Conversation
- Add waitForGraphPresent() polling helper to apiCalls.ts to retry getGraphs() until expected graph appears instead of one-shot calls - Add connectDatabaseWithRetry() helper to retry streaming connection on transient errors with diagnostic logging - Enhance parseStreamingResponse() to log error message details - Update all database.spec.ts tests to use scoped test.setTimeout(120000/180000) - Increase waitForDatabaseConnection timeout to 90s in all DB connection tests - Replace bare getGraphs() calls with waitForGraphPresent() polling - Add console.log diagnostics throughout for easier CI debugging Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
Bumps [playwright](https://github.com/microsoft/playwright-python) from 1.57.0 to 1.58.0. - [Release notes](https://github.com/microsoft/playwright-python/releases) - [Commits](microsoft/playwright-python@v1.57.0...v1.58.0) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.58.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cific DB predicates, polling for deletion - connectDatabaseWithRetry: wrap per-attempt logic in try/catch so network/parse exceptions don't abort retries; log with attempt# via console.error; backoff delay behaviour unchanged - Add expect(messages.length).toBeGreaterThan(0) guard before accessing finalMessage in all 4 caller blocks (PostgreSQL API, MySQL API, PostgreSQL delete, MySQL delete) - Fix UI-to-API test predicates from generic 'graphs.length > 0' to 'testdb'/'_testdb' match, avoiding false positives on pre-existing graphs - Replace wait(1000)+getGraphs() in both delete tests with waitForGraphPresent polling until the deleted graphId is absent Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
- Rename waitForGraphPresent -> waitForGraphs in apiCalls.ts (more neutral name since it's used for both presence and absence checks) - Update all 10 call sites in database.spec.ts accordingly - Change outer test.describe -> test.describe.serial to prevent cross-test interference on local multi-worker runs (CI is already single-worker via workers: CI ? 1 : undefined in playwright.config.ts) Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
Replace id.includes('testdb_delete') with
id === 'testdb_delete' || id.endsWith('_testdb_delete') in both
delete test predicates and find() calls so only the exact graph forms
('testdb_delete' or '{userId}_testdb_delete') match, preventing
accidental matches on unrelated graph names.
Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
…wright-logs Fix flaky Playwright e2e tests: DB connection timeouts and streaming response errors
…ht-1.58.0 Bump playwright from 1.57.0 to 1.58.0
Update dependency versions: - fastapi: ~=0.131.0 → ~=0.133.0 - uvicorn: ~=0.40.0 → ~=0.41.0 - litellm: ~=1.80.9 → ~=1.81.15 - playwright: ~=1.57.0 → ~=1.58.0 - globals (npm): ^15.15.0 → ^17.3.0 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Return generic 400 for RequestValidationError instead of Pydantic details
Add a global RequestValidationError exception handler that returns
{"detail": "Bad request"} with status 400, preventing internal
Pydantic validation details from leaking to clients. This primarily
affects the SPA catch-all proxy route when accessed without the
expected path parameter.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Scope validation handler to SPA catch-all, add logging, fix tests
Address PR review feedback:
- Scope the generic 400 handler to only the SPA catch-all route
(query._full_path errors) so API consumers still get useful 422
responses with field-level detail
- Add logging.warning of validation details for server-side debugging
- Make test assertions unconditional instead of guarding behind
status-code checks
- Add test verifying API routes preserve 422 with field-level info
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix SPA catch-all route parameter name mismatch
The function parameter `_full_path` didn't match the URL template
`{full_path:path}`, causing FastAPI to treat it as a required query
parameter and return 422 for every non-API route.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove validation error handler workaround
The handler was masking a parameter name mismatch in the catch-all
route. Now that the root cause is fixed, the handler, its import,
pylint suppression, and test file are no longer needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Suppress pylint unused-argument for catch-all route parameter
The parameter name must match the URL template to avoid validation
errors, but the function body doesn't use it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add CSRF protection via double-submit cookie pattern Add CSRFMiddleware to protect all state-changing endpoints (POST, PUT, DELETE, PATCH) against cross-site request forgery attacks. Backend: - New CSRFMiddleware in app_factory.py sets a csrf_token cookie (non-HttpOnly, readable by JS) on every response - State-changing requests must echo the token via X-CSRF-Token header - Uses hmac.compare_digest for timing-safe validation - Exempts Bearer token auth (not CSRF-vulnerable), login/signup/OAuth flows, and MCP endpoints Frontend: - New app/src/lib/csrf.ts utility reads the cookie and builds headers - All service files (auth, tokens, database, chat) now include the X-CSRF-Token header on every state-changing fetch call Fixes: - CSRF on POST /tokens/generate (API token hijack) - CSRF on POST /logout (forced session termination) - Missing CSRF protection on all other mutating endpoints Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review feedback on CSRF protection - Set CSRF cookie on 403 rejection responses so clients can retry - Add max_age (14 days) to CSRF cookie matching session cookie lifetime - Guard document access in csrf.ts for SSR/Node compatibility - Add console.warn when CSRF cookie is missing for easier debugging - Add comment clarifying MCP exempt prefix pattern - Add comprehensive unit tests for CSRF middleware (12 test cases) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix E2E tests: seed CSRF token in API request helpers The E2E API helpers (postRequest, deleteRequest, patchRequest) now make a lightweight GET to /auth-status first to obtain the csrf_token cookie, then include it as X-CSRF-Token header on the actual request. This ensures E2E tests pass with the new CSRF middleware. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR #432 review: fix missing CSRF headers and improvements - Add csrfHeaders() to POST /graphs/{id}/refresh in Index.tsx - Add csrfHeaders() to POST /database in DatabaseModal.tsx - Refactor CSRFMiddleware.dispatch() to single return path - Change console.warn to console.debug in csrf.ts - Cache CSRF token per APIRequestContext in E2E helpers - Add DELETE/PATCH and secure-flag tests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: update @falkordb/canvas version to 0.0.34 in package.json and package-lock.json * fix: update @falkordb/canvas version to 0.0.35 in package.json and package-lock.json * fix: update @falkordb/canvas version to 0.0.36 in package.json and package-lock.json * fix: update @falkordb/canvas version to 0.0.40 in package.json and package-lock.json * fix: update @falkordb/canvas version to 1.51.1 in package-lock.json --------- Co-authored-by: Guy Korland <gkorland@gmail.com>
… pages - Add defaultRequestContext field to ApiCalls class, set via constructor - All API methods now use the default context for auth (session cookies + CSRF) - Tests use Playwright's request fixture which inherits storageState from config - Pass storageState path to BrowserWrapper.createNewPage for authenticated browser sessions - Revert outer test.describe.serial() to test.describe() to prevent cascade failures (inner Database Deletion Tests remain serial as needed) Fixes unauthenticated API requests that caused 401 errors in Firefox E2E tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Bump fastapi from 0.133.0 to 0.135.0 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.0 to 0.135.0. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.133.0...0.135.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(e2e): read CSRF token from storageState when Set-Cookie is absent When the Playwright request fixture is initialised from a storageState that already carries a csrf_token cookie, the server does not emit a new Set-Cookie header. getCsrfToken() would then return undefined, causing every state-changing API call to fail with 403 'CSRF token missing or invalid'. Fall back to reading the token from the context's storageState() when the Set-Cookie header does not contain it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com>
* Bump the npm-minor-patch group in /app with 5 updates Bumps the npm-minor-patch group in /app with 5 updates: | Package | From | To | | --- | --- | --- | | [@falkordb/canvas](https://github.com/FalkorDB/falkordb-canvas) | `0.0.40` | `0.0.41` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.19` | `5.90.21` | | [preact](https://github.com/preactjs/preact) | `10.28.3` | `10.28.4` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.71.1` | `7.71.2` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.23` | `10.4.27` | Updates `@falkordb/canvas` from 0.0.40 to 0.0.41 - [Release notes](https://github.com/FalkorDB/falkordb-canvas/releases) - [Commits](FalkorDB/falkordb-canvas@v0.0.40...v0.0.41) Updates `@tanstack/react-query` from 5.90.19 to 5.90.21 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.90.21/packages/react-query) Updates `preact` from 10.28.3 to 10.28.4 - [Release notes](https://github.com/preactjs/preact/releases) - [Commits](preactjs/preact@10.28.3...10.28.4) Updates `react-hook-form` from 7.71.1 to 7.71.2 - [Release notes](https://github.com/react-hook-form/react-hook-form/releases) - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](react-hook-form/react-hook-form@v7.71.1...v7.71.2) Updates `autoprefixer` from 10.4.23 to 10.4.27 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.23...10.4.27) --- updated-dependencies: - dependency-name: "@falkordb/canvas" dependency-version: 0.0.41 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: "@tanstack/react-query" dependency-version: 5.90.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: preact dependency-version: 10.28.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: react-hook-form dependency-version: 7.71.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: autoprefixer dependency-version: 10.4.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update root package-lock.json for app dependency bumps The root package-lock.json must be kept in sync with app/package.json changes since root package.json references app via file: protocol. Without this update, npm ci at the root fails with lockfile mismatch. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* perf(ci): accelerate Playwright CI from ~16min to ~5min - Increase CI workers from 1 to 4 (matches ubuntu-latest vCPUs) - Skip Firefox in CI, run Chromium only (halves test count) - Reduce retries from 2 to 1 (still catches transient failures) - Add pip, npm, and Playwright browser caching - Replace hardcoded sleep 20 with health-check polling - Install only Chromium browser (not Firefox) in CI Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): fix YAML indentation and use docker compose --wait Replace inline Python health-check with docker compose --wait flag which natively waits for service healthchecks to pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): remove pip cache (incompatible with pipenv setup) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): keep 2 retries for flaky AI-dependent chat tests Chat tests that interact with the AI processing endpoint need 2 retries to handle intermittent timeouts, especially under parallel execution. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): key npm cache on both root and app lockfiles The setup-node npm cache was only keyed on the root package-lock.json. Add cache-dependency-path to include app/package-lock.json so the cache invalidates when frontend dependencies change. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(ci): add pip caching with Pipfile.lock dependency path The setup-python cache: 'pip' was removed earlier because it failed without cache-dependency-path (defaults to requirements*.txt). Re-add it with cache-dependency-path: Pipfile.lock so pip downloads are cached between runs. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: update comment to reflect hard-coded worker count The comment said 'Use all available vCPUs' but the config hard-codes 4 workers. Update to accurately describe the intentional pinning. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps [litellm](https://github.com/BerriAI/litellm) from 1.81.15 to 1.82.0. - [Release notes](https://github.com/BerriAI/litellm/releases) - [Commits](https://github.com/BerriAI/litellm/commits) --- updated-dependencies: - dependency-name: litellm dependency-version: 1.82.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com>
* Bump the npm_and_yarn group across 1 directory with 2 updates Bumps the npm_and_yarn group with 2 updates in the /app directory: [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.55.1 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.55.1...v4.59.0) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ci: retrigger CI after transient test failure The previous Playwright test run had database connectivity issues in CI (Docker container readiness timing). All infrastructure steps passed but database connection tests returned success:false. Retriggering to verify. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Initial plan * chore: bump version from 0.0.14 to 0.1.0 Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com>
Change npm install to npm ci for consistency
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
) Bumps the npm-minor-patch group in /app with 2 updates: [@falkordb/canvas](https://github.com/FalkorDB/falkordb-canvas) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom). Updates `@falkordb/canvas` from 0.0.44 to 0.0.45 - [Release notes](https://github.com/FalkorDB/falkordb-canvas/releases) - [Commits](FalkorDB/falkordb-canvas@v0.0.44...v0.0.45) Updates `react-router-dom` from 7.13.1 to 7.13.2 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.2/packages/react-router-dom) --- updated-dependencies: - dependency-name: "@falkordb/canvas" dependency-version: 0.0.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch - dependency-name: react-router-dom dependency-version: 7.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com>
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
…dates (#519) Bumps the npm_and_yarn group with 3 updates in the /app directory: [picomatch](https://github.com/micromatch/picomatch), [flatted](https://github.com/WebReflection/flatted) and [lodash](https://github.com/lodash/lodash). Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `lodash` from 4.17.23 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Guy Korland <gkorland@gmail.com>
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
Regenerated the root lockfile to sync with current app/package.json dependencies. Also ran npm audit fix to resolve: - lodash Code Injection and Prototype Pollution (high severity) - brace-expansion DoS (moderate severity) - picomatch ReDoS and method injection (high severity) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
Addresses: - GHSA-jjhc-v7c2-5hh6: OIDC authentication bypass via cache key collision (critical) - GHSA-53mr-6c8q-9789: Privilege escalation via unrestricted proxy config (high) Both vulnerabilities are fixed in litellm 1.83.0+. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
Addresses: - GHSA-w2fm-2cpv-w7v5: unlimited trailer headers (moderate) - GHSA-p998-jp59-783m: UNC SSRF/NTLMv2 credential theft (moderate) - GHSA-m5qp-6w8w-w647: multipart header size bypass (moderate) - GHSA-c427-h43c-vf67: duplicate Host headers (moderate) - GHSA-hcc4-c3v8-rx92: DoS via unbounded DNS cache (low) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
Contributor
Author
Agent Review SummaryReview Comments StatusAll 24 review threads were already resolved prior to this review pass. Fixes Applied
CI StatusAll checks passing ✅
|
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.6.0 to 8.0.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@37802ad...cec2083) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… hardening Snowflake database loader: - Full schema extraction (tables, columns, PKs, FKs, relationships) - Key-pair authentication support (bypasses MFA) - SHOW PRIMARY KEYS / SHOW IMPORTED KEYS for constraint discovery - Identifier validation and parameterized queries for SQL injection prevention - Connection timeouts (login: 30s, network: 60s) Frontend: - Snowflake option in DatabaseModal with manual/URL entry modes - Key-pair auth UI (password/keypair toggle with PEM textarea) - Custom API key/model passed through ChatService to backend Security: - @token_required on /validate-api-key endpoint - Vendor-specific API key format validation - Narrowed vendor allowlist for key validation - Upgraded fastmcp 3.0.1→3.2.0, litellm→1.83+, aiohttp→3.13.5 Other fixes: - load_dotenv() in config.py for reliable env loading - Memory gracefully disabled for non-Azure/OpenAI providers - Null-safe LLM description generation - Anthropic config fails fast without embeddings - python-dotenv as explicit dependency Tests: 39 tests (20 Snowflake loader + 19 settings route) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
LLM providers already reject invalid keys with auth errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Consistent with other routers (/graphs, /tokens, /database). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Restore app_factory.py from staging (CSRF, proxy header handling) with only our 2 changes (remove load_dotenv, /settings prefix) - Restore PostgreSQL schema field in DatabaseModal - Restore vendor prefix logic in ChatService.streamQuery - Restore static getVendorPrefix import in ChatInterface Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Snowflake loader support with full-stack integration
railway-app
bot
temporarily deployed
to
queryweaver / QueryWeaver-pr-455
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit