode
tooltip + admin queue domain badges + admin "+ New Item" seed flow.
* v51 lifecycle status (prod/poc/coming-soon/draft) + category +
palette swatches on admin modals.
* v52 per-table detail page /catalog/t/<id>.
* v53 Recipes — admin-curated SQL templates as a second tab on
/catalog with full Edit/Delete admin affordances.
* v54 soft-delete (deleted_at) + Undo toast for packages, memory
domains, and recipes; hard_delete() retained as escape hatch.
* v55 Recipes RBAC — ResourceType.RECIPE registered, inline Group
Access matrix on Create + Edit Recipe modals (mirrors the Memory
Domain pattern).
* Activity Center per-resource filter (resource_prefix LIKE-anchored
on audit_log.resource); admin nav g+letter keyboard shortcuts;
loadAdminTablesLayout N+1 → single endpoint; /api/memory 30s
page-level cache.
* CI hardening — Keboola legacy tests pytest.importorskip; perf-
smoke threshold widened to stop cold-cache flake.
5002 tests passing, 35 skipped.
* feat(p2 backlog): Cmd-K palette + suggest-a-domain + nightly E2E + v55 schema
10-item P2 sweep on top of the unified-stack squash. New behaviour:
* Cmd-K admin command palette (base.html) — fuzzy-search overlay over
admin + user-facing routes. Arrows/Enter to navigate, Esc to close.
* Stack-tabs digit shortcuts — 1/2/3 switch Browse / My Stack /
Recipes on /catalog + /corporate-memory.
* Friendlier non-admin empty state on /corporate-memory, plus a
"Suggest a domain" CTA → POST /api/memory-domain-suggestions, admin
queue with approve/reject. Backed by a new memory_domain_suggestions
table (schema v55).
* /admin/corporate-memory 7-tab strip grouped under Moderation /
Catalog parent labels.
* Bulk-assign table → package dropdown annotates each option with
"(N of M tables already in)" so the existing distribution is visible
before picking a target.
* GET /api/memory + /tree accept is_required filter; admin status
dropdowns route the "Required" sentinel onto it (status no longer
holds 'mandatory' post-v49, so the old dropdown returned nothing).
* chip-input.js is now opt-in per template via {% block extra_scripts %}
instead of loaded globally on every page from base.html.
* Edit-modal close helpers consolidated onto _closeEditModalById();
docs the per-source-type modal architecture decision.
* New .github/workflows/e2e-nightly.yml runs agent-browser smoke
scripts (scripts/e2e/smoke_*.sh) against a docker-compose stack
nightly at 04:30 UTC; failures open an agent-browser-nightly issue.
5012 tests passing, 35 skipped.
* fix(visual audit): 6 page regressions on memory + data-package surfaces
agent-browser walkthrough of every memory + data-package page in the PR
turned up 6 real bugs. Fixes:
1. Admin memory modals were dead. Duplicate `let _cmdNewDomainId`
declarations from the deprecated step-2 RBAC stubs in
admin_corporate_memory.html collided with the live state vars
declared earlier in the same <script> → SyntaxError on parse →
the entire second script block silently failed → every inline
onclick= handler defined there (`+ New Memory Domain`, Edit, etc.)
was a no-op. Removed the duplicate stubs.
2. /catalog/t/<table_id> + /catalog/r/<slug> rendered unstyled.
Both templates injected their CSS via {% block head %} but
base.html exposes {% block head_extra %} — wrong block name
meant <style> rules never reached the rendered HTML. Renamed
to head_extra. Hero card, section cards, dark SQL block, proper
full-width inputs all now render as designed.
3. L49 leak — "MANDATORY" KPI label + "Make Mandatory" row buttons
on /admin/corporate-memory still used the old word. Renamed to
"Required" / "Mark as Required" so UI matches the data model
(v49 split moved the Required tier onto the orthogonal
is_required boolean; status no longer holds 'mandatory').
4. Activity Center Resource dropdown didn't know the v55
`memory_domain_suggestion:` namespace — added it.
5. Tab strip on /admin/corporate-memory wrapped text 2× per button
on narrow viewports after the L50 MODERATION/CATALOG group
labels pushed total width past most viewports. Switched the
strip to flex-wrap:nowrap + overflow-x:auto with
white-space:nowrap + flex-shrink:0 on every direct child so the
tabs stay one row and slide horizontally when they overflow.
5012 tests passing, 35 skipped.
* rebase-cleanup: align with main's 0.54.25-27 API design + comment fix
Three follow-on fixes after rebasing onto origin/main (0.54.27):
* admin_tables.html: dropped a stray nested ``{% if data_source_type
== 'keboola' %}`` around ``prefillFromKeboolaTable`` (main never had
it; the outer Phase F2 guard already covers it) and reworded a JS
comment that contained literal ``{% %}`` tokens which Jinja was
parsing as a real tag → unbalanced if/endif → 30 template render
failures across the suite.
* /api/stack/subscription/{type}/{id}: DELETE now returns 204 instead
of 200 per the 0.54.26 design rules. CLI client + parity tests
updated to accept 2xx / assert 204.
* Memory-domain suggestion approve/reject paths added to
``_VERB_PATH_ALLOWLIST`` — they are pending → approved/rejected
state-machine transitions (approve also creates the real
memory_domains row as a side effect), so the RPC shape is
intentional rather than a missed PATCH refactor.
5035 tests passing, 35 skipped.
* fix(catalog_table_detail): real polish pass — hero glyph, dedup pills, rows/size meta, scoped sync CTA
The previous fix only got the block-name typo so the existing CSS rendered.
The actual layout was still wireframe-tier on close inspection:
* No cover glyph in the hero (a flat white card with title + meta line);
data-package + memory-domain detail pages both have a colored icon
square. Restored parity — table.icon emoji if set, otherwise initials
on a colored square using table.color.
* "INTERNAL" pill rendered twice for agnes_audit etc. — the mode pill
and the source-type pill happened to be identical strings. Now skip
the source pill when it matches the mode (`internal == internal`).
* Bucket / source_table code chip showed `Agnes Internal.audit_log` for
internal rows — meaningless to a user. Hidden when source_type is
internal.
* `pairs_well_with` admin input was a comma-separated `<input>` always
visible. Wrapped all 4 sections in an Edit-on-demand toggle: read-
only display by default, "+ Add" / "Edit" button on the right edge
of each section header reveals the inline form, Cancel hides it.
* "Trigger sync now" was a cramped link squashed into the empty-state
flex row (visible as `Tr…` overflow before). Promoted to a proper
btn-primary button under the empty-state copy. Hidden entirely for
internal tables (which are server-managed — no upstream to pull).
* Hero meta now surfaces row count + payload size (when sync_state has
them) + last sync timestamp on a single line — was missing from the
original.
* Mode pills colored by tier (local=green, remote=amber, materialized=
blue, internal=gray) so the basic fact about a table reads at a
glance, not from upper-cased ALL-CAPS text alone.
* tests(v56): TDD baseline for extended data-packages content + per-table docs
68 failing tests across 8 files spec the v56 surface before any
implementation lands:
* test_schema_v55_to_v56_migration.py — schema bump, additive ALTERs
on data_packages + table_registry, idempotency, sequential-upgrade
preservation
* test_data_packages_repo_v56.py — repo create/update/get/list for
owner_name, owner_team, tags, long_description, when_to_use,
when_not_to_use, example_questions (JSON list round-trip, empty
defaults, partial-update preservation)
* test_table_registry_v56_docs.py — update_docs for grain, platforms,
partition_col, history, gotchas; preserves v52 docs columns
* test_api_data_packages_v56.py — PUT/POST/GET for all new fields,
field-level validation (tag count, bullet length, description size),
virtual badge derivation (curated/new)
* test_api_registry_docs_v56.py — PATCH /api/admin/registry/{id}/docs
for v56 fields, validation, RBAC unchanged
* test_web_catalog_package_detail_v56.py — /catalog/p/<slug> rewrite
asserts on rendered owner line, tag pills, badges, What it is,
Use it when, Skip it when, Example questions, per-table extended
detail in collapsible row, key-gotcha distinctness, admin-only Edit
* test_web_stack_card_v56_metadata.py — Browse-grid card additions
(owner chip, tag chips, badges) without breaking back-compat for
rows missing the new fields
* test_data_packages_no_vendor_content.py — CI guard: scans app/ +
src/ + cli/ + config/ + scripts/ for Groupon-specific tokens from
the colleague's spec MD; fails if any leak into OSS surfaces
* test_db_schema_version.py — bumped 55 → 56 with rationale
Plus updates schema-version assertion to 56. Implementation lands in
subsequent commits (schema migration → repo → API → templates).
* feat(v56): schema + repo for extended data-packages content
Schema additions (ALTER ADD COLUMN IF NOT EXISTS — additive + idempotent):
* data_packages: owner_name, owner_team, tags, long_description,
when_to_use, when_not_to_use, example_questions (JSON-as-VARCHAR for
the lists)
* table_registry: grain, platforms, partition_col, history, gotchas
(extends the v52 sample_questions / things_to_know / pairs_well_with
docs surface with structured per-table content)
Repo extensions:
* DataPackagesRepository.create + update accept the new fields with
the same Optional-is-no-op contract as v51 (pass an empty list to
clear a JSON column)
* _decode_row decodes the new JSON-list columns to Python lists; NULL
rounds back to [] so callers don't branch
* TableRegistryRepository.update_docs grew the v56 fields alongside
the existing v52 ones — single PATCH can write either tier
atomically
* TableRegistryRepository._decode_row picks up platforms + gotchas in
the same NULL-tolerant decoder
22 repo + migration tests passing. API + UI land in subsequent commits.
* feat(v56): API surface for extended data-packages + per-table docs
CreateDataPackageRequest + UpdateDataPackageRequest grew the v56 fields
(owner_name, owner_team, tags, long_description, when_to_use,
when_not_to_use, example_questions) with per-field validators that
match the Foundry spec checklist:
* tags: ≤8 entries × ≤30 chars
* long_description: ≤4000 chars
* use/skip: ≤8 bullets × ≤200 chars
* example_questions: ≤12 × ≤200 chars
_serialize emits all v56 fields plus a virtual ``badges`` list derived
server-side at render time (no DB column needed): "curated" when the
creator is in the Admin group, "new" within 30 days of created_at.
Backdating created_at or admin-status changes pick up automatically.
PATCH /api/admin/registry/{id}/docs extended with v56 structured
per-table fields (grain, platforms, partition_col, history, gotchas).
gotchas: list of {key: bool, body: str} Pydantic models with the same
≤8 cap; first key=true entry becomes the Key gotcha on the rendered
package detail page. PATCH echoes the fresh state so callers can
re-render without a second GET.
26 API tests passing (16 data-packages + 10 registry-docs).
* feat(v56): /catalog/p/<slug> rewrite + Browse-grid card augmentation
The third (and final) v56 commit lights up the UI surfaces backed by
the schema + API commits earlier in this PR:
* /catalog/p/<slug> template rebuilt around the Foundry spec's
section ladder — hero (icon + name + badges + owner + tags +
description + meta + Add-to-stack), "What it is" markdown body,
paired "Use it when / Skip it when" panels, "Tables in this
package" with collapsible per-table extended detail (grain /
platforms / partition_col / history / gotchas + sample questions),
and an "Example questions you can ask Claude" prompt panel. Each
section guarded by ``{% if pkg.<field> %}`` — empty content fields
hide the section entirely (no "No X yet" placeholder noise on the
public-facing drilldown).
* router catalog_package_detail hydrates per-table v56 fields onto
the tables list + derives the virtual badges (curated / new)
server-side from creator-in-Admin + 30-day created_at.
* StackResolver.ResourceEntry grew owner_name / owner_team / tags /
badges; _fetch_entries pulls the v56 columns + computes badges
once per fetch using a single Admin-group SELECT.
* _data_package_entry_dict adapter passes the new fields through to
the macro; tags are merged source-type pills + admin-authored
category tags per the spec convention.
* _stack_card.html renders the v56 badges (top-left, data-badge=
hooks) + the owner chip (data-card-owner hook) without breaking
back-compat — pre-v56 rows render unchanged.
* Admin PUT handler strips the v56 docs fields from the
read-modify-write merged dict so register() doesn't blow up
with the now-larger row shape (same pattern as the v52 docs
fields stripping).
5115 tests passing (+98 v56 + 18 fixed regressions from the merged-
register PUT path), 35 skipped.
* fix(rbac): Edit-on-package + Group-access 'required' persistence + CI vendor guard
Three related bugs reported on the merged-with-main branch:
1. Clicking Edit on a Data Package card landed on /admin/tables with
a `#<pkg.id>` hash that nothing listened to — admin saw the global
table listing, not the editor for that specific package. Added a
`?edit_package=<pkg_id>` query-param handler in admin_tables.html
(analog to the existing `?edit=<table_id>` and `?assign_to=<pkg_id>`
patterns) that calls openEditDataPackageModal on DOMContentLoaded
after a 250ms layout settle. Updated the package-detail Edit link
to use the new query param.
2. Setting Group Access to 'required' didn't persist — re-opening
the modal showed 'available'. Root cause was the v49
``resource_grants.requirement`` enum existing in the DB but the
POST /api/admin/grants endpoint not surfacing it: ``CreateGrantRequest``
declared only group_id + resource_type + resource_id, so Pydantic
silently dropped the matrix's ``requirement: 'required'`` payload
and the new row landed at the DB column default ('available').
Plumbed ``requirement`` through ``CreateGrantRequest`` →
``ResourceGrantsRepository.create`` so the value persists in one
round-trip. Plus a UNIQUE-constraint race in the matrix
diff-apply: DELETE-old + POST-new ran in parallel via
``Promise.allSettled``, so POST could fire first and trip the
unique check before DELETE freed the slot. Switched to sequential
(await all deletes; then await all writes) across all three
matrices (Edit Data Package, Edit Memory Domain, Edit Recipe).
3. CI vendor-content guard ``test_no_groupon_specific_strings_in_oss``
tripped on two of my own docstrings: a "Foundry Data team" mention
in two src/db.py comments + an ``s1_session_landings`` example in
cli/skills/agnes-table-registration.md. Rephrased the comments to
"extended-descriptions admin spec" and replaced the example with
a generic ``events_daily`` table name.
5164 tests passing, 35 skipped (+4 regression tests pinning the POST
/api/admin/grants requirement contract). Vendor guard back to green.
* fix(catalog): admin Browse path drops v58 card fields
The /catalog and /memory admin god-mode branch built ResourceEntry
instances inline from pkg_repo.list() / domains_repo.list() and skipped
owner_name, owner_team, tags, and derived badges (curated/new). Visible
symptom: a package with an owner + tags rendered with the v56 chrome
for non-admin viewers but as a bare card for admins.
Adds StackResolver.browse_admin(user_id, resource_type) — admin god-mode
Browse that walks the full table but routes through the same
_fetch_entries enrichment pass as browse(), so admin + non-admin Browse
stay visually consistent. Both /catalog and /corporate-memory routes
switch to it.
Regression test in tests/test_stack_resolver_browse_admin.py covers:
owner/tags propagation, new/curated badge derivation, in_stack from
admin subscriptions, all-packages-regardless-of-grants, and the
ValueError for unsupported resource types.
* fix(catalog): three /catalog tab-strip UX bugs
1. Required Remove → red toast
browse_admin passed empty required_ids to _fetch_entries, so the
admin's own required grants surfaced as 'available' and the macro
rendered an actionable Remove button that POST /unsubscribe 400'd
on. Now derives required_ids from the admin's own groups so
Required packages render with the disabled "In stack (required)"
button. Regression test in test_stack_resolver_browse_admin.py.
2. Remove green-toasts but card stays until refresh
The My-Stack empty-state placeholder was only emitted server-side
when stack_entries was empty at render time. Removing the last
card left the tab completely blank — users read that as "Remove
didn't work, let me refresh". Both grid + empty-state are now
always rendered with one of them initially hidden; the JS swaps
visibility on add/remove instead of injecting DOM. Same fix in
/corporate-memory.
3. "What are Recipes?" + ambiguous (admin) suffix
Recipes tab now carries its own curator-block explainer (the
shared one was moved inside Browse view so it doesn't bleed
across tabs). The grey "(admin)" suffix becomes a yellow
.admin-only-hint chip with a title tooltip — visibility hint is
now unambiguous: yellow chip = "only you see this", non-admins
don't see the affordance at all.
* schema: renumber v51..v58 → v52..v59 to make room for main's v51
Main 0.54.29 introduced a NEW v51 (table_registry.bq_fqn — issue #343)
that releases ahead of this branch. The unified-stack chain v51..v58
shifts up by one so main's v51 stays as the released schema and ours
become v52..v59. Function names, internal version bumps, dispatch
ladder thresholds, and the migration-test references all move
together. Subsequent merge with main lands the bq_fqn column at the
freed v51 slot.
* fix(seed): seed admin lands in BOTH Admin AND Everyone groups
The LOCAL_DEV_MODE / SEED_ADMIN_EMAIL bootstrap only added the seed
user to Admin. Everyone-scoped grants — the canonical "every-user-
sees-this" pattern for Required onboarding — didn't surface for the
seed admin's own /catalog because they weren't in Everyone. Symptom:
admin grants a Required-tier package to Everyone, then sees it on
/catalog still rendered with an "Add to stack" button (because the
admin's resolved required_ids was empty for that package).
The dual-membership keeps Admin (authorization) and Everyone
(default-grant target) intentionally separate per the design comment
on UserRepository.create — every membership remains traceable to a
concrete row, just now with a system_seed row in Everyone too. Both
INSERTs go through UserGroupMembersRepository.add_member which is
idempotent on (user_id, group_id), so re-fires on every lifespan
startup don't duplicate rows.
Regression test in test_main_seed_admin_everyone.py.
* style: unify admin-only hints across marketplace + memory detail pages
Replaces three stale ``(admin)`` parentheticals with the same yellow
``admin-only`` chip introduced for /catalog tab actions. Same tooltip
copy ("Visible only to admins — analysts won't see this …") so the
visibility hint is unmistakable wherever it appears:
- Hard delete on marketplace_plugin_detail (admin-only destructive
action — same gating as the original suffix conveyed).
- Hard delete on marketplace_item_detail (same).
- Edit link on memory_domain_detail (title-attr only before; now a
visible chip too).
Non-admin viewers never saw these affordances — the gates are
unchanged. Pure styling pass for consistency.
* fix(catalog): exclude soft-deleted data packages + memory domains from Browse
``StackResolver._fetch_entries`` and ``browse_admin`` were querying
data_packages / memory_domains without a ``deleted_at IS NULL`` guard.
A package soft-deleted via /admin/* (v54 soft-delete contract) stayed
visible on /catalog and /memory until either an Undo or a hard delete
— directly contradicting the soft-delete UX which is supposed to
remove the affordance immediately and only retain the row for the
Undo window.
The repository accessors (DataPackagesRepository.list,
MemoryDomainsRepository.list, list_packages_of_table, etc.) already
filter deleted rows; this commit brings the resolver's direct SQL in
line with that contract.
Regression test in test_stack_resolver_browse_admin.py.
* fix(catalog): Add/Remove updates full card chrome, not just button
The previous _applyStackChange flipped only the footer button label —
the card border (.is-in-stack class), top-right "In stack" badge, and
button color class (--add / --remove) stayed at their server-rendered
state. After Add the user saw the button checkmark but the rest of
the card still looked like "available, not in stack". They read this
as "the change didn't take — let me refresh".
This commit makes the optimistic update mirror what the server-side
macro renders for the new state:
* ``c.classList.toggle('is-in-stack', becameInStack)`` — flips the
border + visual state class.
* Top-right ``.stack-card__req-badge--instack`` badge is injected on
Add, removed on Remove (skipped when ``data-requirement='required'``
— that slot is owned by the Required badge).
* Button text is "Remove" / "+ Add to stack" matching the macro
(was "✓ In stack" which was visually nice but inconsistent).
* Button color class --add / --remove swaps so the destructive Remove
tint kicks in immediately.
The clone-into-My-Stack path applies the same updates so the new card
in My Stack reads identically to a server-rendered in_stack card.
Mirrored in /corporate-memory.
* fix(memory): four Devin-review bugs on /memory drill-down + manifest
PR #333 Devin review surfaced four real bugs that ship a broken
/memory experience even though the unit tests passed.
1. Manifest md5 omits is_required + content (app/api/sync.py:836-840)
_build_memory_domains_section hashed only (id|title|status) per
item. _build_per_domain_markdown routes items between "## Required"
and "## Approved" by is_required and embeds full content — so an
admin edit of either dimension left the manifest md5 unchanged,
`agnes pull` skipped the re-fetch, and the analyst kept a stale
bundle.md. Now both fields participate in the hash.
2. required_count always 0 (src/repositories/memory_domains.py)
list_items_of_domain only SELECTed (id, title, status) so the
`it.get("is_required")` in the manifest builder always evaluated
to None → required_count = 0 regardless of actual state. The
manifest builder advertised a count it could never compute. Now
projects is_required + content too (required by fix 1 anyway).
3. Vote URL 404 (memory_domain_detail.html:289-290)
Constructed `/api/memory/items/{id}/vote` but the route is
`/api/memory/{id}/vote`. Every upvote/downvote button was a
silent no-op.
4. Dismiss/undismiss URL + method both wrong (memory_domain_detail.html:296-305)
Constructed `/api/memory/items/{id}/dismiss` (extra /items/) and
/undismiss (no such route — undismiss is DELETE on /dismiss).
Both buttons silently 404'd. Now POST + DELETE on
`/api/memory/{id}/dismiss` per app/api/memory.py:635/675.
* fix: multi-agent reviewer findings — vendor-token scrubs + manifest md5 predicate + soft-delete filter
Three reviewer findings from the multi-agent review on PR #333,
fixed in-place per CLAUDE.md issue-economy rule.
Reviewer-rules (Important — vendor-agnostic OSS):
- app/main.py:218 comment: replaced 'foundryai-prod' with generic
'a customer prod instance' phrasing. Public OSS repo must not
carry customer-specific tokens (CLAUDE.md § Project conventions).
- tests/test_table_registry_v56_docs.py:70 fixture string:
replaced "user_brand_affiliation = 'groupon'" with 'acme' on
the same rule.
Reviewer-architecture (closes still-unresolved Devin 🚩 ANALYSIS):
- app/api/sync.py _build_memory_domains_section: md5 hash loop now
filters items to the SAME predicate the bundle renderer uses
(is_required OR status='approved'). Pre-fix the hash iterated ALL
items but _build_per_domain_markdown only rendered the union of
required items + approved-non-required items — so an admin edit
to a pending/rejected non-required item flipped the md5 against
an identical-bytes bundle, triggering a wasteful re-fetch on
every analyst's next 'agnes pull'. The earlier commit fixed the
hash-input fields (is_required + content); this closes the
set-of-items asymmetry Devin separately flagged.
Reviewer-RBAC (minor cleanup):
- app/resource_types.py _data_package_blocks and _memory_domain_blocks
now filter 'WHERE deleted_at IS NULL' (v54 soft-delete column) so
the /admin/access UI doesn't surface soft-deleted entities as
grantable. Mirrors the existing filter on _recipe_blocks. No
security leak pre-fix (resolver double-filters and re-checks at
serve time), just UI cleanliness.
- app/services/stack_resolver.py add_to_stack: docstring note
added explaining that authorization is enforced at the API layer
(app/api/stack.py can_access gate), not at the resolver. The
initial review suggested adding a defensive 403 here, but that
broke 5 existing tests that legitimately call add_to_stack
directly without setting up grants first; the docstring captures
the contract instead. stack() already intersects subscriptions
with current available_ids on every read, so a 'zombie' row from
a misuse never leaks into the user-facing manifest.
* release: 0.55.0 — unified Browse + My Stack (Data Packages + Memory), schema v48→v59, 3 BREAKING
24 KiB
24 KiB
Architecture — Detailed Reference
Comprehensive architectural overview of the AI Data Analyst platform (v2).
Top-Level Module Map
ai-data-analyst/
├── src/ Core engine (db, orchestrator, rbac, profiler, repositories)
├── connectors/ Pluggable data connectors (keboola, bigquery, jira, llm, openmetadata)
├── app/ FastAPI application (API + web UI)
│ ├── api/ REST API routers
│ ├── auth/ Auth providers (JWT, Google OAuth, email magic link, password)
│ └── web/ HTML dashboard routes
├── services/ Standalone background services (scheduler, telegram_bot, ws_gateway, …)
├── cli/ CLI tool (agnes pull, agnes query, agnes admin)
├── scripts/ Utility and migration scripts
├── config/ Instance configuration templates
├── tests/ Test suite
└── docs/ User-facing documentation
System Overview
┌─────────────────────────────────────────────────────────────────┐
│ EXTERNAL DATA SOURCES │
│ Keboola Storage │ BigQuery │ Jira Cloud │ CSV/files │
└──────────┬────────┴─────┬──────┴──────┬────────┴────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ CONNECTORS (connectors/) │
│ extractor.py per source → extract.duckdb contract │
└──────────────────────────┬──────────────────────────────────────┘
│ /data/extracts/{source}/extract.duckdb
▼
┌─────────────────────────────────────────────────────────────────┐
│ SYNC ORCHESTRATOR (src/orchestrator.py) │
│ Scans extracts/, ATTACHes each extract.duckdb, │
│ creates master views in analytics.duckdb (atomic swap) │
└──────────────────────────┬──────────────────────────────────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌──────────────┐ ┌────────┐ ┌──────────────┐
│ FastAPI app │ │ CLI │ │ Scheduler │
│ port 8000 │ │ `da` │ │ sidecar │
└──────────────┘ └────────┘ └──────────────┘
│
┌─────────┴──────────┐
▼ ▼
system.duckdb analytics.duckdb
(state/registry) (master views)
Deployment: Docker Compose. The app service runs Uvicorn. The scheduler sidecar triggers
sync jobs and the LLM pipeline (corporate-memory, verification-detector, session-collector) via
the app's REST API on offset cadences. Optional full profile adds telegram-bot and ws-gateway.
docker compose up # app + scheduler
docker compose --profile full up # all services
docker compose --profile extract run extract # one-shot extraction
extract.duckdb Contract
Every connector writes to the same directory layout:
/data/extracts/{source_name}/
├── extract.duckdb ← _meta table + views over parquet files
└── data/ ← parquet files (local connectors only)
├── table_a.parquet
└── table_b.parquet
_meta table
Required in every extract.duckdb:
CREATE TABLE _meta (
table_name VARCHAR NOT NULL,
description TEXT,
rows BIGINT,
size_bytes BIGINT,
extracted_at TIMESTAMP,
query_mode VARCHAR -- 'local' or 'remote'
);
The orchestrator reads _meta to know which tables exist and creates a corresponding
view in analytics.duckdb for each row.
_remote_attach table (optional)
Connectors whose views reference an external DuckDB extension (e.g. Keboola, BigQuery) must include this table so the orchestrator can re-ATTACH the external source at rebuild time:
CREATE TABLE _remote_attach (
alias VARCHAR, -- DuckDB alias for the attached source, e.g. 'kbc'
extension VARCHAR, -- Extension name, e.g. 'keboola'
url VARCHAR, -- Connection URL
token_env VARCHAR -- Name of the env var holding the auth token
);
The orchestrator installs/loads the extension, reads the token from the environment, and
ATTACHes the external source so remote views resolve correctly. This mechanism is generic —
any connector can use it. Auth credentials are never stored in extract.duckdb.
SyncOrchestrator
src/orchestrator.py — thread-safe via _rebuild_lock.
rebuild()
- Open a temporary DuckDB file (
analytics.duckdb.tmp). - Scan
/data/extracts/*/extract.duckdb(sorted, skips non-directories and missing files). - Validate each directory name as a safe SQL identifier (
^[a-zA-Z_][a-zA-Z0-9_]{0,63}$). - For each source:
ATTACH '{db_file}' AS {source_name} (READ_ONLY). - Handle
_remote_attach— install extension, read token from env, ATTACH external source. - Read
_meta, validate eachtable_nameidentifier, createCREATE OR REPLACE VIEW. - Update
sync_stateinsystem.duckdb(mtime-based hash, no full file read). CHECKPOINTand close the temp connection.- Atomic swap:
shutil.move(tmp_path, target_path)— replacesanalytics.duckdbin-place.
rebuild_source(source_name)
Convenience wrapper that calls rebuild() in full (partial rebuild is not possible because
analytics.duckdb is written fresh from scratch each time). Used after Jira webhooks.
Identifier validation
Both source_name and table_name are checked against ^[a-zA-Z_][a-zA-Z0-9_]{0,63}$
before being interpolated into SQL. Invalid names are skipped with a warning.
Data Sources
Keboola — Batch Pull
connectors/keboola/extractor.py
- Uses the DuckDB Keboola community extension to download tables directly to parquet.
- Fallback path:
connectors/keboola/client.py(Keboola Storage API wrapper). - Sync strategies:
full_refresh,incremental,partitioned. - Writes
extract.duckdb+data/*.parquetunder/data/extracts/keboola/. - For tables with
query_mode='remote', populates_remote_attachso views proxy queries to Keboola rather than downloading data locally.
Sync trigger flow:
POST /api/sync/trigger (admin)
→ BackgroundTask: _run_sync()
→ Read table_registry from system.duckdb (main process)
→ Serialize configs as JSON, spawn subprocess (no DuckDB lock conflict)
→ Subprocess: connectors/keboola/extractor.run() → extract.duckdb
→ SyncOrchestrator().rebuild() → analytics.duckdb
→ Profiler: profile each synced parquet → table_profiles
BigQuery — Remote Attach
connectors/bigquery/extractor.py
- Uses the DuckDB BigQuery community extension via the
BqAccessfacade inconnectors/bigquery/access.py. - No data download — views proxy all queries directly to BigQuery.
- Auth via
GOOGLE_APPLICATION_CREDENTIALS(service account JSON) or ADC. - Populates
_remote_attachwithextension='bigquery'and notoken_env(env-based auth).
BigQuery — Materialized SQL
connectors/bigquery/extractor.py::materialize_query (added in v0.25.0)
- Runs admin-registered SQL through the DuckDB BigQuery extension via
BqAccess.duckdb_session()and writes the result to/data/extracts/bigquery/data/<id>.parquetatomically (<id>.parquet.tmp→os.replace). - Triggered by
_run_materialized_passinapp/api/sync.pybetween custom-connectors and orchestrator rebuild on every/api/sync/trigger. Per-tablesync_schedulehonored viais_table_due(). - Cost guardrail: BQ dry-run via
app.api.v2_scan._bq_dry_run_bytes(single source of truth for cost-estimate logic).data_source.bigquery.max_bytes_per_materialize(default 10 GiB;0disables). Fail-open when dry-run errors (DuckDB three-part syntax the native BQ client can't parse) — log warning + proceed. - Distribution: result parquet rides the same manifest +
agnes pullflow as Keboola tables. Per-user RBAC unchanged (resource_grants(group, ResourceType.TABLE, table_id)).
Jira — Real-Time Push
connectors/jira/webhook.py → incremental_transform.py → extract_init.py
Jira Cloud webhook (issue created/updated/deleted)
→ POST /api/jira/webhook (HMAC-SHA256 verification)
→ connectors/jira/webhook.py (validate, persist raw JSON)
→ connectors/jira/incremental_transform.py (update monthly parquet shards)
→ extract_init.py (update _meta)
→ SyncOrchestrator().rebuild_source('jira')
Output tables (6): issues, comments, attachments, changelog, issuelinks, remote_links.
Background supplements:
jira-sla-poll— refreshes SLA fields for open tickets every 5 min.jira-consistency— detects and backfills missing issues every 6 h.
Files NOT to modify: connectors/jira/file_lock.py, connectors/jira/transform.py.
DuckDB Schema
system.duckdb — {DATA_DIR}/state/system.duckdb
Current schema version: 59 (auto-migrated from any earlier version on startup — see src/db.py).
| Table | Purpose |
|---|---|
schema_version |
Tracks applied migration version |
users |
Registered users: id, email, name, password_hash, setup/reset tokens, active flag |
user_groups |
Named groups (Admin, Everyone seeded as is_system=TRUE; admin-managed and Google-synced groups) |
user_group_members |
(user_id, group_id, source) — source ∈ {admin, google_sync, system_seed} |
resource_grants |
Generic per-(group, resource_type, resource_id) grants (replaces dataset_permissions + plugin_access) |
sync_state |
Per-table sync status: last_sync, rows, file_size_bytes, hash, status |
sync_history |
Historical sync runs with duration and error |
user_sync_settings |
Per-user dataset enable/disable preferences |
table_registry |
Registered tables: source_type, bucket, source_table, query_mode, sync_schedule |
table_profiles |
JSON data profiles (stats, nulls, cardinality) per table |
knowledge_items |
Corporate memory knowledge entries (confidence, entities, source_type, source_ref, valid_from/valid_until, supersedes, sensitivity, is_personal, is_required — v49 dropped the scalar domain column; relations live in knowledge_item_domains) |
knowledge_votes |
Up/down votes on knowledge items |
knowledge_contradictions |
Pairs of items the LLM judge flagged as contradictory; carries severity and suggested_resolution (JSON-encoded structured action — see ADR Decision 4) |
verification_evidence |
One row per detected verification — persists user_quote, detection_type, and source_ref so future Bayesian re-calibration has raw signal (ADR Decision 3) |
session_extraction_state |
Tracks which /data/user_sessions/*.jsonl files have been processed by the verification detector |
audit_log |
API action log: user, action, resource, duration |
telegram_links |
Telegram chat_id linked to user_id |
pending_codes |
Telegram link confirmation codes |
script_registry |
Deployed Python notification scripts |
data_packages |
Admin-curated bundles of tables (id, slug, name, icon, color). Distributed as a single "stack" unit; tables M:N via data_package_tables. |
data_package_tables |
M:N junction between data_packages and table_registry. |
memory_domains |
First-class memory domain rows (id, slug, name, icon, color). Replaces the scalar knowledge_items.domain column dropped in v49. |
knowledge_item_domains |
M:N junction between knowledge_items and memory_domains. One item can live in multiple domains. |
user_stack_subscriptions |
Per-user opt-in for available-tier Data Packages + Memory Domains ((user_id, resource_type, resource_id)). Marketplace plugins keep their legacy user_plugin_optouts table. |
Connections: get_system_db() returns a cursor on a single shared connection per
DATA_DIR (protected by threading.Lock). Callers close() the cursor, not the
underlying connection. This avoids DuckDB write-lock conflicts in the multi-threaded
FastAPI process.
analytics.duckdb — {DATA_DIR}/analytics/server.duckdb
Read-only views over all ATTACHed extract.duckdb sources. Rebuilt atomically by
SyncOrchestrator.rebuild(). Query endpoints open this file via get_analytics_db_readonly()
which ATTACHes all extract.duckdb files in read-only mode so remote views resolve correctly.
Authentication
All auth flows issue a JWT (app/auth/jwt.py) stored as a cookie (access_token) or
passed as a Bearer token in the Authorization header. The get_current_user dependency
validates the JWT and loads the user from users in system.duckdb.
Providers (app/auth/providers/)
| Provider | Available when | Flow |
|---|---|---|
google.py |
GOOGLE_CLIENT_ID + GOOGLE_CLIENT_SECRET set |
Google OAuth 2.0 / OIDC (Authlib). Domain restriction via allowed_domains in instance.yaml. Callback issues JWT cookie. |
email.py |
SMTP_HOST or SENDGRID_API_KEY set |
Magic link: POST /auth/email/send-link generates a token stored in users.setup_token; POST /auth/email/verify exchanges it for a JWT. |
password.py |
Always registered | Email + password with hashed credentials. |
RBAC
Two layers, no role hierarchy (see docs/RBAC.md for the full reference):
- App-level access: membership in the
Adminsystem group. Therequire_adminFastAPI dependency inapp.auth.accessgates admin endpoints (admin UI, user management, settings, …). - Resource-level access: per-(group, resource_type, resource_id)
grants in
resource_grants. Therequire_resource_access(rt, path_template)dependency factory gates entity-scoped endpoints.
Table access (src/rbac.py:can_access_table) is a thin wrapper over
app.auth.access.can_access(user_id, "table", table_id, conn). Admin
group members short-circuit; everyone else needs an explicit
resource_grants(group, "table", table_id) row via any group they
belong to. There is no is_public shortcut and no implicit "Everyone
can read" fallback — the legacy dataset_permissions + is_public
mechanism was dropped in v19.
API Layer
All routes are FastAPI APIRouter instances registered in app/main.py.
REST API (app/api/)
| Router | Prefix | Key endpoints |
|---|---|---|
sync |
/api/sync |
GET /manifest (hash manifest, per-user filtered), POST /trigger (admin), GET/POST /settings, GET/POST /table-subscriptions |
data |
/api/data |
Download parquet files for synced tables |
query |
/api/query |
POST / — execute a SELECT against analytics.duckdb (sandbox enforced) |
admin |
/api/admin |
GET /discover-tables, GET /registry, POST /register-table, PUT /registry/{id}, DELETE /registry/{id} |
catalog |
/api/catalog |
Data catalog: table list, profiles, metric definitions |
users |
/api/users |
User CRUD (admin), self-service profile |
permissions |
/api/permissions |
Dataset permission grants (admin) |
access_requests |
/api/access-requests |
Request + review workflow |
scripts |
/api/scripts |
Deploy, list, run, delete Python notification scripts |
settings |
/api/settings |
Instance and user settings |
memory |
/api/memory |
Corporate memory CRUD and voting |
upload |
/api/upload |
File upload (CSV, parquet) |
telegram |
/api/telegram |
Telegram account link/unlink |
jira_webhooks |
/api/jira |
Jira webhook receiver (HMAC-SHA256 verified) |
health |
/api/health |
Service health, sync status, disk |
Auth routes (app/auth/)
POST /auth/token, GET /auth/me, POST /auth/logout,
GET /auth/google/login, GET /auth/google/callback,
POST /auth/email/send-link, POST /auth/email/verify,
POST /auth/password/login
Web UI (app/web/)
HTML dashboard routes served by Jinja2 templates. Registered last (catch-all).
Services
Each service is a self-contained Python package (services/<name>/__main__.py) run as a
Docker Compose service.
| Service | Profile | Schedule / Mode | Description |
|---|---|---|---|
scheduler |
default | Always-on; polls every N seconds | Lightweight sidecar that triggers jobs via the app's REST API: POST /api/sync/trigger every 15 min, GET /api/health every 5 min, POST /api/admin/run-session-collector every 10 min, POST /api/admin/run-verification-detector every 15 min, POST /api/admin/run-corporate-memory every 17 min, POST /api/marketplaces/sync-all daily 03:00. Auth via SCHEDULER_API_TOKEN or auto-fetch from /auth/token. |
telegram_bot |
full |
Always-on (long-poll) | Telegram bot: polling + HTTP dispatch, /status command, notification script execution. |
ws_gateway |
full |
Always-on | WebSocket gateway (TCP 8765) + HTTP dispatch socket. JWT auth. Per-user connection limit (5). Heartbeat ping/pong. |
corporate_memory |
(driven by scheduler) | Every 17 min | Scans CLAUDE.local.md files, extracts knowledge via LLM (Claude Haiku), writes to knowledge_items in system.duckdb. Inline contradiction detection runs after each new item: one batched Haiku structured-output call returns judgments + structured resolution suggestions for every same-domain candidate (no SQL keyword pre-filter — see ADR Decision 4). Driven by scheduler-v2 since #176. |
verification_detector |
(driven by scheduler) | Every 15 min | Scans unprocessed analyst session JSONLs, extracts corrections / confirmations / unprompted definitions via Haiku structured outputs. Confidence is computed in code from (source_type, detection_type) — never trusted from the LLM. Each verification persists a verification_evidence row carrying user_quote + detection_type (ADR Decision 3). Driven by scheduler-v2 since #176. |
session_collector |
(driven by scheduler) | Every 10 min | Copies Claude Code .jsonl session transcripts to central storage. Driven by scheduler-v2 since #176. |
Files NOT to modify: services/ws_gateway/ (stable WebSocket infrastructure).
Corporate-memory privacy boundary
is_personal on knowledge_items is enforced as an authorization rule at every read site, not a UI hint:
GET /api/memoryandGET /api/memory?search=…silently coerceexclude_personal=Truefor any caller whose role is belowkm_admin.GET /api/memory/{id}/provenanceandPOST /api/memory/{id}/voteuse the shared_can_view_item(user, item)helper (not is_personal OR contributor OR km_admin/admin) and return 404 (not 403) on denial to avoid existence-leak.- Contributors reach their own personal items via
/api/memory/my-contributions.
See ADR Decision 1 for the full reasoning.
Security
Query Sandbox (app/api/query.py)
The /api/query endpoint enforces a strict SQL allowlist:
- Only
SELECTandWITHqueries accepted. - Blocklist of ~30 keywords/functions:
DROP,DELETE,INSERT,UPDATE,ALTER,CREATE,ATTACH,DETACH,LOAD,INSTALL,COPY,PRAGMA, file functions (read_parquet,read_csv,glob, etc.), URL schemes (s3://,gcs://,http://), and multi-statement separator (;). - Table-level RBAC: forbidden views are detected by word-boundary regex match against the SQL text. Query is rejected if user lacks access to any referenced table.
- Analytics DB opened in
read_only=Truemode per request.
Script Sandbox (app/api/scripts.py)
Deployed and ad-hoc Python scripts are checked against a pattern blocklist before execution:
- Blocked:
subprocess,shutil,ctypes,importlib,socket,requests,httpx,urllib,os,sys,signal,open(,pathlib,exec(,eval(,compile(,__import__, and others. - Scripts run in a subprocess with a configurable timeout (
SCRIPT_TIMEOUT, default 300 s) and capped output (SCRIPT_MAX_OUTPUT, default 64 KB).
Identifier Validation (src/orchestrator.py, src/db.py)
All dynamic SQL identifiers (source names, table names, extension aliases) are validated
against ^[a-zA-Z_][a-zA-Z0-9_]{0,63}$ before interpolation. Invalid identifiers are
skipped with a log warning, never executed.
Authentication Layers
| Layer | Mechanism |
|---|---|
| Web UI / API | JWT Bearer token or access_token cookie |
| Google OAuth | Authlib OIDC + domain allowlist |
| Email magic link | secrets.token_urlsafe(32) stored in users.setup_token, 1-hour expiry |
| Jira webhook | HMAC-SHA256 signature verification |
| Inter-service (scheduler) | SCHEDULER_API_TOKEN env var or auto-fetched JWT |
Configuration
config/instance.yaml (instance-specific, not committed)
│ loaded by config/loader.py
│ ${ENV_VAR} references resolved from .env
▼
app/instance_config.py (exposes get_data_source_type(), get_allowed_domains(), get_value())
▼
FastAPI dependency injection (passed to API routers as needed)
Table configuration lives in table_registry inside system.duckdb, not in static files.
Use POST /api/admin/register-table or the web UI admin panel to register tables.
Required env vars: DATA_DIR, JWT_SECRET_KEY. Source-specific vars (KEBOOLA_STORAGE_TOKEN,
GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, SMTP_HOST / SENDGRID_API_KEY, etc.) are
optional and gate the relevant connectors/providers.
Data Filesystem Layout
/data/
├── state/
│ └── system.duckdb user registry, sync state, table_registry, audit log
├── analytics/
│ └── server.duckdb master analytics DB (views over all extracts)
└── extracts/
├── keboola/
│ ├── extract.duckdb _meta + views
│ └── data/*.parquet
├── bigquery/
│ └── extract.duckdb _meta + _remote_attach + remote views
└── jira/
├── extract.duckdb _meta + views
└── data/*.parquet
Extending the Platform
New Data Source
- Create
connectors/<name>/extractor.py. - Write
extract.duckdbwith_metatable and views/tables. - Add
data/*.parquetfor local sources. - Add
_remote_attachrow if views reference an external DuckDB extension. SyncOrchestratorpicks it up automatically on nextrebuild().
New Auth Provider
- Add
app/auth/providers/<name>.pyexporting a FastAPIAPIRouter. - Register the router in
app/main.py. - All providers must issue a JWT and set the
access_tokencookie on success.