Tags · postgres-ai/postgresai · GitHub
Skip to content

Tags: postgres-ai/postgresai

Tags

0.16.0-rc.3

Toggle 0.16.0-rc.3's commit message
Merge branch 'security/remove-explain-generic' into 'main'

fix(security): remove explain_generic SECURITY DEFINER helper (RCE)

See merge request postgres-ai/postgresai!335

0.16.0-rc.2

Toggle 0.16.0-rc.2's commit message
Merge branch 'feature/require-project-name' into 'main'

fix(monitoring): remove postgres-ai-monitoring default; require project name

Closes #249

See merge request postgres-ai/postgresai!333

0.16.0-dev.2

Toggle 0.16.0-dev.2's commit message
Merge branch 'feature/require-project-name' into 'main'

fix(monitoring): remove postgres-ai-monitoring default; require project name

Closes #249

See merge request postgres-ai/postgresai!333

0.16.0-dev.1

Toggle 0.16.0-dev.1's commit message
0.16.0-dev.1 - mon local-install arms hands-off AAS auto-collection (…

…platform-all 338); includes monitor Grafana-user default, datasource readiness retry, ambiguous-datasource short-circuit, reporter URL fix. Dev build for prod auto-AAS rollout.

0.16.0-dev.0

Toggle 0.16.0-dev.0's commit message
fix(cli): address AAS review — drop racy token prune, harden logging …

…+ tests (platform-all#338)

Adversarial review of the AAS step (no HIGH; secret-handling/best-effort/labels/
wiring/SSRF all clean) surfaced:

- **M1 (drop the token prune):** the unconditional prune deleted ALL tokens on
  the pgai-aas-collect SA before minting — racy: a concurrent/re-run install
  could delete the token the platform currently holds (stored encrypted),
  silently 401-ing collection until the next register. The unique mint name
  already prevents 409s, so the prune wasn't needed. Removed it; documented why
  (orphaned Viewer tokens are benign; hygiene belongs to a non-racy mechanism).
  This reverses the AUTO_ONBOARD_PLAN's earlier "prune" suggestion in favor of
  correctness.
- **L3:** no longer log the RPC error *body* under DEBUG — a platform could echo
  the request payload (incl. sa_token) in an error body, which must not reach the
  user's log. Log HTTP status only.
- **L1:** comment that the single "prometheus"-typed datasource is the VM one
  (VM speaks PromQL); >1/0 → skip, matching v1.aas_onboard's discovery contract.
- **L2 (test gaps):** added coverage for the existing-SA branch (reuse, no
  create; token minted on the found id), datasource ambiguity (0 and >1 → ok:false,
  no RPC), and a keyless mint (→ ok:false, no RPC).

bun test green (13 AAS cases + monitoring suite, 77 pass). Part of postgres-ai/platform-all#338.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

0.16.0-rc.1

Toggle 0.16.0-rc.1's commit message
Merge branch 'fix/cli-401-hint' into 'main'

fix(cli): append 'postgresai auth' remediation hint to 401 errors

See merge request postgres-ai/postgresai!320

0.16.0-rc.0

Toggle 0.16.0-rc.0's commit message
Merge branch 'fix/cli-401-hint' into 'main'

fix(cli): append 'postgresai auth' remediation hint to 401 errors

See merge request postgres-ai/postgresai!320

0.15.0

Toggle 0.15.0's commit message
Merge branch 'fix/npx-upgrade-stale-compose' into 'main'

fix(cli): refresh stale docker-compose.yml on non-git npx upgrade (VM_AUTH wiring) — GA blocker #186

Closes #186

See merge request postgres-ai/postgresai!283

0.15.0-rc.8

Toggle 0.15.0-rc.8's commit message
Merge branch 'fix/npx-upgrade-stale-compose' into 'main'

fix(cli): refresh stale docker-compose.yml on non-git npx upgrade (VM_AUTH wiring) — GA blocker #186

Closes #186

See merge request postgres-ai/postgresai!283

0.15.0-rc.7

Toggle 0.15.0-rc.7's commit message
Merge branch 'fix/grafana-rc6-qa-bugs' into 'main'

fix(grafana): RC6 demo QA pass — Dashboard 3 query text, Dashboard 6 title TODO, ASH legend dedup, default time range, version banner

Closes #217

See merge request postgres-ai/postgresai!281