Commit Graph

7 Commits

Author SHA1 Message Date
mantrakp04
8b09fa3479 fix: address PR review comments (commit-hash re-link, cancel stranding, elapsed timer, uuid, test gap)
- index/commit route: gate commit_hash advance on committedRef identity so a
  mid-run repo re-link can't stamp a foreign commit SHA (cross-repo TOCTOU)
- github-push-dialog: cancel handler now settles the dialog itself instead of
  relying on a poll loop that has already exited at awaiting_review
- progress-content: useElapsedSeconds reacts to startedAt changes (fresh anchor)
  so a post-mount start time no longer freezes a stale offset
- schema-fields: configAgentRunSchema.id uses .uuid() to match the @db.Uuid column
- tests: cover the SyntaxError config-eval path and the re-link commit-hash case
2026-06-26 17:54:44 -07:00
mantrakp04
49a0c1083f chore: address config agent review cleanup 2026-06-25 17:51:08 -07:00
mantrakp04
2558a63a81 feat: implement two-phase review flow for config updates
- Introduced a new API route for committing changes after user review, allowing the agent to keep the sandbox alive for inspection before finalizing updates.
- Enhanced the existing applyConfigUpdate function to transition to an awaiting review state, storing the diff for user visibility.
- Added progress tracking and stage reporting for the config agent run, improving user feedback during the update process.
- Updated the dashboard to reflect the new review stages and provide a more interactive experience for managing configuration changes.

Co-Authored-By: mantra <mantra@stack-auth.com>
2026-06-25 17:12:42 -07:00
Devin AI
0f743f93ff fix: address P0-P2 review feedback from Cubic review
P0: Strip OAuth token from git origin after clone so LLM agent
    never sees credentials (repo-agent.tsx)

P1: Replace raw error.message with safe hardcoded text in API
    response and dashboard UI (apply/route.tsx, config-update.tsx)
P1: E2E spike script now requires explicit env vars instead of
    falling back to pushing to main (spike-orchestrator-e2e.mts)

P2: Use urlSchema for commit_url (schema-fields.ts)
P2: Return commitSha directly instead of parsing from URL
    (repo-agent.tsx, apply/route.tsx)
P2: Support LINK_BRANCH_ID env var (link-project-to-github.ts)
P2: Widen structural fallback regex (config-updater.ts)
P2: Log warning when cancel has no sandboxId (cancel/route.tsx)
P2: Reject arbitrary string config values (config-eval.ts)
Co-Authored-By: mantra <mantra@stack-auth.com>
2026-06-25 21:54:46 +00:00
mantrakp04
2f477aba1e feat: enhance GitHub integration with new config seeding and agent routes
- Added a new script for seeding a local dashboard project linked to a GitHub repository, facilitating end-to-end testing of the config-agent flow.
- Introduced new API routes for preparing and applying configuration updates via the GitHub repo agent, improving the workflow for managing config changes.
- Updated the command hook in settings to provide clearer instructions on handling typecheck and lint failures.
- Refactored the config update logic to ensure seamless integration with the new agent routes.

Co-Authored-By: mantra <mantra@stack-auth.com>
2026-06-24 19:07:43 -07:00
Devin AI
024e511c7f fix: address PR review comments - computed props, TS assertions, type casts, DRY imports
- Add prop.computed check in evaluateLiteralNode to reject dynamic keys
- Unwrap TSAsExpression/TSSatisfiesExpression so 'satisfies T' and 'as const' resolve
- Remove 'as' type casts, add isRecord type guard for proper narrowing
- DRY up CONFIG_IMPORT_PACKAGES: config-eval.ts now reuses detectConfigImportPackage
- Add tests for computed property rejection and TS assertion unwrapping

Co-Authored-By: mantra <mantra@stack-auth.com>
2026-06-24 02:26:18 +00:00
Devin AI
f71cde84b8 fix: split config-eval from config-rendering for browser safety
Move Node.js-only functions (evalConfigFileContent, tryEvalConfigFileContent,
detectImportPackageFromDir) to new config-eval.ts. This prevents the dashboard
browser build from failing on fs/path/jiti imports.

Dashboard now uses parseStaticConfigLiteral (regex+JSON.parse) instead of
jiti eval for untrusted GitHub-fetched config content, avoiding RCE risk.

Remove type casts in favor of isRecord type guard.

Co-Authored-By: mantra <mantra@stack-auth.com>
2026-06-23 23:58:42 +00:00