Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1361 commits
Select commit Hold shift + click to select a range
f88ce7e
feat(agents): spreadsheet analysis tools for Code Interpreter integra…
DerrickF May 7, 2026
95b5e52
feat(inference-api): add S3 read access for spreadsheet analysis tool
DerrickF May 7, 2026
21903d6
feat(inference-api): expand Code Interpreter IAM permissions and docu…
DerrickF May 7, 2026
65b7dee
feat(session): fix assistant persistence across message turns and ses…
DerrickF May 8, 2026
3291bd7
feat(session): fix assistant persistence by storing in preferences an…
DerrickF May 8, 2026
d89acb4
feat(agents): add guidance for handling disabled tools in system prompt
DerrickF May 8, 2026
1756a22
feat(attachments): render markdown previews and modal viewer for .md …
philmerrell May 8, 2026
e2687b6
feat(attachments): server-rendered PDF page-1 thumbnails (#263)
philmerrell May 8, 2026
0ab90bb
feat(spreadsheet-analysis): improve file handling and error guidance …
DerrickF May 8, 2026
55bae89
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 8, 2026
bd6a4bc
Merge remote-tracking branch 'origin/main' into develop
colinmxs May 8, 2026
dbeb6cb
Fix/bff middleware event loop blocking (#264)
colinmxs May 9, 2026
fa82000
chore(deps): upgrade strands-agents to 1.39.0 (#265)
philmerrell May 9, 2026
7b238db
fix(token-accounting): correct per-message cost and context-window se…
philmerrell May 9, 2026
38a63d8
fix(auth): make lava-lamp backdrop dark-mode aware on login & first-b…
philmerrell May 9, 2026
14352ba
feat(auth): add SKIP_AUTH=true local-dev bypass with allowlist guard …
philmerrell May 9, 2026
3229872
fix(bff): cross-task cookie-codec & refresh-lock correctness (#273)
philmerrell May 9, 2026
00fc1c0
fix(bff): replace KMS-wrap data-key bootstrap with Secrets-Manager-ge…
philmerrell May 10, 2026
74141e9
fix(bff): tighten cross-task refresh-lock release + absolute-lifetime…
philmerrell May 10, 2026
1015bb8
feat(auth): centralize 401 redirect + proactive session detection (#277)
philmerrell May 10, 2026
d900f9f
chore(kaizen): scaffold kaizen-research + kaizen-review-prep skills +…
philmerrell May 10, 2026
4521dfc
chore(kaizen): add FastMCP source + security posture lens + library-n…
philmerrell May 10, 2026
bb83d4b
chore(kaizen): scope refinement — remove security lens, add Agentic U…
philmerrell May 11, 2026
0887add
chore(kaizen): add capability-unlock lens + AgentCore BYO filesystem …
philmerrell May 11, 2026
74bfe2f
Release/v1.0.0 beta.25 (#282) (#286)
colinmxs May 12, 2026
ff9a1f2
feat(spreadsheet-analysis): add multi-sheet XLSX support with defensi…
DerrickF May 12, 2026
5f849e1
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 12, 2026
155069c
docs(env): update BFF cookie encryption architecture documentation
DerrickF May 12, 2026
7b86eed
test(spreadsheet-analysis): add comprehensive unit test suite
DerrickF May 12, 2026
745bd84
Fix e2e testing in nightly (#290)
ofilson May 12, 2026
70e8705
feat(spreadsheet-analysis): convert sync file operations to async
DerrickF May 13, 2026
f81f361
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 13, 2026
b246576
feat(chat): apply user default model preference at chat time
DerrickF May 13, 2026
5eedd92
chore: restrict contributions and disable Dependabot version-update P…
colinmxs May 13, 2026
55047c5
chore(kaizen): add initial scoping document for MCP Apps Host Rendere…
philmerrell May 14, 2026
f6cae8d
docs(env): document BFF_COOKIE_DATA_KEY_SECRET_ARN in .env.example (#…
philmerrell May 14, 2026
1bc8002
chore(auth): remove dead Bearer-only auth from app_api post-BFF migra…
philmerrell May 14, 2026
48809c4
feat(admin): admin-managed user-menu links (#298)
philmerrell May 14, 2026
2b0698f
feat(frontend): copy-to-clipboard button on chat code blocks (#299)
philmerrell May 14, 2026
57a7a5a
feat(admin): persistent shell layout with grouped sidebar nav (#300)
philmerrell May 15, 2026
d1c09cf
feat(sidebar): denser session list with skeleton and entry animation …
philmerrell May 15, 2026
11a0e2b
fix(admin): distinguish links in user-menu-link modal and preview (#303)
philmerrell May 15, 2026
dcd8469
chore(kaizen): weekly research scan 2026-05-15 (#302)
philmerrell May 15, 2026
166b69e
chore(kaizen): weekly review prep 2026-05-15 (#304)
philmerrell May 15, 2026
cd16e3f
feat(admin): widen shell and fix sidebar label wrapping (#305)
philmerrell May 15, 2026
943babc
feat(infra): scaffold artifacts stack foundation (#306)
philmerrell May 15, 2026
68e233b
fix(workflows): pass artifact env vars through every consumer workflo…
philmerrell May 15, 2026
eb7c113
docs(artifacts): correct cert-reuse guidance for subdomain primaries …
philmerrell May 15, 2026
2308fae
feat(artifacts): implement render Lambda token verification and conte…
philmerrell May 15, 2026
913668b
feat(artifacts): add app-api render-token minter endpoint (#310)
philmerrell May 15, 2026
d19a8f1
feat(artifacts): add create_artifact / update_artifact agent tools (#…
philmerrell May 16, 2026
3c792c7
feat(artifacts): add SPA artifact panel + artifact SSE event (#312)
philmerrell May 16, 2026
8affdc6
feat(artifacts): configurable extra CSP frame-ancestors (#314)
philmerrell May 16, 2026
a0b7f1c
fix(admin): gate admin user-menu-links resource to stop duplicate loa…
philmerrell May 16, 2026
7cca7b1
feat(artifacts): stream live tool output into the tool rail (#316)
philmerrell May 16, 2026
94bd51f
feat(artifacts): anchor artifact cards inline to their producing mess…
philmerrell May 16, 2026
2244e95
feat(artifacts): support Markdown content type in artifact tool (#318)
philmerrell May 16, 2026
9c9cbd1
feat(artifacts): dock artifact panel beside chat, resizable, redesign…
philmerrell May 16, 2026
75f9f8a
feat(artifacts): full-width inline card + download button on card and…
philmerrell May 17, 2026
372a88b
feat(artifacts): add preview/code toggle with syntax-highlighted sour…
philmerrell May 17, 2026
1d0fae6
fix(artifacts): scope artifact card z-index with isolation:isolate (#…
philmerrell May 17, 2026
6815830
feat(artifacts): per-version history cards + panel version picker (#324)
philmerrell May 17, 2026
4828b63
feat(artifacts): auto-open panel on create, skeleton loader, latest-v…
philmerrell May 17, 2026
e0598a7
fix(artifacts): allow jsdelivr/unpkg CDNs so Chart.js artifacts rende…
philmerrell May 17, 2026
2cf5935
fix(docker): bump pinned curl to 8.14.1-2+deb13u3 (unblock dev deploy…
philmerrell May 17, 2026
f15130a
feat(chat): recoverable max_tokens truncation with Continue affordanc…
philmerrell May 17, 2026
a204242
fix(inference): coerce integer inference params to int and harden thi…
philmerrell May 17, 2026
de92dad
Harden max_tokens inference params: int coercion + model-ceiling cap …
philmerrell May 17, 2026
3567b18
feat(inference): admin-configurable effort + model-aware adaptive thi…
philmerrell May 18, 2026
a13b00e
feat(admin): redesign model views as compact expandable rows (#332)
philmerrell May 18, 2026
e67ccce
feat(chat): autofocus message input on session load and switch (#333)
philmerrell May 18, 2026
ccffa22
feat(seed): register artifact tools as default public tools (#334)
philmerrell May 18, 2026
3ff70c3
feat(admin): redesign tools catalog and form to match model views (#335)
philmerrell May 18, 2026
e1362c7
fix(frontend): bake real version into deploy builds (#336)
philmerrell May 18, 2026
fbd8635
chore(deps): bump bedrock-agentcore 1.6.4 -> 1.9.1 (+ coupled boto3 1…
philmerrell May 18, 2026
bc16420
kaizen bundle: /ping reap fix + A2A guard + research URL cleanup (#338)
philmerrell May 18, 2026
a24754d
refactor(chat): lift tool-result rendering into a signal-backed rende…
philmerrell May 18, 2026
26b5e69
chore(deps): bump strands-agents 1.39.0 -> 1.40.0 (#340)
philmerrell May 18, 2026
3049816
chore(kaizen): resolve queue items + log decisions (2026-05-15 review…
philmerrell May 18, 2026
ebb542c
feat(infra): add MCP Apps sandbox-proxy origin (CDK) (#343)
philmerrell May 19, 2026
2cd5e11
feat(agents): advertise MCP Apps UI extension on initialize + filter …
philmerrell May 19, 2026
f9ef90a
feat(agents): emit ui_resource SSE via resources/read fetch path (MCP…
philmerrell May 19, 2026
0a4ecd0
feat(agents): add sandboxOrigin to ui_resource + fix permissions shap…
philmerrell May 19, 2026
1877baa
feat(chat): MCP Apps PR #4 — <mcp-app-frame> + postMessage bridge (#346)
philmerrell May 19, 2026
9273c64
feat(mcp-apps): PR #5 — app-initiated tools/call proxying + event bro…
philmerrell May 19, 2026
4b1f334
feat(mcp-apps): PR #6 — ui/message, ui/update-model-context, frontend…
philmerrell May 19, 2026
7749f15
test(infra): enumerate DynamoDB tables instead of hard-coded count (#…
philmerrell May 19, 2026
649a4ea
feat(mcp-apps): PR #7 — dogfood + flip AGENTCORE_MCP_APPS_HOST_ENABLE…
philmerrell May 19, 2026
0feab9d
fix(mcp-apps): unblock App rendering — blob iframe, first-class block…
philmerrell May 19, 2026
ff072ed
fix(mcp-apps): align outer CSP + inner mount to ext-apps basic-host r…
philmerrell May 19, 2026
74cdcfc
feat(mcp-apps): dynamic per-resource CSP for the sandbox proxy (#355)
philmerrell May 19, 2026
b8cd64a
fix(mcp-apps): shorten CFN Comment to fit the 128-char AWS cap (#356)
philmerrell May 19, 2026
fa6c93a
fix(mcp-apps): shorten RHP Comment to fit the same 128-char AWS cap (…
philmerrell May 19, 2026
99524b7
fix(mcp-apps): decode URL-encoded ?csp= in sandbox CFN, add x-csp-deb…
philmerrell May 20, 2026
47ff1d3
chore(mcp-apps): remove x-csp-debug diagnostic from sandbox CFN (#359)
philmerrell May 20, 2026
51466c1
fix(mcp-apps): give inner App iframe allow-same-origin to match basic…
philmerrell May 20, 2026
bf4c216
Add backup tool and document architecture rules for Copilot CLI (#361)
colinmxs May 20, 2026
8f253b1
release: v1.0.0-beta.26 (#362)
colinmxs May 20, 2026
448de24
Release/v1.0.0 beta.27 (#365)
colinmxs May 21, 2026
789a8af
feat(file-sources): add file-source adapter framework (#366)
philmerrell May 21, 2026
2239137
feat(file-sources): map connectors to file-source adapters (#367)
philmerrell May 21, 2026
3fc2ec0
test(frontend): use provideHttpClient/provideHttpClientTesting in ser…
philmerrell May 21, 2026
4a9394f
Release/v1.0.0 beta.27 (#369)
colinmxs May 21, 2026
514161e
docs(kaizen): record MCP Apps host renderer initiative as resolved (#…
philmerrell May 21, 2026
3a43ca8
feat(file-sources): add browse/search/import endpoints (#371)
philmerrell May 22, 2026
a1c75b3
feat(file-sources): add file-source browser to the assistant editor (…
philmerrell May 22, 2026
a72198a
fix(file-sources): send OAuth2CallbackUrl header on file-source calls…
philmerrell May 22, 2026
26a0e28
fix(file-sources): resolve connector tokens with consent-matched cust…
philmerrell May 22, 2026
717ffc9
chore(kaizen): weekly research scan 2026-05-22 (#375)
philmerrell May 22, 2026
aa1b007
chore(kaizen): weekly review prep 2026-05-22 (#376)
philmerrell May 22, 2026
5a88c1c
Redesign assistant editor and file-connector UX (#377)
philmerrell May 22, 2026
06ef667
feat(assistants): start OAuth consent from the editor connector button
philmerrell May 23, 2026
2c38475
feat(web-sources): crawl websites into an assistant's knowledge base …
philmerrell May 23, 2026
b280c8e
refactor(assistant-editor): inline knowledge-base row + connector ske…
philmerrell May 23, 2026
4378580
feat(assistants): download uploaded documents from editor (#380)
philmerrell May 23, 2026
2f937b1
feat(assistant-editor): tailor chat input controls for the preview (#…
philmerrell May 23, 2026
f5ab078
feat(assistants): ground consumer chat in knowledge base only (#382)
philmerrell May 23, 2026
74c15ee
feat(assistants): add viewer/editor permissions to shared assistants …
philmerrell May 24, 2026
8cae47d
feat(assistants): viewer/editor share permissions UI (#113) (#384)
philmerrell May 24, 2026
c9ed75c
chore(kaizen): track LibreChat in weekly research scan (#385)
philmerrell May 24, 2026
7d3cfb2
chore(frontend): drop unused RouterLink imports on admin pages (#386)
philmerrell May 24, 2026
070dc21
style(model-settings): align slide-over with list/form design tokens …
philmerrell May 24, 2026
8de6d86
fix(streaming): stop double-wrapping classified force_stop errors (#388)
philmerrell May 25, 2026
143aed2
fix(streaming): persist synthetic error messages so they survive refr…
philmerrell May 25, 2026
861ceb6
refactor(streaming): drop dead force_stop classifier from coordinator…
philmerrell May 26, 2026
7684e12
feat(devcontainer): reproducible dev container with all toolchains pi…
colinmxs May 26, 2026
95d51d9
feat: add teardown workflow to destroy all CDK stacks (#392)
colinmxs May 26, 2026
cef7045
feat(admin): curated model catalog with provider logos (#393)
philmerrell May 27, 2026
9fc37a1
fix(admin): managed-models list ghosting + delete modal + loading sta…
philmerrell May 27, 2026
10c9f2a
fix(admin): model form redesign tokens + edit-mode loading indicator …
philmerrell May 27, 2026
b7c3bb6
feat(spreadsheet-analysis): fail-fast size guard on analyze_spreadshe…
DerrickF May 28, 2026
9d4a523
feat(spreadsheet-analysis): fail-fast size guard on analyze_spreadshe…
DerrickF May 28, 2026
42eaea1
fix(manage-sessions): replace 'x of x selected' with 'x items selecte…
DerrickF May 28, 2026
8b2d6fe
fix(file-upload): fix duplicate document name error misclassified as …
DerrickF May 28, 2026
e7ecf02
chore(kaizen): add opencode as a tracked research source (#406)
philmerrell May 29, 2026
72547dc
chore(kaizen): weekly research scan 2026-05-29 (#407)
philmerrell May 29, 2026
325f50c
chore(kaizen): weekly review prep 2026-05-29 (#408)
philmerrell May 29, 2026
fd6198a
fix(mcp-apps): fill App iframe height + support fullscreen display mo…
philmerrell May 29, 2026
18394ae
fix(mcp-apps): make fullscreen iframe a true full-viewport overlay (#…
philmerrell May 30, 2026
c38f03e
fix(messages): stop entry animation retaining a transform that traps …
philmerrell May 30, 2026
90bf4cf
feat(mcp-apps): persist UI resources so the mcp-app-frame survives a …
philmerrell May 31, 2026
a8d82ba
fix(mcp-apps): align sandbox proxy <meta> CSP with the header (unbloc…
philmerrell May 31, 2026
bdca737
chore(sessions): remove dead duplicate app_api sessions messages serv…
philmerrell May 31, 2026
61b02d5
docs(mcp-apps): scope moving persisted UI-resource HTML to S3 + conte…
philmerrell May 31, 2026
714c50c
feat(mcp-apps): stream partial tool input for progressive App renderi…
philmerrell Jun 1, 2026
6c9404a
feat(mcp-apps): fullscreen title bar for the App frame, header contra…
philmerrell Jun 2, 2026
e0f7eff
Feature/stack architecture simplification (#396)
colinmxs Jun 2, 2026
3e6343d
fix(infra): align SSM image-tag contract on full ECR URIs + 2 deploy …
colinmxs Jun 2, 2026
4b07901
fix(infra): publish SSM params required by restore tooling + lambda d…
colinmxs Jun 2, 2026
8de1f08
fix(restore): base64-decode B/BS values before TypeDeserializer (#422)
colinmxs Jun 2, 2026
98281cb
fix(restore): bump boto3 max_pool_connections + rename 'Backend Stack…
colinmxs Jun 2, 2026
1b0f249
fix(restore): cross-pool federated-user migration — safe usernames + …
colinmxs Jun 2, 2026
730a5a1
feat(infra): grant AgentCore runtime role bedrock:CountTokens (#428)
philmerrell Jun 3, 2026
883462b
chore(infra): stop tsc from littering compiled test artifacts (#429)
philmerrell Jun 3, 2026
f13dcbe
feat(agents): native Bedrock CountTokens for context attribution (inf…
philmerrell Jun 3, 2026
d78da94
feat(agents): per-turn context attribution breakdown over SSE (#431)
philmerrell Jun 3, 2026
269ccba
feat(frontend): show per-turn context breakdown badge (#433)
philmerrell Jun 3, 2026
e8eb9aa
feat(docs): scaffold Starlight docs site with GitHub Pages deploy (#432)
philmerrell Jun 3, 2026
78faf17
fix(infra): restore MCP sandbox cert deploy var + guard against silen…
philmerrell Jun 3, 2026
e1a7254
fix(test): make config.test env handling hermetic per test (#435)
philmerrell Jun 3, 2026
7ca5c91
docs(deploy): document MCP sandbox cert for fresh deploys; drop dead …
philmerrell Jun 3, 2026
861ef3e
docs(actions): make config reference reflect single PlatformStack (#437)
philmerrell Jun 3, 2026
a23e3a7
fix(infra): re-deploy artifact-render code when the live Lambda drift…
philmerrell Jun 3, 2026
6370640
Conversation Modes - Admin Created System Prompts - Opt In (#411)
DerrickF Jun 3, 2026
190f9c7
ci: re-enable push triggers on deploy workflows
DerrickF Jun 3, 2026
dcb1b7f
feat(docs): restyle docs-site with frosted-glass brand theme (#440)
philmerrell Jun 4, 2026
595f9f2
style(docs): make header GitHub icon neutral and larger (#441)
philmerrell Jun 4, 2026
8df9a15
feat(docs): flesh out the docs-site introduction page (#442)
philmerrell Jun 4, 2026
e294207
Add shared security helpers for URL validation, ownership checks, and…
colinmxs Jun 4, 2026
b9ee9c2
docs(docs-site): write the Deployment section and consolidate Install…
philmerrell Jun 5, 2026
6eaabcf
docs(docs-site): brand redesign + architecture overview page with AWS…
philmerrell Jun 5, 2026
7d4be64
chore(kaizen): weekly research scan 2026-06-05 (#446)
philmerrell Jun 5, 2026
b74c2fa
chore(kaizen): weekly review prep 2026-06-05 (#447)
philmerrell Jun 5, 2026
3ada469
docs(specs): plan for an eval-grade quick-deploy agent skill (#448)
philmerrell Jun 5, 2026
cf613b1
Validate role mappings and shorten role-cache invalidation window
colinmxs Jun 5, 2026
0e04373
Apply static AST policy to user-supplied diagram and analysis code
colinmxs Jun 5, 2026
d5dcb60
feat(tools): add MCPGatewayConfig model for Gateway target registrati…
philmerrell Jun 5, 2026
18734d1
feat(infra): publish gateway id SSM param + app-api Gateway target IA…
philmerrell Jun 5, 2026
6da6fa2
feat(tools): Gateway target service + admin route lifecycle (#419) (#…
philmerrell Jun 5, 2026
d12341a
feat(admin): Gateway target admin form for protocol=mcp (#419) (#455)
philmerrell Jun 5, 2026
f8a600f
feat(tools): AGENTCORE_GATEWAY_ID env override for local/CI testing (…
philmerrell Jun 5, 2026
25add9e
Bind persisted roles to JWT in profile-sync handler (#458)
colinmxs Jun 5, 2026
470dc5c
feat(tools): Gateway MCP targets — self-service registration, agent w…
philmerrell Jun 6, 2026
ba8bcca
docs(docs-site): add API Keys + Admin section to nav, flesh out Tools…
philmerrell Jun 6, 2026
30e4e05
docs(specs): add admin-managed Skills with RBAC + tool binding design…
philmerrell Jun 9, 2026
0ebc9f9
feat(skills): shared data layer for admin-managed skills (PR-1) (#461)
philmerrell Jun 9, 2026
0fee1e0
feat(skills): RBAC extension — grant skills to roles (PR-2) (#462)
philmerrell Jun 9, 2026
a334959
feat(skills): admin API for skill authoring + role grants (PR-3) (#463)
philmerrell Jun 9, 2026
7ab9b4a
docs(specs): re-scope admin Skills to reference material; defer scrip…
philmerrell Jun 10, 2026
f2d1c7a
feat(skills): S3-backed reference-file data layer for admin Skills (P…
philmerrell Jun 10, 2026
93e75d7
feat(skills): admin frontend for authoring skills + reference files (…
philmerrell Jun 10, 2026
12a6445
feat(skills): runtime — DB-backed load + RBAC + skills_hash + local b…
philmerrell Jun 10, 2026
db4bf56
feat(skills): runtime MCP-tool folding + reference-file disclosure + …
philmerrell Jun 10, 2026
cb8253d
feat: per-tool MCP enablement (skills binding + model settings) (#469)
philmerrell Jun 10, 2026
0b11494
feat(skills): flip default agent_type to "skill" (PR-7) (#470)
philmerrell Jun 10, 2026
f55857f
feat(agent): re-enable Strands Bedrock auto prompt caching (#471)
philmerrell Jun 11, 2026
a7869be
docs(env): document missing backend env vars in .env.example (#472)
philmerrell Jun 11, 2026
f16cdc3
feat(settings): platform chat-mode settings foundation (skills-mode P…
philmerrell Jun 11, 2026
5a7180c
add time info to user messages on hover
Jun 11, 2026
6c94b4e
feat(skills): user skills surface + chat-mode policy enforcement (ski…
philmerrell Jun 11, 2026
447afde
chore(kaizen): weekly research scan 2026-06-12 (#475)
philmerrell Jun 12, 2026
9ed37a5
feat(spa): skills mode UX — mode toggle, skills picker, request wirin…
philmerrell Jun 12, 2026
33bc402
fix(agents): raise OAuth consent interrupt for skill-folded external …
philmerrell Jun 12, 2026
5373d00
fix(agents): gate skill-folded external MCP tools behind the approval…
philmerrell Jun 12, 2026
02b81a8
feat: add Amazon Bedrock Mantle as a model provider (#479)
philmerrell Jun 13, 2026
12defcf
Bind persisted email to the validated session in profile-sync handler
colinmxs Jun 16, 2026
b089d56
Wrap user-supplied system prompts with a platform safety floor
colinmxs Jun 16, 2026
f1cb0ae
Route fetch_url_content through the shared URL validator
colinmxs Jun 16, 2026
a478455
Reject session-metadata PUT when session id is owned by another user
colinmxs Jun 16, 2026
8819aef
Scope SigV4 signing on outbound MCP requests to recognized AWS endpoints
colinmxs Jun 16, 2026
a02aae9
fix(backup/restore): include S3 Vectors index in the snapshot loop (#…
colinmxs Jun 16, 2026
d2b9502
feat(docs): add full-screen maintenance page (#482)
philmerrell Jun 17, 2026
aec6eec
feat(docs): remove action buttons from maintenance page (#483)
philmerrell Jun 17, 2026
fab77f7
Tighten admin-route input handling and data-layer ownership edges (#484)
colinmxs Jun 17, 2026
6e19ef3
ci(artifacts): plumb CDK_ARTIFACTS_EXTRA_FRAME_ANCESTORS through depl…
philmerrell Jun 17, 2026
7cb9047
Sanitize admin error paths and pin viewer-facing TLS to 1.2+ baseline
colinmxs Jun 17, 2026
7e43976
fix(skills): resolve and persist subset-scoped external MCP tool bind…
philmerrell Jun 18, 2026
ff7a2c0
fix(deps): remediate all 22 HIGH Dependabot findings (#487)
colinmxs Jun 18, 2026
61ce767
Fix/dependabot quick fixes (#488)
colinmxs Jun 18, 2026
888722d
Fix/dependabot quick fixes (#489)
colinmxs Jun 18, 2026
e24ec9f
ci: add pull_request test gate (backend/frontend/infra) (#490)
colinmxs Jun 18, 2026
62e7d02
fix(infra): shared CloudFront cert + consistent domain/cert handling …
colinmxs Jun 19, 2026
26b99ee
Fix/cdk cli version and deploy node pin (#492)
colinmxs Jun 19, 2026
0f06374
Fix/deploy fixes (#494)
colinmxs Jun 19, 2026
28d7db8
fix(infra): restore stable IAM role names for AgentCore execution rol…
colinmxs Jun 19, 2026
55344bb
fix(ci): build arm64 images on native ARM runners (#496)
colinmxs Jun 19, 2026
a453c84
feat(skills): gate skills feature behind SKILLS_ENABLED flag (default…
philmerrell Jun 22, 2026
3855767
feat(tools): forward admin OIDC token on MCP tool discovery (#498)
philmerrell Jun 23, 2026
d387586
fix(nightly): auto-teardown ephemeral nightly deploys; fix teardown f…
colinmxs Jun 23, 2026
4963129
fix(app-api): grant secretsmanager:PutSecretValue on auth-provider se…
colinmxs Jun 23, 2026
044bfbd
Fix/nightly (#500)
colinmxs Jun 23, 2026
f3aad52
docs(infra): correct stale SSM comment on mcp-sandbox origin wiring (…
philmerrell Jun 23, 2026
f159be3
chore(kaizen): weekly research scan 2026-06-19 (#493)
philmerrell Jun 23, 2026
af7ee1c
fix(mcp-apps): accept spec-array content in ui/message (#503)
philmerrell Jun 24, 2026
c783087
fix(mcp-apps): retry transient TLS/connect failures on MCP client sta…
philmerrell Jun 24, 2026
a58a66d
fix(mcp-apps): give widget ui/message turns the loading + scroll affo…
philmerrell Jun 24, 2026
9e1d6c5
feat(connectors): scaffold export-target adapters for saving conversa…
philmerrell Jun 25, 2026
4c5bf94
feat(export-targets): Google Drive export adapter + transcript render…
philmerrell Jun 25, 2026
7483229
feat(export-targets): export endpoint + conversation-export receipts …
philmerrell Jun 26, 2026
41711ef
feat(export-targets): "Save to…" conversation export SPA + admin mapp…
philmerrell Jun 26, 2026
73421b7
feat(export-targets): destination folder picker for "Save to…" (PR-5)…
philmerrell Jun 26, 2026
9252b0c
feat(infra): support external (cross-account) Route53 hosted zones (#…
colinmxs Jun 26, 2026
270dce4
Release/1.0.0 (#513)
colinmxs Jun 26, 2026
d93ad76
Backmerge/main into develop (#514)
colinmxs Jun 26, 2026
9fe544b
feat(assistants): re-enable tool use for assistants (revert KB-only) …
philmerrell Jun 26, 2026
6e62e52
Merge origin/main into develop (post-1.0.1-release back-merge)
colinmxs Jun 29, 2026
46f2e80
fix(nightly): repoint test/install jobs to post-refactor script paths…
colinmxs Jun 29, 2026
8355e85
fix(deps): remediate 6 open Dependabot alerts (#520)
colinmxs Jun 29, 2026
536e08d
fix(security): remediate CodeQL alerts (HIGH/MEDIUM + NOTE cleanups) …
colinmxs Jun 29, 2026
fa57163
chore(release): 1.0.2 — version bump, release notes, changelog
colinmxs Jun 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/nightly-deploy-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '22'
Expand All @@ -105,6 +106,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: '0.7.12'
Expand All @@ -126,6 +128,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '22'
Expand Down Expand Up @@ -176,6 +179,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '22'
Expand Down Expand Up @@ -212,6 +216,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -243,6 +248,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -281,6 +287,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -317,6 +324,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -348,6 +356,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -379,6 +388,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -410,6 +420,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -440,6 +451,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '22'
Expand Down Expand Up @@ -475,6 +487,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down Expand Up @@ -509,6 +522,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '22'
Expand Down Expand Up @@ -573,6 +587,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: ./.github/actions/configure-aws-credentials
with:
aws-region: ${{ vars.AWS_REGION || 'us-west-2' }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ jobs:

- name: Install frontend dependencies
if: steps.cache-frontend.outputs.cache-hit != 'true'
run: bash scripts/stack-frontend/install.sh
run: bash scripts/frontend/install.sh

- name: Save frontend node_modules cache
if: steps.cache-frontend.outputs.cache-hit != 'true'
Expand Down Expand Up @@ -307,7 +307,7 @@ jobs:

- name: Run backend tests with coverage
id: run-tests
run: bash scripts/stack-app-api/test.sh
run: bash scripts/backend/test.sh

- name: Upload backend coverage artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
Expand Down Expand Up @@ -348,7 +348,7 @@ jobs:

- name: Run frontend tests with coverage
id: run-tests
run: bash scripts/stack-frontend/test.sh
run: bash scripts/frontend/test.sh

- name: Upload frontend coverage artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
Expand Down
27 changes: 27 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,33 @@ All notable changes to this project are documented in this file. Format follows

For narrative release notes written for operators and product owners, see [RELEASE_NOTES.md](RELEASE_NOTES.md).

## [1.0.2] - 2026-06-29

Second patch on the 1.0.0 single-stack architecture. Headlined by **restoring tool use in assistant chats** (reverting the 1.0.0 knowledge-base-only change), plus a CodeQL security-hardening sweep, remediation of 6 Dependabot alerts, and a nightly-pipeline fix. No migration; upgrade in place.

### ✨ Improved

- **Assistants can use tools again** — reverts the 1.0.0 knowledge-base-only restriction (#382). The inference API no longer forces `enabled_tools=[]` on assistant turns and the "Knowledge Base Grounding / no external tools" directive is removed from the system prompt, so the user's selected MCP/tools flow through to assistant chats again. KB context is still pre-stuffed into the user message and assistant instructions still apply. The editor preview now forwards the owner's enabled tools and renders tool-use cards, matching consumer chat. Assistant chats emit tool-use (and MCP-App) events again (#517)

### 🐛 Fixed

- Nightly coverage pipeline: `test-backend`, `test-frontend`, and `install-frontend` jobs failed with "No such file or directory" after the single-stack refactor removed `scripts/stack-app-api/` and `scripts/stack-frontend/`; repointed `nightly.yml` to the sanctioned `scripts/backend/test.sh`, `scripts/frontend/install.sh`, and `scripts/frontend/test.sh` (behavior preserved 1:1) (#518)

### 🔒 Security

- **HIGH `py/incomplete-url-substring-sanitization`** — `external_mcp_client` now parses the URL host (`urlparse`) and matches an anchored suffix instead of substring-checking the whole URL, so an AWS marker in a path/query/userinfo can no longer trick SigV4 signing into attaching IAM credentials to a non-AWS host (#521)
- **HIGH `js/regex/missing-regexp-anchor`** — `admin-tool.model` parses the host (`new URL`) and anchors the AWS-endpoint regexes (`$`), preventing spoofed-host matches (#521)
- **MEDIUM `py/log-injection`** (24 sites across 16 files) — new `apis.shared.security.scrub_log()` neutralizes CR/LF/control characters; applied to every flagged user-controlled log value (#521)
- **MEDIUM `actions/untrusted-checkout`** — added `persist-credentials: false` to all `inputs.ref` checkouts in `nightly-deploy-pipeline.yml` (#521)
- **WARNING `py/regex/duplicate-in-character-class`** — removed a stray `[` from a `re.VERBOSE` comment that the parser misread as a character class (#521)
- Added regression tests: `TestAwsUrlHostSanitization`, `admin-tool.model.spec.ts` (13 cases), `test_log_sanitize.py` (#521)

### 📦 Dependencies

- **docs-site:** `astro` 6.3.1 → 6.4.8 (reflected XSS via slot name GHSA-8hv8-536x-4wqp, host-header SSRF GHSA-2pvr-wf23-7pc7, spread-attribute XSS GHSA-jrpj-wcv7-9fh9); `esbuild` → 0.28.1 via overrides (dev-server arbitrary file read GHSA-g7r4-m6w7-qqqr)
- **frontend:** `esbuild` → 0.28.1 via overrides (transitive through `@angular/build` 21.2.16; GHSA-g7r4-m6w7-qqqr)
- **backend:** `pydantic-settings` 2.13.1 → 2.14.2 (transitive; `NestedSecretsSettingsSource` symlink traversal / local file read GHSA-4xgf-cpjx-pc3j) (#520)

## [1.0.1] - 2026-06-26

First patch on top of the 1.0.0 general-availability release. Adds the ability to **save a conversation to a connected app** ("Save to…", with Google Drive as the reference export target) and **support for external (cross-account) Route53 hosted zones**. Both additions are additive and off by default until configured; existing 1.0.0 deployments upgrade in place with no migration.
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
**An open-source, production-ready Generative AI platform for institutions**
*Built by Boise State University, designed for everyone.*

[![Release](https://img.shields.io/badge/Release-v1.0.1-6366f1?style=flat&logo=github&logoColor=white)](RELEASE_NOTES.md)
[![Release](https://img.shields.io/badge/Release-v1.0.2-6366f1?style=flat&logo=github&logoColor=white)](RELEASE_NOTES.md)
[![Nightly](https://github.com/Boise-State-Development/agentcore-public-stack/actions/workflows/nightly.yml/badge.svg)](https://github.com/Boise-State-Development/agentcore-public-stack/actions/workflows/nightly.yml)

![Python](https://img.shields.io/badge/Python-3.13+-3776AB?style=flat&logo=python&logoColor=white)
Expand Down Expand Up @@ -296,7 +296,7 @@ agentcore-public-stack/

See [RELEASE_NOTES.md](RELEASE_NOTES.md) for the full changelog, including new features, bug fixes, platform upgrades, and deployment notes for each release.

**Current release:** v1.0.1
**Current release:** v1.0.2

---

Expand Down
70 changes: 70 additions & 0 deletions RELEASE_NOTES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,73 @@
# Release Notes — v1.0.2

**Release Date:** June 29, 2026
**Previous Release:** v1.0.1 (June 26, 2026)

---

> ⚠️ **Coming from a pre-1.0.0 (beta) deployment? Read the 1.0.0 release notes first.** There is **no special upgrade path for 1.0.2 itself** — if you're already on 1.0.0 or 1.0.1 you upgrade in place with no migration. But 1.0.0 was the single-stack consolidation, and upgrading **from any beta** to 1.0.0 (and therefore to 1.0.2) is a **destructive backup → teardown → redeploy → restore migration**, not an in-place `cdk deploy`. If you haven't already worked through it, do that before deploying 1.0.2: see [**Upgrading an existing deployment** (1.0.0 notes)](#upgrading-an-existing-deployment) below, or the published guide at <https://boise-state-development.github.io/agentcore-public-stack/deployment/upgrade/>. **Brand-new deployments need none of this.**

---

## Highlights

v1.0.2 is a small, security-focused patch on the 1.0.0 single-stack architecture with one notable behavior change. The headline is that **assistants can use tools again**: 1.0.0 had locked assistant chats to a knowledge-base-only, tool-free mode (#382), and this release reverts that so an assistant can once more leverage the user's selected MCP and built-in tools. Alongside it, this release lands a **CodeQL security-hardening sweep** (two HIGH findings around URL/host validation, a log-injection pass across 24 call sites, and a hardened CI checkout), remediates **6 Dependabot alerts** (Astro XSS/SSRF, esbuild dev-server file read, pydantic-settings path traversal), and fixes the **nightly coverage pipeline** that broke when the single-stack refactor moved its scripts. There is **no migration** — operators on 1.0.0 or 1.0.1 upgrade in place.

---

## Assistants can use tools again

1.0.0 introduced a deliberate restriction: assistant ("RAG") chats ran knowledge-base-grounded with **zero external tools** — the inference API forced `enabled_tools=[]` on assistant turns and the system prompt told the model it had no external tools (#382). That made assistants safe and predictable but also meant they couldn't search the web, hit an MCP server, or run code even when the user had those tools enabled. v1.0.2 reverts the restriction so assistants behave like a normal chat with the assistant's knowledge and instructions layered on top.

What stays the same: knowledge-base context is still pre-stuffed into the user message, and the assistant's custom instructions still apply. What changes: the user's tool-picker selection now flows through to the agent on assistant turns, and assistant chats once again emit tool-use and MCP-App events.

### Backend

- `inference_api/chat/routes.py` — dropped the `enabled_tools=[]` override in the `rag_assistant_id` branch so the client's tool selection reaches the agent, and removed the "Knowledge Base Grounding / no external tools" directive from both the with-instructions and no-instructions system-prompt paths (restoring the pre-#382 prompt composition).

### Frontend

- `chat-request.service.ts` — no longer force-sends `enabled_tools=[]` on assistant turns; the user's tool-picker selection rides along (skills mode stays gated on non-assistant turns).
- `preview-chat.service.ts` — the editor preview now forwards the owner's enabled tools instead of `[]`, and builds the streaming assistant message as ordered content blocks (text interleaved with tool use) wired to `onToolUse`/`onToolResult`, so the shared message-list renders tool cards in the preview exactly like a consumer chat.

### Test coverage

Specs updated to assert tools are forwarded on both assistant and preview turns (`chat-request.service.spec.ts`, `preview-chat.service.spec.ts`).

## 🐛 Bug fixes

- **Nightly coverage pipeline was failing.** The single-stack refactor removed `scripts/stack-app-api/` and `scripts/stack-frontend/`, but `nightly.yml`'s `test-backend`, `test-frontend`, and `install-frontend` jobs still called them, so they died with "No such file or directory." The three scripts were ported to the sanctioned post-refactor layout — `scripts/backend/test.sh`, `scripts/frontend/install.sh`, and `scripts/frontend/test.sh` — with behavior preserved 1:1 (uv install/sync + `pytest --cov`; `npm ci` for frontend and infra; `ng test --no-watch --coverage`). (#518)

## 🔒 Security

This release closes a CodeQL sweep (#521) and 6 Dependabot alerts (#520), each with regression tests where applicable.

**CodeQL code findings (#521):**

- **HIGH `py/incomplete-url-substring-sanitization`** — `external_mcp_client` previously substring-checked the whole URL for an AWS marker before deciding to SigV4-sign. A crafted URL with the marker in a path, query, or userinfo segment could trick it into attaching IAM credentials to a non-AWS host. It now parses the host with `urlparse` and matches an **anchored suffix**. Covered by `TestAwsUrlHostSanitization` (adversarial URLs).
- **HIGH `js/regex/missing-regexp-anchor`** — `admin-tool.model` now parses the host via `new URL` and **anchors** the AWS-endpoint regexes (`$`) so a spoofed host can't satisfy the match. Covered by `admin-tool.model.spec.ts` (13 cases including spoofed hosts).
- **MEDIUM `py/log-injection`** (24 sites across 16 files) — a new `apis.shared.security.scrub_log()` helper neutralizes CR/LF and control characters; every flagged user-controlled log value is now wrapped. Covered by `test_log_sanitize.py`.
- **MEDIUM `actions/untrusted-checkout`** — all `inputs.ref` checkouts in `nightly-deploy-pipeline.yml` now set `persist-credentials: false`.
- **WARNING `py/regex/duplicate-in-character-class`** — removed a stray `[` from a `re.VERBOSE` comment that the regex parser misread as a character class.

**Dependency CVE remediation (#520):**

| Component | Package | From | To | Fix |
|---|---|---|---|---|
| docs-site | `astro` | 6.3.1 | 6.4.8 | Reflected XSS via slot name, host-header SSRF in prerendered error page, spread-attribute XSS |
| docs-site | `esbuild` | — | 0.28.1 (override) | Dev-server arbitrary file read (GHSA-g7r4-m6w7-qqqr) |
| frontend | `esbuild` | — | 0.28.1 (override) | Dev-server arbitrary file read (transitive via `@angular/build` 21.2.16) |
| backend | `pydantic-settings` | 2.13.1 | 2.14.2 | `NestedSecretsSettingsSource` symlink traversal / local file read (GHSA-4xgf-cpjx-pc3j) |

## 🚀 Deployment notes

v1.0.2 is a patch on the single-stack `PlatformStack` architecture. Operators on 1.0.0 or 1.0.1 upgrade in place — **no migration, no new infrastructure, no new env vars.**

- **Behavior change to be aware of:** after deploying, assistant chats will once again use whatever tools the user has enabled (web search, MCP servers, code interpreter, etc.) rather than running knowledge-base-only. If your deployment relied on assistants being tool-free, note that this 1.0.0 restriction has been intentionally reverted.
- The security and dependency fixes require no operator action beyond deploying the new images/SPA build.

---

# Release Notes — v1.0.1

**Release Date:** June 26, 2026
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.0.1
1.0.2
2 changes: 1 addition & 1 deletion backend/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

[project]
name = "agentcore-stack"
version = "1.0.1"
version = "1.0.2"
requires-python = ">=3.10"
description = "Multi-agent conversational AI system with AWS Bedrock AgentCore"
readme = "README.md"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ def _parse_sheet_inventory(bootstrap_stdout: str) -> Dict[str, Any]:
if isinstance(names, list):
result["skipped_preview"] = [str(n) for n in names]
except (ValueError, SyntaxError):
# Best-effort parse — ignore malformed preview metadata.
pass
elif stripped.startswith("sheet|"):
parts = stripped.split("|")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@

from apis.shared.files.models import is_tabular_file

from apis.shared.security.log_sanitize import scrub_log

logger = logging.getLogger(__name__)


Expand Down Expand Up @@ -121,7 +123,7 @@ def _query() -> Dict[str, Any]:
return files

except Exception as e:
logger.error(f"Error querying KB files for assistant {assistant_id}: {e}")
logger.error(f"Error querying KB files for assistant {scrub_log(assistant_id)}: {scrub_log(e)}")
return []


Expand Down Expand Up @@ -154,5 +156,5 @@ async def _get_session_files(session_id: str) -> List[Dict[str, Any]]:
return files

except Exception as e:
logger.error(f"Error querying session files for {session_id}: {e}")
logger.error(f"Error querying session files for {scrub_log(session_id)}: {scrub_log(e)}")
return []
4 changes: 3 additions & 1 deletion backend/src/agents/main_agent/agent_types.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@

from agents.main_agent.base_agent import BaseAgent

from apis.shared.security.log_sanitize import scrub_log

logger = logging.getLogger(__name__)


Expand Down Expand Up @@ -47,7 +49,7 @@ def create_agent(agent_type: str = "chat", **kwargs) -> BaseAgent:
available = ", ".join(sorted(_AGENT_TYPES.keys()))
raise ValueError(f"Unknown agent_type '{agent_type}'. Available: {available}")

logger.info(f"Creating {agent_type} agent ({agent_class.__name__})")
logger.info(f"Creating {scrub_log(agent_type)} agent ({agent_class.__name__})")
return agent_class(**kwargs)


Expand Down
Loading