chore(deps): bump the production-deps group in /frontend with 7 updates#16
Closed
dependabot[bot] wants to merge 1257 commits into
Closed
chore(deps): bump the production-deps group in /frontend with 7 updates#16dependabot[bot] wants to merge 1257 commits into
dependabot[bot] wants to merge 1257 commits into
Conversation
Create ai_mission_templates with JSONB phases, approval_gates, rejection_mappings, skill_compositions columns. Add mission_template_id and custom_phases to ai_missions.
…solution Ai::MissionTemplate provides phase sequences, approval gates, rejection mappings, and gate names. Ai::Mission resolves phases from template with no hardcoded fallback. RalphTask broadcasts status changes via MissionChannel for real-time updates.
Orchestrator resolves job classes, gate names, and rejection targets from template phase config. New SkillCompositionService creates RalphLoop tasks from discovered skills matched to template phases.
…oints MissionTemplatesController with CRUD. Missions controller gains task_graph, save_as_template, and compose_plan actions. Routes registered in AI namespace.
…ase types Add React Flow task graph with RalphTaskNode/ApprovalGateNode, useMissionTaskGraph hook with real-time WebSocket updates. Clickable PhaseTimeline with phase filtering. Template selection step in NewMissionWizard. MissionPhase changed to string for template-driven phases. Workflow Builder demoted in navigation order.
…ites Add ai_mission_template factory with development/research/operations traits. Update ai_mission factory to auto-assign templates. Rewrite mission model and orchestrator specs for template-driven architecture. Stub WorkerJobService in orchestrator and request specs.
… integration Implement Situation-Task-Action-Result structured reasoning service that forces explicit goal articulation before reasoning begins, surfacing implicit constraints. Wire into AgentToolBridgeService alongside existing chain-of-thought and plan-and-execute modes. Enhance SkillCompositionService with STAR-refined phase queries for richer skill discovery. Fix pre-existing bugs in find_or_create_ralph_loop! (stale loop_type attribute, invalid status).
…composition specs
MCP client agents are now transient — always created fresh per session, archived on disconnect, and blocked from non-workspace teams. Fixes stale agent accumulation and prevents misuse in missions/teams.
SSE streams held a checked-out DB connection for their entire lifetime (hours/days), exhausting the pool and blocking all HTTP requests with ConnectionTimeoutError. Now releases the connection after setup and borrows briefly via with_connection for each keepalive ping.
Merge the separate Devops::Repository model into Devops::GitRepository via 4-stage migration (add columns, migrate data, update FKs, drop table). Update serializer, controllers, factories, and specs accordingly.
…lients Delete Ai::Llm::Client, adapter factory, all provider adapters, and Ai::ProviderClientService with its adapters. Replace with WorkerLlmClient and WorkerEmbeddingClient that proxy LLM calls through the worker service. Add AgentBackedService concern for shared proxy plumbing.
Migrate all AI services from direct Ai::Llm::Client / ProviderClientService calls to WorkerLlmClient and WorkerEmbeddingClient. Services now delegate LLM completions and embeddings to the worker process via HTTP.
…Service Delete all server/app/jobs/ai/ job classes and their specs. These jobs now run in the worker process; the server dispatches them via WorkerJobService HTTP API calls.
Add internal API controllers for self-healing, ralph loops, trajectory, and worktree sessions (worker → server callbacks). Update LLM proxy controller to remove direct completion endpoints. Add provider_config and embedding_config routes for worker credential resolution.
Add 12 AI job classes relocated from server (conversation, worktree, ralph, self-healing, trajectory, merge, conflict detection). Expand LlmProxyClient with direct provider calls using CredentialResolver. Add AI service layer for worker-side LLM operations. Update Sidekiq config with AI-specific queues and scheduled jobs.
Update test helpers, factories, and specs to use WorkerLlmClient stubs instead of direct LLM client mocks. Add WorkerJobService stub helpers. Update AI service specs for proxy-based LLM calls. Add MCP client identity service spec.
…se submodule Minor StepPlanReview UI adjustment, add AI utility agents seed, update maintenance page, and update enterprise submodule pointer.
Use the repository's default_branch instead of the hardcoded column default of "main" when creating missions. Prevents branch creation failures on repos that use master or other default branches.
Add server/config/database.yml.example with pool default of 30. Track .env.mcp.example, .env.production.example, and .env.staging.example by adding !.env.*.example negation to .gitignore. Update RAILS_MAX_THREADS to 10 in all env examples.
…r handling ExtractionService called client.provider.name on WorkerLlmClient which has nil provider when initialized with agent_id only — use provider_name safe accessor instead. StreamableHttpController rescue ArgumentError was catching parameter validation errors and silently returning null via introspection fallback — scope to only catch unknown tool errors.
…alidation Expand .gitleaks.toml allowlist from 12 to 21 path rules and 9 to 18 content regexes to suppress false positives from CI workflows, test fixtures, seed data, and Docker configs. Add gitleaks as step 4/4 in validate.sh with --skip-secrets flag. Add on-demand full-history scan script for security audits across main repo and submodules.
Navigate to mission page with openApproval state flag so the ApprovalGateModal auto-opens instead of just showing the mission detail
…io-scoped credentials Add enqueue_trading_training_session to WorkerJobService for immediate session dispatch. Update schema to reflect venue credentials scoped to portfolio instead of account.
…quest interceptor Lazy-load PortfolioSwitcherWrapper from trading extension into the Header when on trading routes. Add addRequestInterceptor to APIClient for extension-driven request modification (portfolio ID injection).
…odule Skip cooldown check in llm_probability, agent_ensemble, and sentiment_analysis when training? is true. Prevents false cooldown blocks in fast-tick training mode where tick_interval (8s) < cooldown_seconds (15-60s). Exit checks and position management remain unaffected. Update trading submodule: settlement bypass, fee deduction, compounding defaults, backtest pair registration, paper mode, category blacklist fix.
…cher, and job infrastructure
…te systemd config
… extraction, and evaluator concerns
…chain, and system ops
…, supply chain, reconciliation
Bumps the production-deps group in /frontend with 7 updates: | Package | From | To | | --- | --- | --- | | [@types/dagre](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dagre) | `0.7.53` | `0.7.54` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.13.6` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.3.3` | | [@types/dompurify](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dompurify) | `3.0.5` | `3.2.0` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.539.0` | `0.577.0` | | [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.13.0` | `7.13.1` | | [recharts](https://github.com/recharts/recharts) | `3.7.0` | `3.8.0` | Updates `@types/dagre` from 0.7.53 to 0.7.54 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dagre) Updates `axios` from 1.13.5 to 1.13.6 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.13.6) Updates `dompurify` from 3.3.1 to 3.3.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.3.1...3.3.3) Updates `@types/dompurify` from 3.0.5 to 3.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dompurify) Updates `lucide-react` from 0.539.0 to 0.577.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react) Updates `react-router-dom` from 7.13.0 to 7.13.1 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.1/packages/react-router-dom) Updates `recharts` from 3.7.0 to 3.8.0 - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](recharts/recharts@v3.7.0...v3.8.0) --- updated-dependencies: - dependency-name: "@types/dagre" dependency-version: 0.7.54 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-deps - dependency-name: axios dependency-version: 1.13.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-deps - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-deps - dependency-name: "@types/dompurify" dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-deps - dependency-name: lucide-react dependency-version: 0.577.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-deps - dependency-name: react-router-dom dependency-version: 7.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-deps - dependency-name: recharts dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-deps ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
rett
deleted the
dependabot/npm_and_yarn/frontend/production-deps-237d9b0e0a
branch
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
rett
added a commit
that referenced
this pull request
May 9, 2026
… plan Bumps the system extension pointer from 1eefe41a7 → 5de5d61ca, absorbing 13 submodule commits that land Phases 0–2 of the agent stub implementation plan plus the github.com/nodealchemy org migration: Phase 0 — Shared infrastructure: refactor(agent): consolidate atomic-write into internal/fsutil feat(agent): phase 0 building blocks for stub implementation plan feat(system/server): agent fleet events ingestion endpoint Phase 1 — Service-loop core (autonomous reconciliation + cert rotation + task lease): feat(agent): rewrite oci.Puller for HTTP-driven streaming pull feat(agent): add Verifier interface + seccomp drop-in writer feat(agent): module reconciler goroutine + service wiring feat(agent): cert rotation goroutine + K3s applier doc finalize feat(system/server): /enroll/refresh + modules OCI metadata exposure feat(agent): task lease loop + handler registry feat(system/server): /status/tasks/:id show endpoint Phase 2 — Operator CLI module lifecycle: feat(agent): phase 2 CLI module lifecycle (verify/update/sync/attach/detach/init) feat(system/server): /modules/:id/rsync_spec + module member routes Path migration: chore: rename Go module + docs paths to github.com/nodealchemy Stubs landed: 13 of 18 (#2 task lease, #3 cert rotation, #4 reconcile, #5 verify, #6 update, #7 sync, #8 OCI pull, #9 cosign Verifier, #10 seccomp drop-in, #11 attach, #12 detach, #15 init, #18 K3s finalize). Stubs remaining: #1 boot, #13 commit, #14 exec, #16 volume-setup, #17 puppet apply (all in Phase 3 + 4). Plan reference: ~/.claude/plans/find-stubs-in-powernde-agent-kind-lecun.md
rett
added a commit
that referenced
this pull request
May 9, 2026
Bumps the system extension pointer to absorb Phase 3 of the agent
stub implementation plan:
feat(agent): phase 3 boot orchestration + high-risk CLI
(boot/exec/volume-setup)
Stubs landed: #1 boot, #14 exec, #16 volume-setup. The agent now
has all three high-risk operator commands wired with hardened
defaults — privilege drop on exec, multi-layer safety guards on
volume-setup, claim-pending poll on boot.
16 of 18 stubs landed. Remaining (Phase 4): #13 commit (capture
upper-dir delta as new module version with secret-scan), #17
puppet apply (manifest cosign-verify + change-count caps).
Plan reference: ~/.claude/plans/find-stubs-in-powernde-agent-kind-lecun.md
rett
added a commit
that referenced
this pull request
May 20, 2026
…cme DNS-resolver fix
Two related fixes for the ops single-node bootstrap path:
1) Rsync exclude additions (single-node-bootstrap.md):
- config/extensions_state.json — dev tree disables `trading` only;
ops/prod must also disable `business` (gotcha #5 NameError on
InstallWorkflow during eager_load). Overwriting from dev wipes the
prod-side choice. Documented as gotcha #16.
- frontend/.proxy-config-cache.json — host allowlists are per-env.
2) System submodule bumps to dc10401 — adds env-controlled DNS resolver
overrides (POWERNODE_ACME_DNS_RESOLVERS, POWERNODE_ACME_DISABLE_PROPAGATION_CHECK)
in powernode-acme so split-brain hosts (e.g. ops with opnsense
internal + Cloudflare public for ipnode.net) can point lego at a
public resolver for the propagation precheck without touching
/etc/resolv.conf. Verified end-to-end against LE-staging on ops:
cert issued in 15.9s with resolv.conf on the systemd stub and only
the env var in place.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the production-deps group in /frontend with 7 updates:
0.7.530.7.541.13.51.13.63.3.13.3.33.0.53.2.00.539.00.577.07.13.07.13.13.7.03.8.0Updates
@types/dagrefrom 0.7.53 to 0.7.54Commits
Updates
axiosfrom 1.13.5 to 1.13.6Release notes
Sourced from axios's releases.
Commits
7108c88chore(release): prepare release 1.13.6 (#7446)20a0ba3refactor(deps): migrate@rollup/plugin-babelfrom v5.3.1 to v6.1.0 (#7424)885b4affeat: support react native blob objects (#5764)00d97b9docs(utils): add missing JSDoc comments (#7427)9712548chore(deps-dev): bump the development_dependencies group across 1 directory w...d51accbfix(core): copy status from source error in AxiosError.from (#7403)3e30bbfchore: fix publish to only run on v1 tags672491dfix: safe FormData detection for WeChat Mini Program (#7306) (#7324)822e3e4fix: make AxiosError.message property enumerable (#7392)ef3711dfeat: implement prettier and fix all issues (#7385)Updates
dompurifyfrom 3.3.1 to 3.3.3Release notes
Sourced from dompurify's releases.
Commits
8bcbf73chore: Preparing 3.3.3 release5faddd6fix: engine requirement (#1210)0f91e3aUpdate README.mdd5ff1a8Merge branch 'main' of github.com:cure53/DOMPurifyc3efd48fix: moved back from jsdom 28 to jsdom 20988b888fix: moved back from jsdom 28 to jsdom 202726c74chore: Preparing 3.3.2 release6202c7ebuild(deps): bump@tootallnate/onceand jsdom (#1204)302b51dfix: Expanded the regex ever so slightly to also cover scriptcd85175Merge branch 'main' of github.com:cure53/DOMPurifyUpdates
@types/dompurifyfrom 3.0.5 to 3.2.0Commits
Updates
lucide-reactfrom 0.539.0 to 0.577.0Release notes
Sourced from lucide-react's releases.
... (truncated)
Commits
f6c0d06chore(deps): bump rollup from 4.53.3 to 4.59.0 (#4106)67c0485feat(scripts): added helper script to automatically update OpenCollective bac...b6ed43dfeat(packages): Added aria-hidden fallback for decorative icons to all packag...076e0bbchore(dependencies): Update dependencies (#3809)80d6f73fix(icons): Rename fingerprint icon to fingerprint-pattern (#3767)1cfb3ffchore(deps-dev): bump vite from 6.3.5 to 6.3.6 (#3611)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lucide-react since your current version.
Updates
react-router-domfrom 7.13.0 to 7.13.1Changelog
Sourced from react-router-dom's changelog.
Commits
aa3f078chore: Update version for release (#14829)3207a5cchore: Update version for release (pre) (#14814)Updates
rechartsfrom 3.7.0 to 3.8.0Release notes
Sourced from recharts's releases.
... (truncated)
Commits
a1044dbchore(deps-dev): bump the storybook group across 1 directory with 7 updates (...2001a72chore(deps-dev): bump@types/nodefrom 24.11.0 to 24.12.0 (#7102)0ce01f0chore(deps-dev): bump eslint-plugin-storybook from 9.1.19 to 9.1.20 (#7103)0e0542f[Docs] fix(HighlightAndZoomLineChart): improve zoom area validation and add c...609ca4f[Docs] New router, add links to hooks (#7099)d33f529chore(deps-dev): bump marked from 17.0.3 to 17.0.4 (#7098)1c71ab6chore(deps): bump es-toolkit from 1.45.0 to 1.45.1 (#7087)907bab2chore(deps-dev): bump terser-webpack-plugin from 5.3.16 to 5.3.17 (#7088)c527fb2chore(deps-dev): bump webpack from 5.105.3 to 5.105.4 (#7089)473d55cNew feature - typed charts helper (#7071)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions