- Enhanced the CLI with new linter rules and updated file structures for better organization.
- Modified package.json to reflect changes in dependencies and ensure compatibility.
- Improved the vitest configuration for better testing practices.
- Refactored various components for consistency and readability, including imports and error handling.
- Updated the server API and database queries to streamline authentication processes.
- Removed deprecated code and cleaned up unused files to maintain a tidy codebase.
- Added new CLI commands for authentication management and improved default action handling.
- Updated package.json to include new dependencies and scripts for building and running the CLI.
- Integrated authentication features into the SDK, allowing for API key validation.
- Modified the SDK configuration to use a new default API URL.
- Expanded the server API to include authentication routes.
- Updated database queries to support new API key functionalities.
- Improved code structure and readability across CLI and SDK components.
- Added routes for creating, retrieving, and deleting S3 integrations in the API.
- Introduced handlers for S3 integration operations, including validation of user permissions and storage credentials.
- Updated database schema to support S3 integrations, including a new table and associated queries.
- Integrated storage provider logic to handle S3, R2, and GCS configurations.
- Enhanced error handling and response structures for integration operations.
This commit lays the groundwork for managing storage integrations within the application, allowing users to connect and manage their S3 storage solutions.
- Added checks to ensure toolCallId exists and is a valid string before processing tool results.
- Preserves the original part if toolCallId is missing or invalid, improving robustness in message conversion.
- Updated logic to prioritize cache as the source of truth during streaming, with asynchronous database updates for persistence.
- Improved error handling for background database updates, ensuring cache validity even if DB update fails.
- Cleaned up mergeResponseMessages and mergeReasoningMessages functions by removing redundant code.
- Introduced lru-cache version 11.1.0 in package.json and pnpm-lock.yaml.
- Refactored updateMessageEntries to utilize TypeScript-based merge logic with write-through caching.
- Improved error handling for fetching existing message entries and updated database logic to merge new entries with existing ones.
- Updated GET reports endpoint to use `getReportsWithPermissions` for improved access control.
- Added support for filtering reports based on `shared_with_me` and `only_my_reports` flags.
- Introduced `getReportsWithPermissions` function to handle complex permission logic in the database layer.
- Enhanced report metadata retrieval to ensure proper access validation before fetching report details.
- Simplified the `GeneratingContent` component to display a static loading message.
- Updated `ReportPageController` to determine if a report is being generated based on the current message context.
- Adjusted report status handling in the delta creation process to maintain 'loading' status during streaming.
- Enhanced logic in the modify reports helper to ensure file status reflects loading during streaming and only updates to completed or failed when all edits are finalized.
- Modified database query to preserve input order for new messages during updates.
- Added '@buster/data-source' dependency to the server and pnpm lock files.
- Enhanced the getMetricDataHandler function to support versioning and data source integration.
- Updated the metric data query schema to include an optional version number parameter.
- Modified the API endpoint to accommodate the new versioning feature for metric data retrieval.
- Changed the wording of elapsed time in reasoning messages from "min" to "minutes" for better readability.
- Updated the final reasoning message format to specify "Reasoned for" instead of "Total workflow time," enhancing user understanding of the output.
These changes contribute to a more user-friendly experience and maintain consistency in messaging across different tools.
- Added permission checks to metric file download handler
- Added permission checks to export-metric-data trigger task
- Created comprehensive tests for access control integration
- Updated AssetType enums to include report_file
- Resolved export conflicts in server-shared package
- Fixed AI package imports for new getPermissionedDatasets API
- Introduced start time tracking for tool operations in create, modify, and report tools to improve performance monitoring.
- Updated reasoning entries to include elapsed time for completed operations, enhancing user feedback.
- Refactored tool logic to ensure consistent handling of file statuses and improved clarity in reasoning messages.
- Enhanced logging for better traceability during tool execution.
These changes improve the overall user experience and maintainability of the toolset.
- Combined asset type enums from both branches
- Merged all database query exports
- Integrated access-controls package into server-shared
- Resolved conflicts in AI package instructions
- Updated type definitions for better clarity and type safety in metric file download and export tasks.
- Enhanced error handling in the metric files API to utilize HTTPException for more consistent error responses.
- Added environment variable validation in export tasks to ensure necessary credentials are present before execution.
- Improved type assertions for content in metric export queries to ensure proper handling of JSONB data.
- Introduced new API endpoint for downloading metric files as CSV.
- Implemented export logic to handle large datasets (up to 1 million rows) and generate presigned URLs for secure downloads.
- Added cleanup task to remove exported files from R2 storage after 60 seconds.
- Updated environment configuration to include Cloudflare R2 credentials.
- Enhanced error handling for various export scenarios.
- Refactored related database queries and schemas for better integration.
- Updated documentation for new features and usage instructions.
- Introduced a new streaming mechanism for generating TODO lists, allowing for real-time updates and improved user experience.
- Added context handling for datasets in both `AnalystAgent` and `ThinkAndPrepAgent`, ensuring relevant data is included in system messages.
- Implemented new helper functions for managing TODO state and reasoning messages, improving code organization and clarity.
- Updated integration tests to validate the new streaming functionality and ensure consistent message roles.
These changes significantly enhance the functionality and maintainability of the TODO creation process within the agent workflow.
- Eliminated `responseMessages`, `reasoning`, and `rawLlmMessages` from chat creation and handling functions to streamline data processing.
- Updated the `generateJsonbArraySql` function to accept pre-stringified JSON for better performance and clarity.
These changes enhance the efficiency of chat message management and reduce unnecessary complexity in the codebase.
Introduce 'replace-report-content' and 'append-report-content' exports to enhance report content management capabilities, allowing for more flexible report updates and modifications.
- Optimized N+1 query in get-permissioned-datasets.ts using inArray for batch lookup
- Removed unused bulkRemoveAssetPermissions import
- Fixed import organization in find-user-by-email.ts
- Updated CLAUDE.md to reflect tests are written and fixed API example
- Clarified TODO comment in lookup.ts to prevent potential infinite recursion
These are style and performance improvements that don't affect functionality.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3)
- Removed 'querier' role from admin permission check as it was too permissive
- Added organizationId parameter to dashboard access checks to prevent unauthorized access
- Fixed public dashboard expiry date check to verify dates are in the future
- Added cycle detection for collection permissions to prevent infinite recursion
- Fixed bulk remove permissions to correctly filter by identityIds array
- Updated date comparison to use ISO string format for PostgreSQL timestamp columns
These fixes address critical security and logic issues identified in the PR review.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed AssetTypeSchema to include all active asset types (excluding deprecated 'metric' and 'dashboard')
- Added missing 'restricted_querier' role to UserOrganizationRole type
- Fixed dataset access caching to store full result object including accessPath and userRole
- Updated count query to use SQL COUNT for better performance
- Fixed IdentityType consistency across dataset permissions
- Removed unused 'ne' import from list-asset-permissions.ts
- Updated comments to correctly reference 6 access paths instead of 5
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
This PR migrates the Rust and libraries to TypeScript in the new package.
## Changes
### New Access Controls Package
- Implemented complete asset permissions system with CRUD operations
- Added dataset permissions with all 5 access paths (admin, direct user, user→group, team→direct, team→group, org→default)
- Implemented cascading permissions (metrics inherit from dashboards/chats/collections)
- Added LRU caching to replace Redis (30-second TTL)
- Comprehensive test coverage (148 tests passing, 3 skipped pending createUser)
### Database Package Updates
- Fixed AssetType enum to include all 14 asset types
- Added missing database queries for permissions
- Fixed timestamp fields to use ISO strings
- Added getUserOrganizationsByUserId function
- Created organized query structure by table
### AI Package Updates
- Updated getPermissionedDatasets API calls to new format
- Changed property references from ymlFile to ymlContent
- Fixed all test mocks to match new API structure
### Trigger App Updates
- Updated to use new access controls API
- Fixed test mocks to match DatasetListResult structure
- Added proper type imports
### Server Shared Updates
- Added request/response types for access control endpoints
- Exported types for API consistency
## Testing
- All packages build successfully with turbo build:dry-run
- All tests pass with turbo test:unit
- Full type safety maintained throughout
## Migration Notes
- Drop-in replacement for Rust libraries
- Same permission model and roles
- Cache invalidation strategies implemented
- Soft delete pattern maintained
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Nate Kelley
dal