- Update all LLM model files to use getSecretSync with AI_KEYS constants
- Migrate OpenAI GPT models (gpt-5, gpt-5-mini, gpt-5-nano) to use secrets system
- Migrate Anthropic models (sonnet-4, haiku-3-5) to use secrets for both Anthropic API and Vertex AI credentials
- Update provider files (openai.ts, anthropic.ts, vertex.ts) to use getSecretSync
- Migrate evaluation workflow to use BRAINTRUST_KEY from secrets
- Implement proper error handling for missing credentials with try-catch blocks
- Test files will be migrated in a separate update
All non-test source files now use centralized secrets management instead of direct process.env access.
- Upgraded '@aws-sdk/client-s3' to version 3.873.0 across multiple packages.
- Introduced caching mechanisms for metric data retrieval in the getMetricDataHandler function.
- Updated API endpoints to support report_file_id for cache lookups and data retrieval.
- Enhanced error handling and logging for cache operations.
- Refactored related components to accommodate new caching logic and parameters.
- Add proper error handling for Slack API failures with typed responses
- Implement message operation types for better type safety
- Add retry logic with exponential backoff for transient failures
- Export webhook types for external consumers
- Update Slack agent task to handle errors gracefully and continue processing
- Add proper validation and error messages for failed operations
- Include structured error tracking for debugging
🤖 Generated with Anthropic
Co-Authored-By: Claude <noreply@anthropic.com>
- Added permission checks to metric file download handler
- Added permission checks to export-metric-data trigger task
- Created comprehensive tests for access control integration
- Updated AssetType enums to include report_file
- Resolved export conflicts in server-shared package
- Fixed AI package imports for new getPermissionedDatasets API
- Combined asset type enums from both branches
- Merged all database query exports
- Integrated access-controls package into server-shared
- Resolved conflicts in AI package instructions
- Updated type definitions for better clarity and type safety in metric file download and export tasks.
- Enhanced error handling in the metric files API to utilize HTTPException for more consistent error responses.
- Added environment variable validation in export tasks to ensure necessary credentials are present before execution.
- Improved type assertions for content in metric export queries to ensure proper handling of JSONB data.
- Introduced new API endpoint for downloading metric files as CSV.
- Implemented export logic to handle large datasets (up to 1 million rows) and generate presigned URLs for secure downloads.
- Added cleanup task to remove exported files from R2 storage after 60 seconds.
- Updated environment configuration to include Cloudflare R2 credentials.
- Enhanced error handling for various export scenarios.
- Refactored related database queries and schemas for better integration.
- Updated documentation for new features and usage instructions.
- Added support for fetching and managing user-specific datasets in the `analystAgentTask`, enhancing the context available for processing.
- Updated the `AnalystAgent` and `ThinkAndPrepAgent` schemas to include datasets, ensuring they are passed correctly in system messages.
- Implemented error handling for dataset retrieval to prevent workflow interruptions.
- Adjusted integration tests to accommodate the new datasets structure, ensuring comprehensive coverage.
These changes improve the agents' ability to utilize relevant datasets, enhancing their functionality and user experience.
- Replaced file system reads with direct imports of prompt text files in various agent and step files to improve performance and reduce complexity.
- Updated the `runDocsAgentStep` and `runDocsAgentWorkflow` functions to return `void` instead of structured outputs, simplifying their interfaces.
- Enhanced test cases to validate prompt loading without relying on file system checks, ensuring faster and more reliable tests.
- Cleaned up unused imports and optimized code structure across multiple files.
These changes aim to enhance code clarity, maintainability, and performance in the agent workflow and related components.
- Deleted references to the `@mastra/core` package from various configuration files.
- Removed multiple unused test files and helper functions related to visualization tools, including axis validation and version history management.
- Cleaned up import statements for better organization and readability.
These changes streamline the codebase by eliminating unnecessary dependencies and improving maintainability.
This PR migrates the Rust and libraries to TypeScript in the new package.
## Changes
### New Access Controls Package
- Implemented complete asset permissions system with CRUD operations
- Added dataset permissions with all 5 access paths (admin, direct user, user→group, team→direct, team→group, org→default)
- Implemented cascading permissions (metrics inherit from dashboards/chats/collections)
- Added LRU caching to replace Redis (30-second TTL)
- Comprehensive test coverage (148 tests passing, 3 skipped pending createUser)
### Database Package Updates
- Fixed AssetType enum to include all 14 asset types
- Added missing database queries for permissions
- Fixed timestamp fields to use ISO strings
- Added getUserOrganizationsByUserId function
- Created organized query structure by table
### AI Package Updates
- Updated getPermissionedDatasets API calls to new format
- Changed property references from ymlFile to ymlContent
- Fixed all test mocks to match new API structure
### Trigger App Updates
- Updated to use new access controls API
- Fixed test mocks to match DatasetListResult structure
- Added proper type imports
### Server Shared Updates
- Added request/response types for access control endpoints
- Exported types for API consistency
## Testing
- All packages build successfully with turbo build:dry-run
- All tests pass with turbo test:unit
- Full type safety maintained throughout
## Migration Notes
- Drop-in replacement for Rust libraries
- Same permission model and roles
- Cache invalidation strategies implemented
- Soft delete pattern maintained
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
dal
Nate Kelley