Skip to content

feat(cli): add shared integration auth foundation for integrations logins#829

Open
BrhKmr23 wants to merge 79 commits into
mainfrom
feat/cli-integrations-foundation
Open

feat(cli): add shared integration auth foundation for integrations logins#829
BrhKmr23 wants to merge 79 commits into
mainfrom
feat/cli-integrations-foundation

Conversation

@BrhKmr23

@BrhKmr23 BrhKmr23 commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds the shared CLI foundation needed to split provider auth work into smaller
follow-up PRs.

This PR intentionally does not add any user-facing provider login flows.

Changes

  • Add keyring as a context-engine dependency.
  • Add generic secure secret helpers for storing/loading/deleting CLI secrets
    through the system keychain.
  • Add generic integration metadata helpers under credentials.json.
  • Refactor existing credential writes through a shared _write_payload helper.
  • Add an empty potpie auth command shell with provider registration support.
  • Add focused unit tests for credential metadata, keyring helper behavior, and
    auth command wiring.

Not Included

  • Potpie CLI login.
  • GitHub authentication.
  • Linear OAuth.
  • Jira or Confluence auth/read commands.
  • Frontend changes.

Verification

  • uv run pytest tests/unit/test_credentials_store.py tests/unit/ test_auth_commands.py
  • uv run ruff check adapters/inbound/cli/credentials_store.py adapters/inbound/ cli/auth_commands.py tests/unit/test_credentials_store.py tests/unit/ test_auth_commands.py
  • git diff --check

nndn and others added 30 commits March 24, 2026 11:38
- Add context graph module: PR fetch, episode formatters, Graphiti client with
  thread-local drivers and async-safe search/add_episode paths
- Stamp Entity nodes with deterministic entity_key; bridge FILE/NODE to PR/decisions
- Postgres: context_sync_state, ingestion log with bridge metrics; Alembic migrations
- Celery: context-graph-etl queue, backfill after parse, webhook ingest on merge
- Agent tools: get_project_context, get_change_history, get_file_owner, get_decisions
- QnA: prefetch get_project_context; optional selective sync API wiring
- Fix streaming history buffer duplicating tool_calls (O(n²) growth → Postgres OOM)
- Scripts: bridge diagnostics, local docker data reset; start.sh queue flags

Made-with: Cursor
…ontext tooling

Improve PR context ingestion/linkage by persisting richer PR metadata, commit details, and file-level patch excerpts; add robust change-history fallbacks and expose new PR diff/review queries through HTTP, MCP, and agent tools. Also include post-reingest evaluation reports for PR #694 verification.

Made-with: Cursor
Fixes HIGH severity vulnerabilities:
- authlib: 1.6.9 (CVE-2026-28802, CVE-2026-28490, CVE-2026-28498) https://github.com/potpie-ai/potpie/security/dependabot/81
- black: 26.3.1 (CVE-2026-32274)

Note: langchain-core>=1.2.11 was already present as an explicit dependency because the code directly imports from langchain_core.tools (used extensively across the codebase for StructuredTool). This also addresses the LOW severity CVE-2026-26013 for langchain-core.
…ration

Wire HybridGraphIntelligenceProvider and ContextResolutionService in the
context-engine container. Add resolve-context HTTP/MCP paths, Neo4j query
extensions, and unit tests. Integrate prefetch bundle rendering and QnA
agent behavior with get_pot_context; fix router enforce_pot_access checks.

Made-with: Cursor
Exclude conversation upload/vision changes; includes context-engine wiring/task updates, integration module refactor/removals, and related tests/docs/migrations.

Made-with: Cursor
* Integration details stored in DB, After successful OAuth redirects back to success page in app and it syncs linear well

* check_existing_linear_integration: scoped to the calling user + active integrations only.
# Conflicts:
#	.env.template
#	.gitignore
#	app/modules/intelligence/agents/chat_agents/pydantic_agent.py
#	app/modules/intelligence/tracing/logfire_tracer.py
#	dockerfile
#	uv.lock
nndn and others added 9 commits May 15, 2026 19:36
The dedicated `COPY deployment/.../celery-api-supervisord.conf /etc/...`
layer has repeatedly been served stale from the Jenkins build node's
Docker cache: images shipped the old single-program conf at /etc while
the same file at /app/deployment/... (from `COPY . .`) was correct, under
a correct commit tag. Replace the standalone COPY with `RUN cp` from the
already-fresh /app/deployment tree. That RUN depends on the `COPY . .`
layer, whose cache key is the whole-context hash and busts on any change,
so /etc deterministically matches the committed conf regardless of
build-cache state or whether --no-cache is passed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9337a75a-a41c-4c09-b3de-2e747aaa139c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/cli-integrations-foundation

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud

sonarqubecloud Bot commented Jun 1, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

BrhKmr23 and others added 18 commits June 1, 2026 15:48
Adds Linear-specific CLI auth (callback server, PKCE, token exchange),
credentials storage, status/logout commands, and unit tests. Branched
from feat/cli-integrations-foundation for a focused integration PR.

Co-authored-by: Cursor <cursoragent@cursor.com>
Adds Atlassian-specific CLI auth (API token login, workspace list/use,
read samples) with credentials storage, verify probes, and unit tests.
Branched from feat/cli-integrations-foundation for a focused integration PR.

Co-authored-by: Cursor <cursoragent@cursor.com>
Base automatically changed from feat/local-context-engine to main June 4, 2026 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants