Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1147 commits
Select commit Hold shift + click to select a range
4357ae7
feat(create-training-job): enhance file upload with drag-and-drop sup…
philmerrell Mar 25, 2026
2931014
feat(create-training-job): add support for custom HuggingFace models …
philmerrell Mar 25, 2026
a36a49e
fix(test_model_config): remove caching mock and update test for Bedro…
philmerrell Mar 25, 2026
132c7c3
feat(create-training-job): add tests for custom HuggingFace model sel…
philmerrell Mar 25, 2026
d263dd8
feat: refactor session compaction and enable by default (#86)
philmerrell Mar 25, 2026
ce684db
test(to_bedrock_config): add missing result assignment in caching dis…
philmerrell Mar 25, 2026
8ffc198
Potential fix for code scanning alert no. 41: Clear-text logging of s…
colinmxs Mar 25, 2026
d35fb8a
feat(frontend): enable production optimization, branch-aware BUILD_CO…
colinmxs Mar 25, 2026
e45c56f
fix: move Google Fonts import to index.html to prevent CI build failure
colinmxs Mar 25, 2026
89d9522
ci: skip docker builds and CDK synth on pull requests
colinmxs Mar 25, 2026
c325411
implement conversation sharing. (#87)
ofilson Mar 25, 2026
b453413
Allow for private share (only with yourself)
Mar 25, 2026
2f6669a
release: v1.0.0-beta.19
colinmxs Mar 25, 2026
23c7ba7
fix float error on sharing
Mar 25, 2026
580fd56
Merge branch 'develop' of https://github.com/Boise-State-Development/…
Mar 25, 2026
22d015b
Apply suggestions from code review
colinmxs Mar 25, 2026
1702294
ci: skip redundant stack dependency checks on PRs (keep infrastructur…
colinmxs Mar 25, 2026
c499d03
ci: skip install on PRs for rag-ingestion (no downstream jobs)
colinmxs Mar 25, 2026
5398f25
ci: revert check-stack-deps skip on workflows with PR jobs, skip enti…
colinmxs Mar 25, 2026
e47c639
fix(security): resolve CodeQL log-injection, unused-import, and unuse…
colinmxs Mar 26, 2026
a17b71c
fix(tests): remove stale AgentCoreMemorySessionManager patch from ses…
colinmxs Mar 26, 2026
ce0296b
chore(docker): add shared embeddings module to rag-ingestion Lambda i…
DerrickF Mar 26, 2026
886d979
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF Mar 26, 2026
6e871ce
fix(quality): resolve all open CodeQL findings on develop
colinmxs Mar 26, 2026
a654f36
fix(deps): patch Dependabot security vulnerabilities
colinmxs Mar 26, 2026
25617d9
fix(rag-ingestion): ensure Lambda uses latest image digest on deploy
DerrickF Mar 26, 2026
78fb67b
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF Mar 26, 2026
7421dce
fix share issues and icon tweaks
Mar 26, 2026
642feed
release: v1.0.0-beta.20
colinmxs Mar 26, 2026
71b4955
Merge remote-tracking branch 'origin/main' into develop
colinmxs Mar 26, 2026
a126401
fix(rag-ingestion): restore shared embedding re-exports for Lambda ha…
colinmxs Mar 26, 2026
e417b4f
feat(documents): add upload failure reporting and assistant cleanup
DerrickF Mar 27, 2026
c997f02
feat(assistants): remove archive functionality and simplify deletion
DerrickF Mar 27, 2026
9cb2135
feat(frontend): upgrade Analog.js testing dependencies and remove vit…
DerrickF Mar 27, 2026
3eb5e63
feat(documents): implement reliable deletion with soft-delete and cle…
DerrickF Mar 28, 2026
e0b3f34
test(assistants): remove archive assistant test and fix package depen…
DerrickF Mar 28, 2026
9a5c4ed
chore(frontend): pin Analog.js dependencies to exact versions
DerrickF Mar 28, 2026
b840de1
chore(frontend): pin Analog.js devDependencies to exact versions
DerrickF Mar 28, 2026
59fc377
feat(fine-tuning-dashboard): add informational section about fine-tun…
philmerrell Mar 31, 2026
fd786de
chore(deps)(deps): bump the frontend-minor-patch group (#101)
dependabot[bot] Mar 31, 2026
f9b063d
chore(deps)(deps): bump the aws-cdk group (#90)
dependabot[bot] Mar 31, 2026
c9ba4d4
chore(deps)(deps): bump actions/setup-node from 5.0.0 to 6.3.0 (#100)
dependabot[bot] Mar 31, 2026
e841cc8
chore(deps)(deps): bump github/codeql-action (#95)
dependabot[bot] Mar 31, 2026
b1f0ccb
chore(deps)(deps-dev): bump @types/node in /infrastructure (#94)
dependabot[bot] Mar 31, 2026
8c07fe8
chore(deps)(deps-dev): bump jsdom in /frontend/ai.client (#102)
dependabot[bot] Mar 31, 2026
f5d6989
chore(deps)(deps): bump ng2-charts in /frontend/ai.client (#105)
dependabot[bot] Mar 31, 2026
8425ede
chore(deps)(deps): bump the angular group (#97)
dependabot[bot] Mar 31, 2026
2195d52
chore(deps)(deps-dev): bump jest and @types/jest in /infrastructure (…
dependabot[bot] Mar 31, 2026
8035b59
add conversation deleting handling for shared conversations + bug fix
Mar 31, 2026
761dcfa
chore(deps)(deps): bump constructs (#91)
dependabot[bot] Mar 31, 2026
e14c3c4
feat(messages): displayText support for RAG-augmented and file attach…
DerrickF Mar 31, 2026
ad9c8d5
chore(deps): bump fast-check from 3.23.2 to 4.6.0
DerrickF Apr 1, 2026
f4c4fb0
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF Apr 1, 2026
4486a1e
chore(deps)(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (…
dependabot[bot] Apr 1, 2026
ab4d86b
chore(deps)(deps): bump actions/download-artifact from 7.0.0 to 8.0.1…
dependabot[bot] Apr 1, 2026
06b4d5e
chore(deps)(deps): bump the python-minor-patch group in /backend with…
dependabot[bot] Apr 1, 2026
11813b3
chore(deps): pin fast-check to exact version 4.6.0
colinmxs Apr 1, 2026
27cf2e7
feat: add fine-tuning cost dashboard and user cost breakdown (#108)
philmerrell Apr 1, 2026
98dabcc
check in share conversations specs
Apr 1, 2026
394716f
chore(docs): update versioning documentation and release notes for v1…
colinmxs Apr 1, 2026
b26994e
ci(frontend): remove common scripts from workflow triggers and restri…
colinmxs Apr 1, 2026
58cb809
Apply suggestions from code review
colinmxs Apr 1, 2026
a47616f
Merge branch 'develop' of https://github.com/Boise-State-Development/…
Apr 1, 2026
e10e0b1
Release 1.0.0-beta.20: Document soft-delete, displayText, fine-tuning…
colinmxs Apr 1, 2026
a59e74a
Purge outdated AI specs and documentation (#121)
colinmxs Apr 1, 2026
0902956
Feat/cognito first boot auth (#125)
colinmxs Apr 3, 2026
8348cfe
fix: stabilize SystemService tests against shared fetch spy
colinmxs Apr 3, 2026
3cdda2e
fix: unify CORS origins across all stacks via buildCorsOrigins helper
colinmxs Apr 3, 2026
6cfa809
fix: complete CORS unification across all stacks
colinmxs Apr 3, 2026
8df8c14
fix: add CDK_DOMAIN_NAME and CDK_CORS_ORIGINS to all workflow jobs
colinmxs Apr 3, 2026
256468c
fix: seed system_admin JWT mapping on startup (additive, non-destruct…
colinmxs Apr 3, 2026
a4c7bd5
fix: make bootstrap script sole owner of RBAC role seeding
colinmxs Apr 3, 2026
d63671d
feat: show required Cognito redirect URI on auth provider form
colinmxs Apr 3, 2026
988d858
chore: bump version to 1.0.0-beta.21
colinmxs Apr 3, 2026
91e3313
fix: show validation summary on model form, uncomment Add Model and B…
colinmxs Apr 3, 2026
fa67a4e
fix: correct ExposedHeaders → ExposeHeaders in RAG CORS Lambda
colinmxs Apr 3, 2026
de5f506
chore: update dependencies across frontend and infrastructure
colinmxs Apr 3, 2026
3d0f964
chore: make frontend install script executable and add CDK dependencies
colinmxs Apr 4, 2026
a7e4cf3
ci: add CORS environment variables to nightly deploy pipeline
colinmxs Apr 4, 2026
8739299
chore(deps)(deps): bump the aws-cdk group (#126)
dependabot[bot] Apr 6, 2026
6fed093
ci: add CDK_CORS_ORIGINS to nightly deploy and guard SSM parameter cr…
colinmxs Apr 6, 2026
617118b
refactor(auth): migrate authentication to Cognito-managed flows
colinmxs Apr 6, 2026
c771186
test(auth): add providerSub field to user service mock
colinmxs Apr 6, 2026
5c7feee
chore(deps)(deps-dev): bump the infra-minor-patch group (#127)
dependabot[bot] Apr 6, 2026
70b73bb
chore(deps)(deps): bump the angular group (#128)
dependabot[bot] Apr 6, 2026
a1eca1d
chore(deps)(deps): bump the frontend-minor-patch group (#131)
dependabot[bot] Apr 6, 2026
22b03d2
docs: remove code review token storage documentation
colinmxs Apr 7, 2026
6454ce3
feat(auth): support JSON array format for custom:roles claim
colinmxs Apr 7, 2026
70db319
feat(auth): enrich user roles from stored profile during token enrich…
colinmxs Apr 7, 2026
9ea91e9
feat(auth): invalidate user profile cache on profile sync
colinmxs Apr 7, 2026
5f4ca67
feat(rbac): allow jwt_role_mappings updates on system_admin role
colinmxs Apr 7, 2026
844e650
test(rbac): update system_admin protection to strip fields
colinmxs Apr 7, 2026
eba1e9b
feat(rbac): increase role priority maximum value to 1000
colinmxs Apr 8, 2026
f8986ac
chore(deps)(deps-dev): bump @analogjs/vitest-angular (#133)
dependabot[bot] Apr 8, 2026
759f6aa
chore(deps)(deps-dev): bump @analogjs/vite-plugin-angular (#132)
dependabot[bot] Apr 8, 2026
3323d0a
chore(release): bump version to v1.0.0-beta.22
colinmxs Apr 8, 2026
9fb851c
chore(deps,ci): upgrade dependencies and fix workflow security issues
colinmxs Apr 8, 2026
7d8124c
merge: main into develop (resolve beta.19/beta.20 squash-merge diverg…
colinmxs Apr 8, 2026
67bb99c
chore: remove codeql-alerts.json file
colinmxs Apr 8, 2026
b66485c
test(session): update compaction config defaults and fix integration …
colinmxs Apr 8, 2026
67c24a3
test(session): enhance session manager fixture with initialize() mock…
colinmxs Apr 8, 2026
343989e
Release 1.0.0-beta.22: Cognito-native auth, CORS unification, RBAC co…
colinmxs Apr 9, 2026
7b73cdb
refactor: centralize env vars and magic strings into config/constants…
philmerrell Apr 11, 2026
bd8602a
refactor: extract BaseAgent ABC and ChatAgent from MainAgent (#140)
philmerrell Apr 11, 2026
ea14e09
feat: add agent type registry and create_agent() factory (#141)
philmerrell Apr 11, 2026
c4f1efa
feat: add progressive skill disclosure system with SkillAgent (#142)
philmerrell Apr 11, 2026
e150a55
feat: add VoiceAgent with BidiAgent for speech-to-speech interaction …
philmerrell Apr 11, 2026
6f71d3d
feat: add approval hooks for gating dangerous tool operations (#144)
philmerrell Apr 11, 2026
4b22beb
feat: add WebSocket voice route and bidi dependency for VoiceAgent (#…
philmerrell Apr 13, 2026
71d0cb5
feat: WebSocket voice streaming with AgentCore auth support (#155)
philmerrell Apr 13, 2026
9af7915
feat: WebSocket voice streaming with AgentCore auth and protocol conf…
philmerrell Apr 13, 2026
4816b51
fix: include bidi dependency in uv sync commands for Inference API Do…
philmerrell Apr 13, 2026
407c414
fix: improve AgentCore connection detection in voice stream handling …
philmerrell Apr 13, 2026
e7c5702
fix: align voice WebSocket with reference architecture accept-first p…
philmerrell Apr 13, 2026
b082f6a
docs: add Voice Mode to Key Features in README (#160)
philmerrell Apr 14, 2026
29b9623
Add E2E Testing #117 (#171)
ofilson Apr 21, 2026
36bfb37
update tests to verify dependencies
Apr 21, 2026
8019bb8
fix test error
Apr 21, 2026
c2ea1eb
commit new e2e package-lock
Apr 22, 2026
23df835
get right url for e2e tests
Apr 22, 2026
2549b1a
add resilience for delete-failed state
Apr 22, 2026
54da9e7
fix test
Apr 23, 2026
84dd276
make testing subdomain
Apr 23, 2026
b3436f3
remember dynamic cloudfront url and add to callback urls
Apr 23, 2026
d04f808
feat: external MCP connectors via AgentCore Identity (#174)
philmerrell Apr 27, 2026
0968d38
refactor: drop tool catalog sync, make form the only entry point (#176)
philmerrell Apr 27, 2026
aec2ff1
fix: source ToolAccessService catalog from DynamoDB (#177)
philmerrell Apr 27, 2026
90f29b5
update seed bootstrap data and documentation (#178)
philmerrell Apr 27, 2026
2508ce1
fix: grant CreateTokenVault and wire OAuth providers table to app-api…
philmerrell Apr 27, 2026
386fa6e
create cognito accounts in nightly
Apr 27, 2026
07bd4b4
Merge branch 'develop' of https://github.com/Boise-State-Development/…
Apr 27, 2026
f8bf68b
get rid of email username param
Apr 27, 2026
980bbe5
update comments
Apr 27, 2026
ae37cad
refactor: move connector consent flows from inference-api to app-api …
philmerrell Apr 27, 2026
019dd0f
refactor: flip connector frontend call sites to app-api (#181)
philmerrell Apr 27, 2026
ccb6ba6
fix: grant app-api task role permission to delete AgentCore OAuth sec…
philmerrell Apr 27, 2026
c986bdf
fix: look up runtime workload identity via SDK custom resource (#185)
philmerrell Apr 27, 2026
f0123e9
fix: grant app-api task role full AgentCore OAuth secret lifecycle pe…
philmerrell Apr 27, 2026
f708157
Add cloudfront to API CORS
Apr 27, 2026
0d21c60
fix: share an explicit workload identity between inference-api and ap…
philmerrell Apr 27, 2026
056671b
fix: send bare /oauth-complete in connector OAuth2CallbackUrl header …
philmerrell Apr 27, 2026
06d9f73
fix: grant GetSecretValue on AgentCore OAuth provider secrets (#189)
philmerrell Apr 27, 2026
7ae3723
fix: inject OAuth2CallbackUrl env fallback for runtime-stripped heade…
philmerrell Apr 27, 2026
ced624b
chore(deps)(deps): bump the actions-minor-patch group across 1 direct…
dependabot[bot] Apr 28, 2026
41c3788
chore(deps)(deps): bump the python-minor-patch group across 1 directo…
dependabot[bot] Apr 28, 2026
a222dba
feat: route chat turns through agent_type factory (#191)
philmerrell Apr 29, 2026
9bbe193
feat: per-tool MCP approval gate driven by tool catalog (#192)
philmerrell Apr 29, 2026
80d5333
fix e2e test error
Apr 29, 2026
6894152
feat: open ngx-markdown links in new tab (#193)
philmerrell Apr 29, 2026
de72315
fix: gate session metadata creation on GSI lookup (#194)
philmerrell Apr 29, 2026
b5f2f56
feat: Add copy agent response button (#195)
philmerrell Apr 29, 2026
870025f
add seed script to e2e workflow
Apr 29, 2026
1271611
Merge branch 'develop' of https://github.com/Boise-State-Development/…
Apr 29, 2026
bc1ac5f
add CDK_AWS_ACCOUNT as e2e variable.
Apr 29, 2026
558f4d3
feat: Release v1.0.0-beta.23 with voice streaming and multi-agent arc…
colinmxs Apr 29, 2026
7281cd1
Merge branch 'main' into develop (resolve conflicts for beta.23 release)
colinmxs Apr 29, 2026
fceb507
chore: regenerate package-lock.json files for v1.0.0-beta.23
colinmxs Apr 29, 2026
3f9f5f5
chore(deps)(deps): bump the frontend-minor-patch group across 1 direc…
dependabot[bot] Apr 29, 2026
0b26011
chore(deps)(deps-dev): bump @analogjs/vitest-angular (#154)
dependabot[bot] Apr 29, 2026
f4789d2
chore(deps)(deps): bump the aws-cdk group across 1 directory with 2 u…
dependabot[bot] Apr 29, 2026
6c4325b
chore(deps)(deps-dev): bump @analogjs/vite-plugin-angular (#153)
dependabot[bot] Apr 29, 2026
5764775
Merge main into develop, resolve conflicts keeping develop's package …
colinmxs Apr 30, 2026
2f7a2e1
fix: resolve Dependabot security alerts across frontend and backend (…
colinmxs Apr 30, 2026
8d4d3cd
fix: move shared modules out of app_api to complete service decouplin…
colinmxs Apr 30, 2026
4ac4984
add default role to seed
Apr 30, 2026
2d5ff88
Merge branch 'develop' of https://github.com/Boise-State-Development/…
Apr 30, 2026
49795f1
adjust tests for nightly success.
Apr 30, 2026
fc06c69
chore(deps)(deps): bump the angular group across 1 directory with 10 …
dependabot[bot] May 1, 2026
4d2505d
chore(deps)(deps-dev): bump @types/node (#147)
dependabot[bot] May 1, 2026
9223a67
feat(documents): add XLSX-specific chunker for improved tabular data …
DerrickF May 1, 2026
5afa9a5
feat(embeddings): implement batch processing for S3 Vector storage
DerrickF May 1, 2026
b954c22
ci(rag-ingestion): add shared embeddings to workflow path filters
DerrickF May 1, 2026
d1bd3bd
feat(documents): improve XLSX header detection to skip title/banner rows
DerrickF May 1, 2026
04e6e7e
fix(chat): align resume cache key with original turn so paused agent …
philmerrell May 2, 2026
1df0d19
fix(costs): coerce cost_delta to a finite Decimal in summary writers …
philmerrell May 2, 2026
c70b4af
feat: per-model inference parameters with extended thinking (#203)
philmerrell May 2, 2026
59edc58
fix(oauth): let Google refresh path run instead of forcing hourly rec…
philmerrell May 2, 2026
7af2be8
feat(infra): provision BFF token-handler resources (Phase 1) (#212)
philmerrell May 2, 2026
4aec51e
feat(auth): add dormant BFF token-handler backend infra (Phase 2) (#213)
philmerrell May 2, 2026
9c1e024
test(oauth): scrub AGENTCORE_RUNTIME_WORKLOAD_NAME in agentcore-ident…
philmerrell May 2, 2026
73be72c
feat(auth): add BFF Token Handler auth routes (Phase 3) (#215)
philmerrell May 2, 2026
3d92ed3
fix(chat): own httpx client lifecycle so api-converse SSE streams flu…
philmerrell May 2, 2026
cc4ee5c
feat(chat): add BFF chat SSE proxy (Phase 4) (#216)
philmerrell May 2, 2026
93e5d52
feat(auth): add dormant BFF SessionService (Phase 5) (#218)
philmerrell May 2, 2026
6bee091
feat(auth): BFF Token Handler cutover (Phase 6 a/b/c) (#219)
philmerrell May 2, 2026
c185e7b
feat(auth): BFF Token Handler hard cutover (Phase 7) (#221)
philmerrell May 3, 2026
50192b6
fix(infra): unblock dev deploy (cognito URL parsing + CloudFront read…
philmerrell May 3, 2026
bd033c9
fix(ci): always build frontend with Angular production config (#224)
philmerrell May 3, 2026
520c094
fix(test): absorb stray resource() loader request in cost.service.spe…
philmerrell May 3, 2026
b929dcd
fix(auth): bounce logout through Cognito Hosted UI to clear upstream …
philmerrell May 3, 2026
6c65a6d
fix(auth): harden BFF session bootstrap and login flow (#226)
philmerrell May 3, 2026
3f30b18
fix(auth): land anonymous users on SPA /auth/login instead of Cognito…
philmerrell May 3, 2026
9de2ee9
fix(ci): pass CDK_CERTIFICATE_ARN to frontend synth/deploy jobs (#229)
philmerrell May 3, 2026
2269aac
fix(infra): scope SPA fallback to S3 so /api/* 4xx responses pass thr…
philmerrell May 3, 2026
a9dfcad
fix(chat): URL-encode runtime ARN + add qualifier on BFF proxy (#231)
philmerrell May 3, 2026
7c0b2b0
fix(auth): slide BFF session lifetime + harden refresh-token rotation…
philmerrell May 4, 2026
0d799c2
feat(voice): BFF WebSocket-ticket proxy for voice mode (#211) (#233)
philmerrell May 4, 2026
75dc2e1
feat(chat): add per-conversation cost + context-window badge (#223)
philmerrell May 4, 2026
d7fb160
feat(compaction): surface compaction events with refresh-survival (#243)
philmerrell May 4, 2026
6e9c71e
update e2e tests for weekend commits.
May 4, 2026
104d80f
Merge branch 'develop' of https://github.com/Boise-State-Development/…
May 4, 2026
18bd8ca
fix(oauth): always send prompt=consent on Google initiate-consent (#245)
philmerrell May 4, 2026
43e7894
feat(login): frosted-glass card with primary-color blob backdrop (#246)
philmerrell May 5, 2026
5fcf45a
nightly fixes
May 5, 2026
b48c567
Merge branch 'develop' of https://github.com/Boise-State-Development/…
May 5, 2026
33f4b01
account for admin first boot in e2e
May 5, 2026
8d9dfd4
fixing nightly e2e tests
May 5, 2026
574dafc
add some logging to find issue
May 5, 2026
0515ace
chore: update release notes strategy (#248)
colinmxs May 6, 2026
9f22bed
fix: resolve open CodeQL and Dependabot alerts (#247)
colinmxs May 6, 2026
6ac5f37
chore(deps)(deps-dev): bump types-aiofiles in /backend (#242)
dependabot[bot] May 6, 2026
df0675d
Release 1.0.0-beta.24: BFF Token Handler, voice WS-ticket proxy, per-…
colinmxs May 6, 2026
62e6737
feat(auth): lava-lamp parallax backdrop on login + first-boot (#255)
philmerrell May 7, 2026
82fe37c
feat(attachments): rich previews for file attachments in user message…
philmerrell May 7, 2026
f88ce7e
feat(agents): spreadsheet analysis tools for Code Interpreter integra…
DerrickF May 7, 2026
95b5e52
feat(inference-api): add S3 read access for spreadsheet analysis tool
DerrickF May 7, 2026
21903d6
feat(inference-api): expand Code Interpreter IAM permissions and docu…
DerrickF May 7, 2026
65b7dee
feat(session): fix assistant persistence across message turns and ses…
DerrickF May 8, 2026
3291bd7
feat(session): fix assistant persistence by storing in preferences an…
DerrickF May 8, 2026
d89acb4
feat(agents): add guidance for handling disabled tools in system prompt
DerrickF May 8, 2026
1756a22
feat(attachments): render markdown previews and modal viewer for .md …
philmerrell May 8, 2026
e2687b6
feat(attachments): server-rendered PDF page-1 thumbnails (#263)
philmerrell May 8, 2026
0ab90bb
feat(spreadsheet-analysis): improve file handling and error guidance …
DerrickF May 8, 2026
55bae89
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 8, 2026
bd6a4bc
Merge remote-tracking branch 'origin/main' into develop
colinmxs May 8, 2026
dbeb6cb
Fix/bff middleware event loop blocking (#264)
colinmxs May 9, 2026
fa82000
chore(deps): upgrade strands-agents to 1.39.0 (#265)
philmerrell May 9, 2026
7b238db
fix(token-accounting): correct per-message cost and context-window se…
philmerrell May 9, 2026
38a63d8
fix(auth): make lava-lamp backdrop dark-mode aware on login & first-b…
philmerrell May 9, 2026
14352ba
feat(auth): add SKIP_AUTH=true local-dev bypass with allowlist guard …
philmerrell May 9, 2026
3229872
fix(bff): cross-task cookie-codec & refresh-lock correctness (#273)
philmerrell May 9, 2026
00fc1c0
fix(bff): replace KMS-wrap data-key bootstrap with Secrets-Manager-ge…
philmerrell May 10, 2026
74141e9
fix(bff): tighten cross-task refresh-lock release + absolute-lifetime…
philmerrell May 10, 2026
1015bb8
feat(auth): centralize 401 redirect + proactive session detection (#277)
philmerrell May 10, 2026
d900f9f
chore(kaizen): scaffold kaizen-research + kaizen-review-prep skills +…
philmerrell May 10, 2026
4521dfc
chore(kaizen): add FastMCP source + security posture lens + library-n…
philmerrell May 10, 2026
bb83d4b
chore(kaizen): scope refinement — remove security lens, add Agentic U…
philmerrell May 11, 2026
0887add
chore(kaizen): add capability-unlock lens + AgentCore BYO filesystem …
philmerrell May 11, 2026
74bfe2f
Release/v1.0.0 beta.25 (#282) (#286)
colinmxs May 12, 2026
ff9a1f2
feat(spreadsheet-analysis): add multi-sheet XLSX support with defensi…
DerrickF May 12, 2026
5f849e1
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 12, 2026
155069c
docs(env): update BFF cookie encryption architecture documentation
DerrickF May 12, 2026
7b86eed
test(spreadsheet-analysis): add comprehensive unit test suite
DerrickF May 12, 2026
745bd84
Fix e2e testing in nightly (#290)
ofilson May 12, 2026
70e8705
feat(spreadsheet-analysis): convert sync file operations to async
DerrickF May 13, 2026
f81f361
Merge branch 'develop' of https://github.com/Boise-State-Development/…
DerrickF May 13, 2026
b246576
feat(chat): apply user default model preference at chat time
DerrickF May 13, 2026
5eedd92
chore: restrict contributions and disable Dependabot version-update P…
colinmxs May 13, 2026
aaf30d6
release: v1.0.0-beta.26
colinmxs May 13, 2026
68e31ec
Merge branch 'main' into release/v1.0.0-beta.26
colinmxs May 13, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
version: 2
# Version-update PRs are disabled across all ecosystems
# (open-pull-requests-limit: 0). We handle dependency upgrades manually on a
# weekly cadence. Security updates are unaffected and will still be raised by
# Dependabot when a CVE is published against a dependency.
updates:
# ── Python backend ──
- package-ecosystem: "pip"
Expand All @@ -9,7 +13,7 @@ updates:
day: "monday"
time: "09:00"
timezone: "America/Boise"
open-pull-requests-limit: 10
open-pull-requests-limit: 0
versioning-strategy: "increase-if-necessary"
commit-message:
prefix: "chore(deps)"
Expand All @@ -33,7 +37,7 @@ updates:
day: "monday"
time: "09:00"
timezone: "America/Boise"
open-pull-requests-limit: 10
open-pull-requests-limit: 0
versioning-strategy: "increase-if-necessary"
commit-message:
prefix: "chore(deps)"
Expand All @@ -58,7 +62,7 @@ updates:
day: "monday"
time: "09:00"
timezone: "America/Boise"
open-pull-requests-limit: 5
open-pull-requests-limit: 0
versioning-strategy: "increase-if-necessary"
commit-message:
prefix: "chore(deps)"
Expand All @@ -83,7 +87,7 @@ updates:
day: "monday"
time: "09:00"
timezone: "America/Boise"
open-pull-requests-limit: 5
open-pull-requests-limit: 0
commit-message:
prefix: "chore(deps)"
include: "scope"
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/nightly-deploy-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,7 @@ jobs:
CDK_VPC_CIDR: ${{ vars.CDK_VPC_CIDR }}
CDK_DOMAIN_NAME: ""
CDK_HOSTED_ZONE_DOMAIN: ""
CDK_CERTIFICATE_ARN: ${{ vars.CDK_CERTIFICATE_ARN }}
CDK_FRONTEND_CERTIFICATE_ARN: ""
CDK_FRONTEND_BUCKET_NAME: ""
CDK_FRONTEND_CLOUDFRONT_PRICE_CLASS: ""
Expand Down
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -126,3 +126,11 @@ coverage/

# Local dev scripts
start.sh
refresh-aws-sso.ps1
start.ps1
test-api-key.py
.kiro/steering/github.md
backend/start_app_api.ps1
backend/start_inference_api.ps1
scripts/stack-bootstrap/install.sh
test-accounts
40 changes: 40 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,46 @@ All notable changes to this project are documented in this file. Format follows

For narrative release notes written for operators and product owners, see [RELEASE_NOTES.md](RELEASE_NOTES.md).

## [1.0.0-beta.26] - 2026-05-13

Small focused release. Multi-sheet XLSX support for the spreadsheet analysis tool, async refactor of the spreadsheet file-lookup path, user default model preference applied at chat time, nightly E2E pipeline restored, and upstream contribution governance (PRs restricted to collaborators, Dependabot version-update PRs disabled).

### 🚀 Added

- Multi-sheet XLSX support in the `analyze_spreadsheet` tool. Each sheet converts to its own deterministic CSV (`stem.sheetname.csv`) with a primary alias (`stem.csv`) for the first sheet. Defensive caps via env vars `MAX_SHEETS_TO_CONVERT` and `MAX_ROWS_PER_SHEET` prevent latency blowout and context-window exhaustion on pathological workbooks. Skipped/truncated sheets are surfaced to the model with markdown footers documenting per-sheet conversion status
- `_sanitize_sheet_name()` produces filesystem-safe deterministic CSV filenames; `_parse_sheet_inventory()` extracts structured sheet metadata from bootstrap stdout without `eval`-style evaluation; `_safe_int()` for defensive integer parsing; `_format_sheet_note()` for the per-call markdown footer

### ✨ Improved

- `analyze_spreadsheet`, `list_spreadsheets`, `_find_file`, `_get_kb_files`, and `_get_session_files` are now `async def`. Every DynamoDB call is offloaded via `asyncio.to_thread` so the event loop keeps scheduling other coroutines for the full round-trip duration
- `inference_api/chat/routes.py::_build_tabular_inventory` is now `async` and awaits the file-operation calls directly, replacing the nested `asyncio.run` + thread pool executor pattern that could deadlock under concurrent chat load. Closes the regression introduced in #260
- `analyze_tool` code generation stashes the filename as a `_FNAME` variable inside the generated snippet to prevent f-string interpolation conflicts when filenames contain quotes or special characters (`repr()` indirection in `_build_preview_code`)
- `_clean_stderr` now respects the `MAX_ERROR_CHARS` budget strictly, accounting for ellipsis length

### 🐛 Fixed

- User-saved default model preference (`defaultModelId` in user settings) is now applied at chat time when the request doesn't specify a `model_id`. Previously the persisted preference was silently ignored and chat fell back to the hardcoded factory default. RBAC is re-checked on the resolved default to prevent access to permissions that have since been revoked. A missing user-settings table now surfaces as `503` instead of silently dropping the user choice. Fixes #161
- Nightly E2E pipeline failures from cookie/JWT validation against the dynamic CloudFront URL, missing CDK certificate ARN in the nightly job, agent test timeouts on multi-tool turns, and cross-region Bedrock model routing flakes (switched the suite from global to US-region model IDs) (#290)

### 📚 Docs

- `backend/src/.env.example` — BFF cookie encryption documentation updated to reflect the beta.25 shift from direct KMS cookie encryption to Secrets Manager-mediated approach. Documents the new `BFF_COOKIE_DATA_KEY_SECRET_ARN` variable, the SHA-256 cross-task derivation, and the SSM parameter path with example ARN format

### 🔧 CI/CD

- Nightly E2E pipeline restored after multi-attempt fix (#290): CloudFront URL handling, CDK certificate ARN wiring, agent test timeout bumps, US-region Bedrock model IDs, rebase on develop to pick up #248

### 🛡️ Governance

- **CONTRIBUTING.md** documents that pull requests are restricted to approved collaborators (GitHub "Collaborators only" setting). Issues remain open to everyone; maintainers triage and either implement upstream or coordinate next steps with the reporter. Adds collaborator checklist (link tracking issue, single logical change per PR, DCO sign-off, green CI, respect backend import boundaries enforced by `backend/tests/architecture/test_import_boundaries.py`) (#293)
- **`.github/dependabot.yml`** — `open-pull-requests-limit: 0` across all four ecosystems (pip, frontend npm, infrastructure npm, github-actions). Disables scheduled version-update PRs; security updates are unaffected and will still be raised when a CVE is published. Existing groups, labels, schedules retained for easy reversal (#293)

### 🧪 Test Coverage

- `backend/tests/agents/builtin_tools/spreadsheet_analysis/` — 2,800+ lines of new tests across 8 files. Notable: `test_analyze_tool_integration.py` (779 lines, multi-sheet XLSX + CSV workflows end-to-end), `test_sheet_inventory.py` (307 lines, parser robustness against malformed bootstrap output), `test_clean_stderr.py` (202 lines, strict error-char budget), `test_build_preview_code.py` (127 lines, filename escaping), plus `test_helpers.py`, `test_find_file.py`, `test_list_spreadsheets.py`, `test_strip_first_row.py`
- `frontend/ai.client/src/app/session/services/model/model.service.spec.ts` (56 lines) — default-model resolution flow
- `frontend/ai.client/src/app/settings/pages/chat-preferences/chat-preferences-settings.page.spec.ts` (101 lines) — Chat Preferences settings UI

## [1.0.0-beta.25] - 2026-05-11

Production-readiness fix for the BFF Token Handler shipped in beta.24. Fixes three production-breaking bugs introduced by beta.24: event-loop-blocking sync boto3 on every cookie-bearing request, per-process AES-256 keys that can't round-trip cookies across ECS tasks, and an in-process-only refresh lock that races Cognito rotation across replicas. Also ships PDF thumbnails, rich attachment previews, spreadsheet analysis tools, centralized 401 handling, and a `SKIP_AUTH` local-dev bypass.
Expand Down
34 changes: 34 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,39 @@
# Contributing to AgentCore Public Stack

## Contribution Policy

AgentCore Public Stack is maintained by Boise State University as a reference
implementation for academic and public-sector AgentCore deployments. It is
source-available under the PolyForm Noncommercial License 1.0.0 (see
[`LICENSE`](./LICENSE)).

### Pull requests are restricted to approved collaborators

To keep the reference architecture coherent and to let downstream deployments
stay in sync with a single, well-known upstream, this repository uses GitHub's
**"Collaborators only"** pull request setting. Only users with Write access or
higher can open a pull request.

### Reporting issues and proposing changes

If you are deploying this stack and find a bug, regression, or documentation
gap, please open a GitHub issue — issues are open to everyone. A maintainer
will triage the report, and if the change belongs upstream we will either
implement it or coordinate with the reporter on next steps.

### For collaborators

- Link the tracking issue in the PR description so changes stay discoverable.
- Keep each PR focused on a single logical change.
- Sign off your commits with `git commit -s` (Developer Certificate of Origin).
- Make sure CI is green before requesting review.
- Respect the backend import boundaries enforced by
`backend/tests/architecture/test_import_boundaries.py` — `app_api`,
`inference_api`, and `agents/` are independent consumers of `apis.shared`
and must not import from each other.

---

## Prerequisites

- **Node.js** 20+ (for frontend and infrastructure)
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
**An open-source, production-ready Generative AI platform for institutions**
*Built by Boise State University, designed for everyone.*

[![Release](https://img.shields.io/badge/Release-v1.0.0--beta.25-6366f1?style=flat&logo=github&logoColor=white)](RELEASE_NOTES.md)
[![Release](https://img.shields.io/badge/Release-v1.0.0--beta.26-6366f1?style=flat&logo=github&logoColor=white)](RELEASE_NOTES.md)
[![Nightly](https://github.com/Boise-State-Development/agentcore-public-stack/actions/workflows/nightly.yml/badge.svg)](https://github.com/Boise-State-Development/agentcore-public-stack/actions/workflows/nightly.yml)

![Python](https://img.shields.io/badge/Python-3.13+-3776AB?style=flat&logo=python&logoColor=white)
Expand Down Expand Up @@ -260,7 +260,7 @@ agentcore-public-stack/

See [RELEASE_NOTES.md](RELEASE_NOTES.md) for the full changelog, including new features, bug fixes, platform upgrades, and deployment notes for each release.

**Current release:** v1.0.0-beta.25
**Current release:** v1.0.0-beta.26

---

Expand Down
Loading
Loading