Merge stable into develop#9300
Open
infrahub-github-bot-app[bot] wants to merge 27 commits into
Open
Conversation
The browser Clipboard API (navigator.clipboard) is only available in
secure contexts (HTTPS or localhost). When Infrahub is accessed over
plain HTTP, clipboard writes silently failed because the code attempted
the async API without checking context security first.
Use document.createRange() + window.getSelection() + execCommand("copy")
as a synchronous fallback when the secure context or Clipboard API is
unavailable. This avoids the React Aria focus-trap issue that broke the
previous textarea-based fallback (the textarea could not receive focus
while a Popover was open).
Fixes #8857
- Make copyToClipboard async (returns Promise<void>) so callers that await it (e.g. clipboard.tsx) get correct ordering guarantees - Rewrite promise chain as try/await/catch for clarity - Add unit tests covering secure-context, non-secure context, unavailable clipboard, and rejected writeText paths Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix merge with delete of migrated kind object * doc string update * remove extraneous parenthes
fix(frontend): copy to clipboard fails over HTTP (non-secure context)
* IFC-2025: Fix artifact diff migrated kind * update test
The run_user_check flow iterated over check_run.log_entries, which is a single formatted string rather than the structured list of log records. Iterating a string in Python yields one character at a time, so the Prefect flow logger received one warning event per character instead of one per log entry. The loop now iterates check_run.logs and renders each entry as a single line via a new format_check_log_entry helper. Fixes #8224
…9319) Add `min-integrity: approved` and `approval-labels: [state/ai-pipeline-ready]` to the four bug-agent workflows. External reporters (author_association: NONE) default to unapproved integrity and are blocked by the gh-aw auto-lockdown. Applying the `state/ai-pipeline-ready` label promotes such issues to approved, gating each pipeline stage behind explicit maintainer review. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…er-per-line fix: emit one log line per user check log entry
This was referenced May 21, 2026
* Bug pipeline documentation inside infrahub project * detailed branch naming * Document approval-label gate for community-reported issues Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Activate RET rule for ruff * fix: RET violations in core/node module * fix: migrate RET504 violations in core/migrations * fix: remove RET504 violations in backend source code * fix: remove RET504 violations in backend tests * fix: remove RET504 violation in tasks/utils * fix: apply ruff format after RET rule activation
…on (#9322) * fix: pass SchemaBranch when parsing constraint paths in HFID derivation _derive_human_friendly_id was passing the NodeSchema as the `schema` argument to parse_schema_path, but that parameter is treated as a SchemaBranch (the function calls .get(name=..., duplicate=True) on it). With a single-element relationship-only uniqueness_constraint (e.g. [["parent"]]), the relationship branch runs and crashes with AttributeError: 'NodeSchema' object has no attribute 'get'. * add fixture for test * use fixture and call process() in test
* test: add failing test for #9209 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: reject schema names containing the path separator '__' Add validate_no_double_underscores_in_names to SchemaBranch.process_validate so attribute and relationship names containing '__' are rejected at load time. Schemas with such names previously loaded successfully but collided with the path-splitting logic in parse_schema_path, leaving the affected attribute or relationship unreachable via paths like name__value. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: apply ruff autoformat Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: add changelog for #9209 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor: fold double-underscore check into validate_names validate_names already enforces name policy (duplicates, reserved names) in a single attributes/relationships pass with the same INTERNAL_SCHEMA_NODE_KINDS skip. Folding the '__' rejection into that loop avoids a near-duplicate validator and keeps name policy in one place. Behavior and error messages are unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: simplify double-underscore tests to plain unit functions Drop the dataclass/parametrize scaffolding for two cases with a single differing input. Call validate_names() directly (now the rule's home), anchor the match on the actual error wording, and match the existing file's plain style. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: call out the breaking change in #9209 changelog Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…lows (#9336) Avoids auto-filing GitHub issues when a bug-agent workflow run fails; failures should surface via the existing PR/issue comment outputs only.
…error (#9281) * fix(backend): Exclude cascade deleted nodes from deletion validation error * fix: Formatting * fix: Address review comments
Bumps the uv group with 1 update in the / directory: [idna](https://github.com/kjd/idna). Bumps the uv group with 1 update in the /python_testcontainers directory: [idna](https://github.com/kjd/idna). Updates `idna` from 3.11 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `idna` from 3.11 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `idna` from 3.11 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) Updates `idna` from 3.11 to 3.15 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: indirect - dependency-name: idna dependency-version: '3.15' dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): bump the uv group across 2 directories with 1 update
Co-authored-by: Yvonne <yvonne@opsmill.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
The three /getting-started/* links in README.md returned 404 after the docs reorganized those pages under /overview/*. - /getting-started/quick-start -> /overview/quickstart - /getting-started/overview -> /overview - /getting-started/concepts -> /overview/concepts Closes #9339 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* LLM rule for SOLID basics * multiple implementations note, use link
Removes `min-integrity: approved` and `approval-labels: [state/ai-pipeline-ready]` from the four bug-agent workflow frontmatters and regenerates the lock.yml files via `gh aw compile` (pinned to v0.71.5 to match the compiler version recorded in `.github/aw/actions-lock.json`). Restores the pre-#9319 behavior where the bug pipeline is not gated behind the approval label. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* make name required on SchemaBranch * guard for None in add_hierarchy_node * clean up Node/Generic typing * clean up typing in SchemaBranch.diff * remove arg-type exception from mypy on schema_branch.py * Change assertions to conditionals for node schema validation Replace assertions with conditional checks for node schema types. * Apply suggestion from @ajtmccarty * add SchemaBranchDict TypedDict * remove .get() now that TypedDict is in place * add and use get_node_or_generic_schema() * fix leftover conflict
* test: add failing test for #7924 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(backend): enforce uniqueness check on computed attributes Required computed attributes were never added to the uniqueness check filter because the widening logic only covered optional attributes, so duplicate Jinja2-derived values silently slipped through and could produce duplicate HFIDs. Widen the filter to include computed unique attributes in both grouped and attribute uniqueness checkers, and report the input attributes (e.g. "computed from: model") in the violation message so the user can act on the right field. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(changelog): add fragment for #7924 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: cover computed unique secondary-constraint path; drop dead-code edit Add a third replication test exercising a schema where the computed unique attribute is not the HFID, so the violation surfaces as ValidationError (STANDARD) rather than HFIDViolatedError. Drop the earlier edit to NodeAttributeUniquenessConstraint: that class has no production caller — the NodeConstraintRunner only invokes the grouped checker — so widening its filter had no runtime effect. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: move computed-attribute uniqueness tests to node create-flow file The replication tests drive create_node() directly — they exercise the production create path, not the NodeGroupedUniquenessConstraint class in isolation. Move them to backend/tests/component/core/node/ alongside test_template_pool_allocation.py, which is the existing home for create_node integration tests. Drop the now-redundant constraint-level test that overlapped with the create-flow coverage. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: new test and schema docstring * fix(backend): try catch the JinjaTemplateError * fix(backend): resolve computed-attribute inputs via schema path validation The previous implementation extracted input attribute names from Jinja2 variables with a naive split on '__', which dropped the peer attribute when the variable referenced a relationship path (e.g. 'owner__name__value' collapsed to 'owner'). Reuse the schema-path validation already used by the macro processor so relationship-attribute inputs render as '<relationship>.<attribute>' in the violation message. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(backend): name the implicit-uniqueness-check predicate Extract the inline boolean expression into _should_implicitly_check_uniqueness with a docstring that explains why optional or computed unique attributes must be evaluated even when absent from the user-supplied filter list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(backend): extract UniquenessViolationMessageBuilder Move the violation-message formatting (including the Jinja2 template variable resolution that names input attributes for computed fields) out of NodeGroupedUniquenessConstraint into a dedicated builder class. The builder takes only a SchemaBranch and is therefore unit-testable without a database. Inject it through the constraint constructor; the dependency builder wires up the registry-bound SchemaBranch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: docstring for message builder methods * test: factor computed Jinja2 attribute construction into a shared builder Add tests/helpers/schema_builders.computed_jinja2_attr to remove the repeated read-only/unique/Jinja2 computed-attribute boilerplate across the computed-uniqueness fixtures, and convert those fixtures from dict form to object form so both the unit and component trees share the builder. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(backend): split computed-input collection into focused helpers Decompose UniquenessViolationMessageBuilder._collect_computed_inputs so each method owns one level: the orchestrator deduplicates across fields, _inputs_for_field resolves one field's Jinja2 template, and _resolve_input_name maps a single path to a user-facing name. Hoist the static path-type mask to a module constant. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: minimize computed-uniqueness fixtures to the reported schema Reshape the three fixtures around the minimal RandomStuff schema from the original report and strip attributes, display labels, and the back-relationship that the assertions never exercise. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(changelog): reword fragment for #7924 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(backend): make uniqueness check helper an instance method * docs: clarify uniqueness check helper docstring summary --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging stable into develop after merging pull request #9273.
Summary by cubic
Merges stable into develop with fixes to merge and artifact diffs, restores clipboard copy over HTTP, enforces uniqueness on computed attributes with clearer messages, and finalizes 1.9.6 with docs and workflow updates. Reverts approval-label gating for bug-agent workflows and keeps auto-issue filing disabled; tightens
SchemaBranchtyping (name required) to improve schema validation.Bug Fixes
state/ai-pipeline-readyapproval-label gate; keepreport-failure-as-issue: falsein all stages.namerequired, addSchemaBranchDict, use get_node_or_generic_schema, and harden node schema validation; adjust tests./overview/*, add bug pipeline docs in CONTRIBUTING, add an LLM rule covering SOLID basics, and rename “Automation & Outputs” to “Design & Integrate”.Dependencies
infrahub-serverandinfrahub-testcontainersto 1.9.6; add changelog and release notes.python_sdkto v1.20.1.docker-compose.ymldefault image tag to 1.9.6.idnato 3.15 via uv group updates.Written for commit ecf56a1. Summary will update on new commits. Review in cubic