sync upstream and preserve Slock agent token callback#1
Merged
Conversation
…gaut#13) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.19.0 to 5.19.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.19.0...v5.19.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Documentation-only change. Tests were not run.
Adds a dormant wiki catalog substrate and validates it with: - go test . ./internal/db ./internal/wikicatalog ./internal/service ./internal/testharness
Routes catalog writes through the request-scoped DB provider and validates the catalog/service wiring with: - go test . ./internal/wikicatalog ./internal/service ./internal/testharness
Adds catalog list-query benchmark and regression coverage. Tests: - go test ./internal/wikicatalog/... - go test -run '^TestCatalogListQuery_PerformanceCeiling$' ./internal/wikicatalog
Routes ListWikiPages through the catalog projection and validates service/catalog behavior with: - go test ./internal/service ./internal/wikicatalog ./internal/testharness
Routes wiki reads, writes, and git push ingestion through the catalog source of truth. Tests: - go test . ./internal/githttp ./internal/gitstore ./internal/rest ./internal/router ./internal/service ./internal/wikicatalog ./internal/testharness
Moves stale wiki catalog replay to a tenant-scoped background path. Tests: - go test ./internal/githttp ./internal/rest ./internal/service ./internal/testharness
Adds TiDB-backed wiki full-text and vector search support. Tests: - go test . ./internal/db ./internal/controlplane ./internal/service/search - go test ./internal/service -run 'TestWikiSearch' - go test ./internal/rest -run 'TestWiki' - go test ./internal/service
Fuses lexical and semantic wiki search candidates while preserving stable pagination. Tests: - go test ./internal/service -run 'TestWikiSearch' - go test ./internal/service
Adds token-aware truncation for embedding inputs. Tests: - go test ./internal/embedding - go test ./internal/service -run 'TestEmbedHook_TextTruncation|TestEmbedQuery|TestWikiSearchTruncatesLongPageEmbeddingInput' - go test ./internal/service
Removes the obsolete wiki search auto-reindex startup path. Tests: - go test ./internal/service -run 'TestWikiSearch' - go test ./internal/db ./internal/rest ./internal/service/search ./internal/controlplane - go test ./internal/service
Maps canceled request contexts to HTTP 499 and reduces expected cancellation log noise. Tests: - go test ./internal/rest/respond ./internal/middleware ./internal/db ./internal/logging ./internal/graphql - go test ./internal/rest -run 'Test.*Search|Test.*IssueComment|Test.*Request|Test.*ServiceError' - go test ./internal/rest - go test ./internal/router ./internal/testharness
Standalone public change for `feat: add admin wiki history compaction API`. Tests: - `FAIL internal/rest [setup failed]` - `FAIL internal/router [setup failed]` - `FAIL internal/service [setup failed]` - `FAIL internal/wikicatalog [setup failed]` - `FAIL` - `go test internal/rest internal/router internal/service internal/wikicatalog`
Queues wiki history compaction asynchronously and verifies the affected DB, REST, router, and service paths. Tests: - `go test ./internal/db ./internal/rest ./internal/router ./internal/service`
Standalone public change for `fix: speed up wiki search reindexing`. Tests: - `go test ./internal/db ./internal/service`
Adds wiki compaction recovery for stale ref locks. Tests: - `go test ./internal/gitstore ./internal/rest ./internal/router ./internal/service`
Standalone public change for `fix: disable wiki compaction during incident response`. Tests: - `go test ./internal/rest ./internal/service`
…gaut#32) Standalone public change for `fix: keep wiki compaction disabled and restore wiki list pagination`. Tests: - `go test ./internal/rest ./internal/service`
Standalone public change for `fix: make wiki compaction insert-only`. Tests: - `go test ./internal/db ./internal/rest ./internal/service ./internal/wikicatalog`
Standalone public change for `fix: paginate REST issues in the database`. Tests: - `go test ./internal/rest ./internal/service`
Standalone public change for `feat: support bind grants for agent invites`. Tests: - `go test ./internal/db ./internal/rest ./internal/router ./internal/service`
Standalone public change for `feat: expose embeddable server lifecycle`. Tests: - `go test ./...`
Standalone public change for `fix: avoid ordering token lookups`. Tests: - `go test ./internal/controlplane ./internal/db ./internal/service`
Standalone public change for `docs: add wiki storage v2 design baseline`. Tests: - `git diff --cached --check`
Standalone public change for `fix: reduce issue list query fanout`. Tests: - `go test ./internal/rest ./internal/service`
Standalone public change for `docs: add wiki storage v2 implementation plan`. Tests: - `git diff --cached --check`
Standalone public change for `feat: add renewable agent switch sessions`. Tests: - `go test ./internal/controlplane ./internal/middleware ./internal/rest ./internal/router ./internal/service`
Standalone public change for `feat: add wiki v2 foundation primitives`. Tests: - `go test ./internal/db ./internal/gitstore ./internal/service ./internal/wikiv2`
Standalone public change for `feat: expose provisional wiki v2 reconcile routes`. Tests: - `go test ./internal/rest ./internal/router ./internal/service`
Standalone public change for `feat: hydrate wiki search results from git`. Tests: - `go test ./internal/service`
Standalone public change for `docs: align wiki authority contract with v2 design`. Tests: - `git diff --cached --check`
Standalone public change for `feat: prefer current wiki v2 index for head reads`. Tests: - `go test ./internal/service`
Standalone public change for `feat: add wiki v2 backlink and history indexes`. Tests: - `go test ./internal/db`
Standalone public change for `docs: define wiki storage v2 cutover baseline`. Tests: - `git diff --cached --check`
Standalone public change for `feat: prefer git-first lexical wiki search`. Tests: - `go test ./internal/service`
Standalone public change for `feat: derive wiki v2 history and backlink indexes`. Tests: - `go test ./internal/db ./internal/service`
Remove configurable alternate REST API prefixes so the server consistently exposes the GitHub-compatible `/api/v3` surface. Tests: - `go test ./...`
Clarify the remaining wiki storage cutover goal in the architecture overview and remove issue-number wording from the touched paragraph. Tests: - `go test ./...`
Add a provider-neutral OIDC compatibility layer alongside the existing Auth0 flow, including OIDC discovery and token verification, REST endpoints, service mapping, OpenAPI coverage, configuration, and e2e coverage. Tests: - `go test ./...`
Add provisional wiki v2 read routes for page content, history, backlinks, and search responses while keeping the existing wiki route family intact. Tests: - `go test ./...`
Add the provisional wiki v2 tree endpoint backed by git tree reads, with REST routing, transform helpers, and tests. Tests: - `go test ./...`
Add provisional wiki v2 label routes for list, replace, add, and remove operations, with OpenAPI coverage and route tests. Tests: - `go test ./...`
Remove the provisional wiki v2 REST route surface, rename route tests around the remaining wiki routes, drop the temporary v2 OpenAPI entries, and document the REST boundary. Tests: - `go test ./...`
Add an embeddable identity injection hook for hosted deployments. Embedders can provide a trusted authenticator, middleware resolves it into the normal service user context, and the server exposes the option through embeddable setup APIs. Tests: - `go test ./...`
Remove the legacy Auth0 compatibility layer in favor of the provider-neutral OIDC flow. This removes the Auth0 REST routes and service helpers, moves shared JWKS helpers under OIDC, renames the mock identity server, and updates docs, CI, OpenAPI, and tests around the OIDC-only surface. Tests: - `go test ./...`
Add a Login-with-Slock browser auth flow. The server exposes `/auth/slock/login` and `/auth/slock/callback`, exchanges the Slock authorization code server-side, validates Slock userinfo, maps the Slock identity into local AGS users, and hands the console a one-time AGS authorization code.
Deployment configuration:
- Set all four together to enable: `SLOCK_ORIGIN`, `SLOCK_API_ORIGIN`, `SLOCK_CLIENT_ID`, `SLOCK_CLIENT_SECRET`.
- Set `BASE_URL` to the public AGS origin; the Slock callback URL is `${BASE_URL}/auth/slock/callback`.
- Configure that exact callback URL in Slock.
- If TLS terminates at a reverse proxy, forward `X-Forwarded-Proto: https` so callback cookies are marked secure.
Tests:
- `go test ./...`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ngaut/agent-git-servicemain, including upstream Login-with-Slock PR feat: add Login-with-Slock auth flow ngaut/agent-git-service#61token,user_id,login,type,sub,server_id) forslock integration loginand local CLI integrationspicturefrom/api/oauth/userinfoand prefer it over legacyavatar_urlwhen building the local OIDC profileWhy
Upstream ngaut#61 is correct for browser console handoff, but it is not enough for current Slock Agent Login smoke because agents need a service-owned durable AGS token directly from the callback. Returning only a one-time code tied to an HttpOnly PKCE verifier cookie couples local CLI cases to a browser console flow.
Drive9-style local CLI integrations should not be forced through that browser handoff. This keeps the agent-facing completion contract separate while leaving the browser flow intact.
Validation
go test ./internal/service ./internal/router ./internal/slockoauthgo test ./...git diff --checkNotes