* fix: support special flow modules in evals
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: extract shared flow helper logic
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: make special flow tools openai-compatible
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: improve flow eval prompts and validation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: relax flow benchmark overfits
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: record updated flow benchmark history
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address flow review findings
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: source flow chat special module prompt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: narrow rawscript helper return type
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: dedupe flow chat prompt guidance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: relax flow test10 validation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: cascade trigger script_path updates on script/flow rename + fix trigger permissioned_as
Backend: When a script or flow path is renamed, automatically update script_path
across all trigger tables (http, email, kafka, websocket, postgres, mqtt, nats,
sqs, gcp, native). Long-running triggers get server_id reset to force restart.
Native triggers additionally get async webhook URL re-registration with external
services (Google, Nextcloud) via token rotation + handler.update().
Frontend: Fix permissioned_as handling across all trigger/schedule editors:
- Allow setting permissioned_as on trigger creation (not just edit) for admins
- Fix hasChanged detection for permissioned_as changes
- Fix FolderEditor group selector showing usernames instead of group names
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename script_rename -> runnable_rename for consistency
"Runnable" is the correct term for both scripts and flows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: remove native trigger re-registration from runnable rename
Keep it simple — only update script_path in the DB for non-native triggers.
Native triggers require external service re-registration (token rotation +
webhook URL update) which adds significant complexity; defer to a future PR.
sqlx files for the updated CTE query need regenerating.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* sqlx
* refactor: call update_triggers_script_path directly, remove windmill-trigger wrapper
No need for the extra module/dep — the common function is called directly
from scripts.rs and flows.rs with inline error mapping.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: reject empty principal in folder default permissioned_as validation
`u/` and `g/` (no name after prefix) were passing validation. Use regex
to require at least one character after the prefix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: prevent async folder-default load from overwriting user's permissioned_as choice
Split the initialization effect into two: one that resets on trigger switch
(tracks permissionedAs), and one that handles folder default loading (tracks
folderDefault.value). The second effect is guarded by a userHasSelected flag
set in handleSelect, so a late-arriving folder default doesn't wipe the
user's explicit selection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* lock
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: improve permissions drawer UX and auto-share resource variables
- When sharing a resource, automatically detect linked variables ($var: refs)
and offer to apply the same permission changes via a toggle (on by default)
- Rename "Share" to "Permissions" across all dropdown menus (resources, variables,
scripts, flows, apps, schedules, triggers)
- Replace Share icon with Shield icon for consistency
- Show default permissions (folder/user/group) as a separate section in the drawer
- Move item path into drawer title ("Permissions for {path}")
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: guard async results against stale drawer state and null-safe extra_perms
- Add path staleness check in loadLinkedVarPaths and loadDefaultPerms
to prevent late async responses from overwriting state when the drawer
was reopened for a different item
- Use ?? {} fallback for folder.extra_perms which can be undefined
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: persist indexer max_index_time_window_secs setting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: toggle UX for indexer time window cap
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: extract flow delete helpers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: unify flow delete planning
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: stabilize flow delete execution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: simplify flow delete plan execution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: allow non-admin users to create HTTP triggers with forced workspaced routes
Non-admin users can now create and fully edit HTTP triggers, but are forced
to use workspaced routes (workspace-prefixed URLs). Instance-wide routes
remain admin-only to prevent cross-workspace URL conflicts.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add missing RLS INSERT/DELETE policies for http_trigger table
Non-admin users were blocked by row-level security when creating HTTP triggers.
Added INSERT, DELETE, see_own, and see_member policies matching other trigger tables.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: allow user paths for HTTP triggers
Remove the hideUser restriction on the Path component so HTTP triggers
can be created under user paths (u/username/...) in addition to folder paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove added note from instance settings description
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: allow non-admins to edit non-workspaced routes without changing route config
Non-admins can now open and edit existing non-workspaced HTTP triggers
(created by admins) as long as they don't modify route_path, http_method,
or workspaced_route. The workspaced prefix is only forced on new triggers.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: allow non-admins to change route_path on workspaced routes
The prevent_route_path_change DB trigger blocked all route_path changes
for windmill_user, even on workspaced routes. Now only instance-wide
(non-workspaced) routes are protected.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add explicit GRANT and force workspaced routes in OpenAPI generator
- Add explicit GRANT INSERT, DELETE on http_trigger to windmill_user
for safety on customer instances
- Force workspaced_route: true for non-admins in OpenAPI route generator
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add deploy restriction rule and fork review requests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt for fork review requests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address PR review comments on fork review requests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename fork review requests to deployment requests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt for deployment request rename
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: inline deployment request panel into deploy layout
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: place Request deployment button to the left of Deploy
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: inline fork triggers into main deploy list
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: open real trigger detail drawer for inline fork triggers
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: email notifications for merge completion and reply pings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: update deployment_request + protection_rule tables on workspace id rename
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to 972893c3870e4c4a70a35748abed282d88904805
This commit updates the EE repository reference after PR #528 was merged in windmill-ee-private.
Previous ee-repo-ref: 5684d1c17d930b17849c1e5d7577891e64682d45
New ee-repo-ref: 972893c3870e4c4a70a35748abed282d88904805
Automated by sync-ee-ref workflow.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: windmill-internal-app[bot] <windmill-internal-app[bot]@users.noreply.github.com>
* feat: add instance-level ruff config auto-pulled by LSP container
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: move ruff config to new LSP tab in instance settings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: silence user-facing toast for non-critical hub script tracking error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* n
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: display message and web search content in agent graph node status
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: use markdown renderer for agent message output
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: revert web search output display — content not useful
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: improve web search alert text
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: align message title styling with other node status sections
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add folder default_permissioned_as rules for ownership defaults on deploy
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: remove unnecessary auth guard on default_permissioned_as — rules are advisory only
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: regenerate system prompts with new CLI commands
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address CI review findings — TOCTOU, race condition, email validation, type coercion
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add sqlx offline cache for test queries (fixes cargo_test CI)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address remaining review findings — incomplete request bodies, dead code, redundant import
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address remaining review findings — full script fields, reactive stores, catch-all validation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: app/schedule/trigger set-permissioned-as fetch remote first to avoid data loss
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: app set-permissioned-as avoid creating redundant app version
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: compact user/group toggle + select for folder default_permissioned_as rules
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: collapse default_permissioned_as section by default in folder editor
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: include default_permissioned_as in FolderFile CLI type for YAML round-trip
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: process folder.meta changes before items in push to apply new rules immediately
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: clone default_permissioned_as on fork/rename + add full lifecycle tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: add no-op guarantee test — folder without rules behaves like before
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename cliBehavior to syncBehavior — more accurate scope
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: thread concurrency semaphore through dedicated worker executors
Pass the concurrency_semaphore parameter through bun, deno, and python
start_worker functions to handle_dedicated_process. Also fix the
DedicatedWorkersSelector to use listWorkspacesAsSuperAdmin (so all
workspaces including admins are visible) and skip loading when disabled.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to limit-workers-one-job branch
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to 54037e77cdd37777560755fef7075d35906c96d8
This commit updates the EE repository reference after PR #523 was merged in windmill-ee-private.
Previous ee-repo-ref: 56890ea8fca2c1c44a1338a27011b4dd1137d9c9
New ee-repo-ref: 54037e77cdd37777560755fef7075d35906c96d8
Automated by sync-ee-ref workflow.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: windmill-internal-app[bot] <windmill-internal-app[bot]@users.noreply.github.com>
Co-authored-by: Ruben Fiszel <ruben@windmill.dev>
The new workspaces: section in wmill.yaml lets the CLI auto-select the
right entry by matching baseUrl + workspaceId against the existing
--base-url and --workspace flags the backend already passes, making the
force_branch override redundant.
Backend field and serializer are intentionally left intact for backward
compat with any repository that already has force_branch saved.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* [ee] feat(vault): add skip_ssl_verify option for HashiCorp Vault
Adds an optional skip_ssl_verify boolean to VaultSettings so
self-signed Vault deployments can be used in development without
needing a custom CA bundle. The flag is surfaced as a Toggle in the
HashiCorp Vault section of the secret backend instance settings and
plumbed through to the EE Vault HTTP client builder.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to bcfb663f9e902539abbbf69c517715eb8d4ce8f9
This commit updates the EE repository reference after PR #526 was merged in windmill-ee-private.
Previous ee-repo-ref: 7e1372b8f59fe81aaf61212970ebdf2286be864d
New ee-repo-ref: bcfb663f9e902539abbbf69c517715eb8d4ce8f9
Automated by sync-ee-ref workflow.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: windmill-internal-app[bot] <windmill-internal-app[bot]@users.noreply.github.com>
* [ee] feat: add external JWT tokens listing in instance settings
Add the ability for superadmins to view all external JWT tokens that have
been used for authentication, along with their claim metadata.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: move external JWT tokens listing to users tab
- Move list endpoint from /oidc/ext_jwt_tokens to /users/ext_jwt_tokens
- Display as a sub-tab below the instance Users tab, only shown when tokens exist
- Use DataTable's built-in load-more pattern for pagination
- Add "Recently active only" toggle (tokens used in the last 30 days)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add dev_override cargo feature to windmill-common
* feat: show placeholder for legacy external JWT entries
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to 62a462461271b900351c18b0ab1ca78651154b2a
This commit updates the EE repository reference after PR #524 was merged in windmill-ee-private.
Previous ee-repo-ref: 7b493a337abe00a47cf9d94847babe3cb3a6799f
New ee-repo-ref: 62a462461271b900351c18b0ab1ca78651154b2a
Automated by sync-ee-ref workflow.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: windmill-internal-app[bot] <windmill-internal-app[bot]@users.noreply.github.com>
* refactor: unify CLI config to workspaces, deprecate gitBranches/environments
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: update frontend examples and regenerate system prompts for workspaces config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: update test files to use workspaces config instead of gitBranches
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: handle --branch with --base-url correctly in sync pull/push
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: warn when --workspace overrides auto-detected branch or misses config entry
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: show reason why workspace was selected in log message
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: clarify specificItems file naming uses gitBranch as suffix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: rename branch-specific to workspace-specific, use workspace name as file suffix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: rename branch-specific to workspace-specific, add comprehensive integration tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: simplify bind and init to be workspace-centric
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: make bind/unbind interactive with --workspace and --branch flags
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: make bind interactive with profile selection, workspace name, and optional branch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: init offers to bind workspace using same flow as wmill workspace bind
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: skip backend git-sync check in init when no workspace was bound
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: skip all API calls in init when no workspace was bound
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: log when RT namespace is skipped, offer to generate it after bind
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: warn when no workspace bound during init
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: init git-sync check uses bound workspace, not active profile
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: init uses selected profile directly, avoids re-resolving and duplicate prompt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: init skips requireLogin, uses bound profile token directly
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: auto-pick or prompt workspace from config when no branch matches
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: show configured workspaces list and bind hint in resolution messages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: cache bound profile to avoid duplicate profile selection prompts in init
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: hoist boundProfile scope, add 2 comprehensive integration tests covering all flows
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: rt.d.ts prompt defaults to no when file exists, better description
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: remove empty overrides from generated config, add specificItems hint
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add inline comments for non-trivial fields, add overrides/promotionOverrides hints to bound workspaces
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: regenerate system prompts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add user offboarding flow with object reassignment
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: require new_operator for permissioned_as when reassigning to folder
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: update on_behalf_of_email on scripts/flows during offboarding
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: extract offboarding to separate module and add integration tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: delete tokens, add operator preview counts, remove token reassignment UI
Tokens are now always deleted during offboarding. Preview now shows
scripts/flows/apps with on_behalf_of and schedules/triggers with
permissioned_as referencing the departing user (even outside their path).
Token reassignment UI removed since webhooks break on path changes anyway.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: rich preview with path lists, warnings, and downloadable report
Preview now returns full path lists (not just counts) for owned objects
and objects executing on behalf of the user. Adds warnings for:
- HTTP triggers (webhook URLs will change)
- Email triggers (addresses will change)
- Broken $var:/$res: references in resources/variables
Frontend provides "Export list" button to download affected content.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: add coverage for dynamic queries (triggers, extra_perms, operator schedules)
Adds HTTP trigger, extra_perms reference, and shared schedule to test
fixture. Tests verify that non-macro sqlx queries (trigger reassignment,
extra_perms cleanup, operator schedule update) work correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: remove broken_references, add full dynamic query test coverage
Remove broken_references field from preview (user's resources/variables
are already in the owned paths list). Add shared HTTP trigger fixture
to test all dynamic query paths: trigger operator preview (line 232),
trigger permissioned_as update for non-user-path (line 951), and
extra_perms cleanup on trigger tables (line 983).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add referencing field to preview for content/value path references
Preview now includes a 'referencing' section listing scripts (by content),
flows (by value JSON), apps (by policy/extra_perms), and resources (by value)
that contain references to u/{username}/ paths. These references may break
after reassignment. Shown in export list and as a warning in the UI.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: rename objects to items in UI, detect on_behalf_of items in hasItems
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: replace remaining objects with items in UI text
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename operator to on_behalf_of, separate owned vs on-behalf UI sections
- Rename new_operator to new_on_behalf_of_user in API and frontend
- Rename op_ prefixed variables to obo_ in backend
- UI now shows separate sections for owned items and items running
on behalf, with the operator selector shown only when needed
- canSubmit logic updated: operator needed for folder targets OR
when on-behalf items exist
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: CSV export, side-by-side layout, always accept new_on_behalf_of_user
- Export affected items as CSV instead of text
- Owned items and on-behalf items shown side by side in summary boxes
- new_on_behalf_of_user always accepted (defaults to target user for
user targets, required for folder targets)
- On_behalf_of selector always visible, auto-defaults when user target
is selected
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: proper pluralization and bottom-aligned counts in summary boxes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: stack info boxes vertically, referencing box as warning style at top
Info boxes (owned, on-behalf, referencing) now one per row instead of
side-by-side. Referencing box uses warning colors. Webhook/email trigger
alerts shown below boxes. Proper pluralization in global modal too.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: CSV exports only referencing items, export button inside warning box
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: use ToggleButtonGroup for user/folder, add reassign toggle on remove
- User/Folder selection now uses ToggleButtonGroup component
- When removing a user, a "Reassign items before removing" toggle lets
the admin skip reassignment and just delete directly
- In reassign-only mode, the toggle is not shown (always reassigns)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: show token details with labels and scopes in preview
Preview now returns token label, scopes, and expiration instead of just
a count. Frontend shows a dedicated token box listing each token with
its scopes. Test updated to verify token label in preview response.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: extract shared offboarding components, per-type trigger links, hash deep linking
- Extract OffboardItemsBox, OffboardReassignControls, OffboardWorkspaceSection,
and offboarding-utils.ts as shared components used by both workspace and global modals
- Change triggers in OffboardAffectedPaths from Vec<String> to HashMap<String, Vec<String>>
so frontend knows which trigger page to link to
- Add hash-based deep linking to all 9 trigger pages and schedules page
- Preserve URL hash in updateQueryFilters across all trigger pages
- Only open editor drawer if the item is found in the list
- Reassign toggle at top with warning alert when disabled (both modals)
- Referencing items box uses yellow warning variant with expandable path links
- Cleaner labels: "Move u/{username}/* items to", "Update triggers/runnables permissions to"
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: rename on_behalf_of section label to match flow advanced settings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: regenerate sqlx query cache
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address PR review issues for offboarding
- Add 9 trigger tables to check_path_conflicts for user-friendly conflict messages
- Fix submit button no-op when user has only on-behalf items (show target selector, fix canSubmit)
- Only delete workspace user when reassignment entry exists (prevent orphaned objects)
- Add $azure_kv: prefix to vault secret query (match rename_user pattern)
- Use Svelte 5 onSelected callback instead of deprecated on:selected
- Make ScriptBuilder section label conditional on canPreserve
- Fix CSV export to include trigger paths via flattenPaths utility
- Fix test_offboard_reassign_only to remove conflicts and assert on response
- Parallelize workspace config fetches in global modal with Promise.all
- Delete tokens when deleting workspace user
- Return structured JSON from global offboard endpoint
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* sqlx
* fix: address second round of PR review issues
- Accumulate per-workspace OffboardSummary in global offboard instead of returning zeros
- Delete workspace user unconditionally when delete_user=true (prevent orphaned usr rows)
- Filter archived/deleted scripts in check_path_conflicts to match preview
- Reset form state when workspace offboard modal reopens
- Move hashHandled=true inside trigger-found guard on all 10 deep-link pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: improve offboarding integration tests
- Add second workspace to fixture for multi-workspace global offboard testing
- Add test_global_offboard_execution: verifies items reassigned across 2
workspaces, user deleted from both, and password row deleted from instance
- Add test_offboard_invalid_target: verifies 400 for nonexistent user,
nonexistent folder, and invalid target format
- Fix test_offboard_to_user: use single DELETE, add explicit new_on_behalf_of_user
- Fix test_global_offboard_preview: assert 2 workspaces instead of 1
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address third round of PR review issues
- Fix ScriptBuilder tooltip to match conditional section label wording
- Clear stale conflicts in global modal on reopen
- Fix test_offboard_to_folder to assert on specific moved path, not pre-existing data
- Allow deleting user with zero items (show Offboard button, skip reassignment)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add global token deletion warning in instance-level offboard modal
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update sqlx
* fix: add raw_app path and dependency_map path reassignment to offboarding
Audit found these tables with user-scoped paths were not being updated:
- raw_app: mirrors app paths, needs path reassignment
- dependency_map: importer_path and imported_path reference user paths
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: move user cleanup to delete_workspace_user_internal, fix review issues
- Move extra_perms, folder owners, drafts, favorites, inputs, captures
cleanup into delete_workspace_user_internal so any user deletion gets
proper cleanup (not just offboard path)
- Fix flow INSERT missing labels and lock_error_logs columns (data loss)
- Fix validate_target returning 404 instead of 400 for nonexistent targets
- Fix canSubmit blocking delete when user has no items to reassign
- Fix token preview query filtering out tokens without scopes
- Fix token warning messages: workspace-level mentions webhooks/HTTP triggers,
instance-level mentions API calls using credentials
- Fix "Schedules and triggers" -> "Triggers and runnables" wording
- Show token section at instance level only when tokens exist
- Show Offboard button at instance level when user has no items but deleteUser=true
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add CI test scripts with auto-trigger on deploy
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: fix annotation parser early return and handle renames correctly
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: move CI test results to top of script/flow detail pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: improve CI test results spacing, icon, and remove pass label
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: support one-line annotation and use script/path format
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: move CI test trigger logic to EE
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: move CI badge next to New badge and add deduplicated CI summary
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add CI test e2e tests and fix nullable column annotations
Add integration tests for CI test annotation parsing (creates/removes
ci_test_reference rows) and the CI test results API (single + batch
endpoints). Add backend test for auto-trigger on deploy (private+python).
Fix sqlx LEFT JOIN LATERAL nullable column annotations in
get_ci_test_results and get_ci_test_results_batch queries — sqlx
cannot infer nullability from LATERAL subqueries, causing runtime
decode errors when no matching job exists.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix build/sqlx
* fix
* feat: CI test improvements and templates
- Fix windmill-dep-map/private feature propagation in worker, api-scripts,
and api-flows Cargo.toml so CI test triggers actually fire in EE mode
- Clone ci_test_reference rows during workspace fork
- Add polling to CiTestResults component (refetch every 3s while running)
- Add running state and auto-refresh to ForkWorkspaceBanner CI summary
- Add yellow "CI test" badge on script list rows and detail page
- Fix Library badge border color (remove indigo border override)
- Add CI Test TypeScript and CI Test Python templates in ScriptBuilder
- Update sqlx offline cache
- Add debug tracing for CI test trigger in worker_lockfiles
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add missing children prop to WorkspaceDeployLayout
Fixes svelte-fast-check type error when passing named snippets as
children content inside the component tag.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address PR review feedback
- Remove empty wrapper divs around CiTestResults, move mb-4 into component
- Add batch endpoint size cap (max 200 items)
- Add ON DELETE CASCADE to ci_test_reference workspace FK (new migration)
- Downgrade CI test trigger logs from info to debug
- Fix false-positive polling: only treat status='running' as running,
not null status (CiTestResults, CompareWorkspaces, ForkWorkspaceBanner)
- Fix test numbering in integration tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to latest EE commit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref to d9d68c2406df0b59f413ea0b2cb24780a9817d04
This commit updates the EE repository reference after PR #516 was merged in windmill-ee-private.
Previous ee-repo-ref: d7ccd9b86da99ec056a0e8708e3637d64290387a
New ee-repo-ref: d9d68c2406df0b59f413ea0b2cb24780a9817d04
Automated by sync-ee-ref workflow.
* fix: treat queued jobs (job_id set, null status) as running
Jobs that have been pushed but not yet picked up by a worker have a
job_id but null status. Treat these as 'running' to avoid showing
misleading 'pass' badges or '0 passing'. Tests that were never
triggered (no job_id, null status) remain neutral/hidden.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: hugocasa <hugo@casademont.ch>
Co-authored-by: windmill-internal-app[bot] <windmill-internal-app[bot]@users.noreply.github.com>
* fix: flow dev page layout and compact toolbar improvements
- Fix JSON.parse error on /flows/dev page when editor not yet initialized
- Increase compact topbar threshold from 700px to 800px
- Reposition "Test flow" button below settings bar when pane is narrow on dev pages
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: flow step testing UX improvements
- Store and display logs for step test results (previewLogs in flowState)
- Add logs toggle button in output picker popover
- Fix AI proxy 401 in VS Code extension by passing OpenAPI.TOKEN
- Prevent output picker from closing when clicking Run on same node
- Make toggleOpen idempotent to avoid flicker
- Show loading placeholder in badge area during test execution
- Keep pin button visible during test runs
- Auto-refresh step history when new test completes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: track previous previewJobId to avoid redundant history refreshes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: dev page insert popover z-index, summary editing, output picker UX
- Add #flow-editor portal div to /flows/dev page for correct popover stacking
- Add summary text field at bottom of dev pages when a step node is selected
- Keep pin button visible during test runs
- Show loading placeholder badge to prevent content shift
- Exclude same-node run button from output picker outside-click detection
- Make toggleOpen idempotent when popover already open
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: reuse findModuleInFlow instead of duplicated findModule
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: disable scroll-to-change-number on number inputs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* style: add comment explaining wheel handler
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix JSON.parse error on /flows/dev page when editor not yet initialized
- Increase compact topbar threshold from 700px to 800px
- Reposition "Test flow" button below settings bar when pane is narrow on dev pages
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: zero-downtime coordinated restarts for OTEL and other setting changes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: use background_task_state for server heartbeats and fix stale heartbeat detection
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: show restart propagation toast when saving settings that trigger server restarts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: move alert config from config table to global_settings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename alert setting to alert_job_queue_waiting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: add CLI unit tests for pullInstanceConfigs/pushInstanceConfigs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: update ee-repo-ref.txt to merged main
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add CLI workspace merge command and enhance fork with datatable/color support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: abort fork on git branch failure, per-datatable error handling, guard resetDiffTally
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: add fork/merge integration tests covering full cycle
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: support deploying deletions during fork merge (archive/delete in target)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: share deploy logic between CLI and frontend via windmill-utils-internal
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: revert frontend to self-contained deploy, fix failure_module handling
The frontend imports windmill-utils-internal from npm (published v1.3.4)
which doesn't have the new deploy module yet. Revert frontend to its own
self-contained implementation with two improvements:
- Pass failure_module to getAllModules in flow deploy and getItemValue
- Add deleteItemInWorkspace for deploying deletions during merge
The shared deploy.ts in windmill-utils-internal remains for CLI use.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: share deploy logic via published windmill-utils-internal, add comprehensive integration tests
- Publish windmill-utils-internal v1.3.8 with DeployProvider interface
- Frontend now uses shared deploy module (deployItem, deleteItemInWorkspace,
checkItemExists, getOnBehalfOf, getItemValue) via provider adapter
- Add 4 new integration test sub-tests: all item types, secret variables,
special characters, partial deploy + resetDiffTally
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: remove unused folderName function from frontend utils_workspace_deploy
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
