History

Vojtech c364f65127 fix(tls-rotate): self-signed fallback sets basicConstraints=critical,CA:FALSE (#159 ) * fix(tls-rotate): self-signed fallback sets basicConstraints=critical,CA:FALSE OpenSSL's default '[v3_ca]' config marks CA:TRUE on 'req -x509', which causes strict TLS stacks (rustls / webpki, used by uv, cargo, and future versions of pip) to reject the cert with 'invalid peer certificate: CaUsedAsEndEntity' per RFC 5280 §4.2.1.9. Browsers, curl, and OpenSSL-based clients tolerated the violation, hiding the bug until a uv user hit it. Affects every VM running on the self-signed fallback while the corp PKI hasn't published the real chain yet. Fix lands on the next agnes-tls-rotate.timer tick (or 'systemctl start agnes-tls-rotate.service' for an immediate refresh). Existing CSR / real-cert paths unaffected; only the bring-up fallback regenerates. * chore(release): cut 0.29.0 --------- Co-authored-by: ZdenekSrotyr <zdenek.srotyr@keboola.com>		2026-05-01 12:23:14 +02:00
..
debug	chore(oss): isolate customer-specific deploy bits from scripts/grpn/ (#88 , wave 1) (#94 )	2026-04-27 20:24:34 +02:00
dev	feat(setup): cross-platform TLS bootstrap + marketplace plugin install (#137 )	2026-04-30 08:56:45 +02:00
ops	fix(tls-rotate): self-signed fallback sets basicConstraints=critical,CA:FALSE (#159 )	2026-05-01 12:23:14 +02:00
bootstrap-gcp.sh	fix(bootstrap): grant monitoring.editor + enable monitoring API	2026-04-21 20:32:50 +02:00
duckdb_manager.py	chore(oss): isolate customer-specific deploy bits from scripts/grpn/ (#88 , wave 1) (#94 )	2026-04-27 20:24:34 +02:00
fetch-env-from-secrets.sh	chore(oss): isolate customer-specific deploy bits from scripts/grpn/ (#88 , wave 1) (#94 )	2026-04-27 20:24:34 +02:00
generate_openapi.py	feat: multi-instance deployment — all 14 must-have items from spec	2026-04-10 11:57:42 +02:00
generate_sample_data.py	feat(observability): request_id end-to-end + dev debug toolbar + centralized logging (#136 )	2026-04-29 22:54:21 +02:00
init.sh	refactor: final cleanup — delete legacy auth, clean deps, fix hash, migrate to uv	2026-03-31 19:18:30 +02:00
migrate_json_to_duckdb.py	feat(rbac): drop dataset_permissions + users.role + is_public; v19 migration (#150 )	2026-04-30 22:02:16 +02:00
migrate_metrics_to_duckdb.py	feat(observability): request_id end-to-end + dev debug toolbar + centralized logging (#136 )	2026-04-29 22:54:21 +02:00
migrate_parquets_to_extracts.py	feat(observability): request_id end-to-end + dev debug toolbar + centralized logging (#136 )	2026-04-29 22:54:21 +02:00
migrate_registry_to_duckdb.py	feat(observability): request_id end-to-end + dev debug toolbar + centralized logging (#136 )	2026-04-29 22:54:21 +02:00
README.md	fix: rewrite Makefile and scripts/README.md	2026-04-09 17:16:04 +02:00
run-local-dev.ps1	feat(dev): add Windows PowerShell wrapper for local development (#80 )	2026-04-28 23:59:11 +02:00
run-local-dev.sh	fix(security+ops) + release(0.12.1): #82 #85 #87 hardening + cut 0.12.1 (#104 )	2026-04-28 19:57:30 +02:00
seed_corporate_memory.py	feat(memory): corporate memory v1+v1.5 + 0.15.0 (#72 )	2026-04-29 07:16:22 +02:00
seed_dummy_tables.py	feat(rbac+marketplace): RBAC v13 + Claude Code marketplace + #81/#83/#44 hardening	2026-04-28 14:25:04 +02:00
smoke-test.sh	fix(ci): smoke-test stale route + rollback ghcr auth + issues:write (#140 )	2026-04-30 09:42:27 +02:00
tls-fetch.sh	feat(tls): corporate-CA HTTPS with URL-driven rotation, on-VM CSR gen, self-signed fallback (#51 )	2026-04-25 19:51:25 +00:00

README.md

Scripts

Utility and migration scripts for Agnes AI Data Analyst.

Active Scripts

Script	Purpose
`generate_sample_data.py`	Generate sample data for development/demo
`duckdb_manager.py`	DuckDB database management utilities
`init.sh`	Initial server setup (install deps, create dirs)

Migration Scripts (one-time use)

Script	Purpose
`migrate_json_to_duckdb.py`	Migrate v1 JSON state files to DuckDB
`migrate_parquets_to_extracts.py`	Migrate v1 parquet layout to extract.duckdb
`migrate_registry_to_duckdb.py`	Migrate v1 table registry to DuckDB