feat(cli): add shared integration auth foundation for integrations logins#829
feat(cli): add shared integration auth foundation for integrations logins#829BrhKmr23 wants to merge 79 commits into
Conversation
- Add context graph module: PR fetch, episode formatters, Graphiti client with thread-local drivers and async-safe search/add_episode paths - Stamp Entity nodes with deterministic entity_key; bridge FILE/NODE to PR/decisions - Postgres: context_sync_state, ingestion log with bridge metrics; Alembic migrations - Celery: context-graph-etl queue, backfill after parse, webhook ingest on merge - Agent tools: get_project_context, get_change_history, get_file_owner, get_decisions - QnA: prefetch get_project_context; optional selective sync API wiring - Fix streaming history buffer duplicating tool_calls (O(n²) growth → Postgres OOM) - Scripts: bridge diagnostics, local docker data reset; start.sh queue flags Made-with: Cursor
…ontext tooling Improve PR context ingestion/linkage by persisting richer PR metadata, commit details, and file-level patch excerpts; add robust change-history fallbacks and expose new PR diff/review queries through HTTP, MCP, and agent tools. Also include post-reingest evaluation reports for PR #694 verification. Made-with: Cursor
Fixes HIGH severity vulnerabilities: - authlib: 1.6.9 (CVE-2026-28802, CVE-2026-28490, CVE-2026-28498) https://github.com/potpie-ai/potpie/security/dependabot/81 - black: 26.3.1 (CVE-2026-32274) Note: langchain-core>=1.2.11 was already present as an explicit dependency because the code directly imports from langchain_core.tools (used extensively across the codebase for StructuredTool). This also addresses the LOW severity CVE-2026-26013 for langchain-core.
…ration Wire HybridGraphIntelligenceProvider and ContextResolutionService in the context-engine container. Add resolve-context HTTP/MCP paths, Neo4j query extensions, and unit tests. Integrate prefetch bundle rendering and QnA agent behavior with get_pot_context; fix router enforce_pot_access checks. Made-with: Cursor
Exclude conversation upload/vision changes; includes context-engine wiring/task updates, integration module refactor/removals, and related tests/docs/migrations. Made-with: Cursor
Made-with: Cursor
* Integration details stored in DB, After successful OAuth redirects back to success page in app and it syncs linear well * check_existing_linear_integration: scoped to the calling user + active integrations only.
# Conflicts: # .env.template # .gitignore # app/modules/intelligence/agents/chat_agents/pydantic_agent.py # app/modules/intelligence/tracing/logfire_tracer.py # dockerfile # uv.lock
The dedicated `COPY deployment/.../celery-api-supervisord.conf /etc/...` layer has repeatedly been served stale from the Jenkins build node's Docker cache: images shipped the old single-program conf at /etc while the same file at /app/deployment/... (from `COPY . .`) was correct, under a correct commit tag. Replace the standalone COPY with `RUN cp` from the already-fresh /app/deployment tree. That RUN depends on the `COPY . .` layer, whose cache key is the whole-context hash and busts on any change, so /etc deterministically matches the committed conf regardless of build-cache state or whether --no-cache is passed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Adds Linear-specific CLI auth (callback server, PKCE, token exchange), credentials storage, status/logout commands, and unit tests. Branched from feat/cli-integrations-foundation for a focused integration PR. Co-authored-by: Cursor <cursoragent@cursor.com>
Adds Atlassian-specific CLI auth (API token login, workspace list/use, read samples) with credentials storage, verify probes, and unit tests. Branched from feat/cli-integrations-foundation for a focused integration PR. Co-authored-by: Cursor <cursoragent@cursor.com>




Summary
Adds the shared CLI foundation needed to split provider auth work into smaller
follow-up PRs.
This PR intentionally does not add any user-facing provider login flows.
Changes
keyringas a context-engine dependency.through the system keychain.
credentials.json._write_payloadhelper.potpie authcommand shell with provider registration support.auth command wiring.
Not Included
Verification
uv run pytest tests/unit/test_credentials_store.py tests/unit/ test_auth_commands.pyuv run ruff check adapters/inbound/cli/credentials_store.py adapters/inbound/ cli/auth_commands.py tests/unit/test_credentials_store.py tests/unit/ test_auth_commands.pygit diff --check