{{ message }}
Tags: postgres-ai/postgresai
Tags
Merge branch 'security/remove-explain-generic' into 'main' fix(security): remove explain_generic SECURITY DEFINER helper (RCE) See merge request postgres-ai/postgresai!335
Merge branch 'feature/require-project-name' into 'main' fix(monitoring): remove postgres-ai-monitoring default; require project name Closes #249 See merge request postgres-ai/postgresai!333
Merge branch 'feature/require-project-name' into 'main' fix(monitoring): remove postgres-ai-monitoring default; require project name Closes #249 See merge request postgres-ai/postgresai!333
0.16.0-dev.1 - mon local-install arms hands-off AAS auto-collection (… …platform-all 338); includes monitor Grafana-user default, datasource readiness retry, ambiguous-datasource short-circuit, reporter URL fix. Dev build for prod auto-AAS rollout.
fix(cli): address AAS review — drop racy token prune, harden logging … …+ tests (platform-all#338) Adversarial review of the AAS step (no HIGH; secret-handling/best-effort/labels/ wiring/SSRF all clean) surfaced: - **M1 (drop the token prune):** the unconditional prune deleted ALL tokens on the pgai-aas-collect SA before minting — racy: a concurrent/re-run install could delete the token the platform currently holds (stored encrypted), silently 401-ing collection until the next register. The unique mint name already prevents 409s, so the prune wasn't needed. Removed it; documented why (orphaned Viewer tokens are benign; hygiene belongs to a non-racy mechanism). This reverses the AUTO_ONBOARD_PLAN's earlier "prune" suggestion in favor of correctness. - **L3:** no longer log the RPC error *body* under DEBUG — a platform could echo the request payload (incl. sa_token) in an error body, which must not reach the user's log. Log HTTP status only. - **L1:** comment that the single "prometheus"-typed datasource is the VM one (VM speaks PromQL); >1/0 → skip, matching v1.aas_onboard's discovery contract. - **L2 (test gaps):** added coverage for the existing-SA branch (reuse, no create; token minted on the found id), datasource ambiguity (0 and >1 → ok:false, no RPC), and a keyless mint (→ ok:false, no RPC). bun test green (13 AAS cases + monitoring suite, 77 pass). Part of postgres-ai/platform-all#338. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Merge branch 'fix/cli-401-hint' into 'main' fix(cli): append 'postgresai auth' remediation hint to 401 errors See merge request postgres-ai/postgresai!320
Merge branch 'fix/cli-401-hint' into 'main' fix(cli): append 'postgresai auth' remediation hint to 401 errors See merge request postgres-ai/postgresai!320
Merge branch 'fix/npx-upgrade-stale-compose' into 'main' fix(cli): refresh stale docker-compose.yml on non-git npx upgrade (VM_AUTH wiring) — GA blocker #186 Closes #186 See merge request postgres-ai/postgresai!283
Merge branch 'fix/grafana-rc6-qa-bugs' into 'main' fix(grafana): RC6 demo QA pass — Dashboard 3 query text, Dashboard 6 title TODO, ASH legend dedup, default time range, version banner Closes #217 See merge request postgres-ai/postgresai!281
PreviousNext
