Integration mirror: dev 0.15.4 PR stack#7
Open
pascalandr wants to merge 144 commits into
Open
Conversation
Add the LLM provider credential kind/opencode auth storage contract, migration, and passive credential redaction/flags needed by follow-up provider credential and worker sync PRs.
Add Den API create/update/read/import handling for API-key versus OpenCode OAuth provider credentials on top of the credential contract base.
Include organization context variables in worker route typing so managed provider sync typechecks without changing runtime behavior.
Add Den API OpenAI OAuth device-flow routes/tests and Den Web provider UI for OAuth-backed provider credentials on top of the credential handling stack.
Add the LLM provider credential kind/opencode auth storage contract, migration, and passive credential redaction/flags needed by follow-up provider credential and worker sync PRs.
Add Den API create/update/read/import handling for API-key versus OpenCode OAuth provider credentials on top of the credential contract base.
Allow desktop cloud-provider import to consume OpenCode OAuth-backed organization providers from the Den credential import endpoint.
Translate Den catalog model metadata through an explicit OpenCode-compatible allowlist before writing managed provider runtime config. Preserve boolean experimental values while dropping incompatible catalog metadata covered by focused regression tests.
Filter Den-managed provider-list responses to configured model IDs so OAuth providers keep native auth IDs without exposing the full OpenCode catalog. Adds focused regression coverage for OpenAI OAuth and NVIDIA API-key managed providers.
Apply only product code from the mixed integration commit for the managed provider sync PR branch, excluding workflow and evidence artifacts.
Add Den API OpenAI OAuth device-flow routes/tests and Den Web provider UI for OAuth-backed provider credentials on top of the credential handling stack.
Route Den-backed remote workspaces through the managed-provider sync endpoint for background sync and manual Cloud Provider import. Add focused client coverage for successful and sanitized failure paths.
Apply the cloud managed model allowlist to session and compact model picker options, refresh provider-list queries after managed-provider sync, and add focused regression coverage for stale OpenAI catalog filtering.
Merge upstream/dev into pr/credential-contract-managed-sync and resolve managed-provider sync route plus Den DB migration numbering conflicts.
Merge upstream/dev into pr/managed-desktop-bootstrap and resolve managed desktop bootstrap conflicts.
…-0.15.4 # Conflicts: # ee/apps/den-api/src/env.ts
…ync' into dev-0.15.4 # Conflicts: # ee/apps/den-api/src/routes/workers/shared.ts
… dev-0.15.4 # Conflicts: # ee/apps/den-api/src/orgs.ts # ee/apps/den-api/src/routes/auth/desktop-handoff.ts # ee/apps/den-api/src/routes/org/llm-providers.ts
…iders' into dev-0.15.4 # Conflicts: # apps/app/src/app/lib/den.ts # apps/app/src/app/lib/desktop-types.ts # apps/app/src/app/lib/workspace-endpoint.ts # apps/app/src/react-app/shell/settings-route.tsx # ee/apps/den-api/src/routes/org/llm-providers.ts # ee/apps/den-api/test/llm-providers-oauth.test.ts # ee/apps/den-web/app/(den)/dashboard/_components/llm-provider-editor-screen.tsx
Remove the integration-only host-token fallback from requireClient so normal client routes cannot accept host tokens as bearer substitutes.
# Conflicts: # ee/apps/den-api/src/env.ts # ee/apps/den-api/src/routes/org/llm-providers.ts # ee/apps/den-api/src/routes/workers/shared.ts
Validate managed provider runtime id uniqueness before mutating config or auth state so rollback snapshots cannot be overwritten by duplicate payload entries. Adds a regression proving duplicate ids fail without touching existing auth.
Keep non-destructive workspace persistence while returning only current-Den-compatible entries to runtime consumers. Adds regressions for hidden persisted workspaces and compatible runtime edits.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Add an explicit array guard around provider-list model filtering and cover array-shaped provider model lists so managed allowlists do not collapse them through numeric Object.entries keys.
Filter array-shaped provider-list models by Den managed-provider allowlists while preserving array shape. Adds regression coverage so allowed model ids remain visible and disallowed ids are removed.
Ensure placeholder invitation creation is not treated as a member-added lifecycle event while placeholder claim on acceptance still emits the post-member-change hook with regression coverage.
Preserve remote OpenWork client/Den metadata across server config rebuilds while redacting host tokens from client-scoped workspace responses.
Restore pending invitation member access rows in LLM provider responses by left-joining users and preserving invitation email fallback.
Add removedAt filters to active organization, Entra auto-join, and plugin grant target member lookups so stale removed rows cannot regain access.
Keep HTTPS static worker fetches on their certificate hostname and restrict Electron main-process fetches to configured remote workspace origins.
Replace wildcard worker CORS defaults with local-safe origins and require an encoded static Den DATABASE_URL to support special-character MySQL passwords.
…iders' into HEAD # Conflicts: # ee/apps/den-api/src/routes/org/llm-providers.ts
…' into HEAD # Conflicts: # apps/desktop/electron/main.mjs # apps/desktop/electron/remote-workspace.mjs # apps/desktop/electron/remote-workspace.test.mjs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This is an internal integration mirror PR for pre-review of the Pagecran PR stack before/alongside the smaller source PRs against different-ai:dev.
This PR is not intended to replace the individual upstream PRs. The source of truth remains the smaller stacked PRs targeting different-ai/openwork:dev.
Source PR stack
Integrated for cross-PR review:
Explicitly deferred from this mirror branch:
Those two are independently mergeable but create broad semantic conflicts when combined with the newer stack and should be handled separately if needed.
Validation already run
Known external gates
omadworks_validate still fails on pre-existing CodeMap/workflow hygiene issues.
Review intent
Use this PR for Greptile/Cubic/global integration review. If issues are found, fixes should be applied back to the relevant source PR branches, then this mirror branch should be rebuilt.