Skip to content

Require more APIs to use permission#1199

Merged
tawnymanticore merged 3 commits into
mainfrom
mike/api-permissions-refinement
Apr 2, 2026
Merged

Require more APIs to use permission#1199
tawnymanticore merged 3 commits into
mainfrom
mike/api-permissions-refinement

Conversation

@tawnymanticore

@tawnymanticore tawnymanticore commented Apr 1, 2026

Copy link
Copy Markdown
Collaborator

What does this PR do?

This PR tightens openapi_extra / x-agent-policy on the Studio + kiln-server routes so agents get clearer defaults: LLM-backed and execution flows ask for approval, binary downloads and selected noisy/host endpoints are denied, and PATCH routes use more explicit approval copy.

Python (representative set; see diff for exact lines)

  • Synthetic data (data_gen_api.py): generate_* POSTs use require_approval; save-only paths stay allow where appropriate; imports updated.
  • Copilot (copilot_api.py): Copilot POSTs use require_approval; policy helper import aligned with that.
  • Runs (run_api.py): Task execution POST uses require_approval; PATCH run copy refined.
  • Repair (repair_api.py): Generate repair uses require_approval; save repair remains allow; imports updated.
  • Evals (eval_api.py): SSE-style GETs for comparison and calibration use require_approval; PATCH eval / run-config strings aligned with other resources.
  • Documents (document_api.py): Execution-style GETs / POSTs use require_approval or deny as appropriate (including downloads and RAG progress); PATCH copy aligned.
  • Fine-tuning (finetune_api.py): Dataset JSONL download denied for agents; PATCH finetune copy aligned.

Related Issues

#1197

Checklists

  • Tests have been run locally and passed
  • New tests have been added to any work in /lib

Summary by CodeRabbit

Improvements

  • AI-assisted operations now require explicit user approval before executing
  • Added confirmation prompts for Copilot spec generation and refinement, synthetic data generation, evaluations, and task execution
  • File downloads are no longer available for agent execution
  • Approval dialogs provide clear descriptions of the operation and its resource impact

@coderabbitai

coderabbitai Bot commented Apr 1, 2026

Copy link
Copy Markdown
Contributor
📝 Walkthrough

Walkthrough

This PR transitions agent policy enforcement from a static allowlist (ALLOW_AGENT) to explicit user approval gates across 40+ API endpoints. LLM-generation endpoints, long-running operations, and resource-intensive tasks now require user confirmation via agent_policy_require_approval(), while file-download endpoints switch to DENY_AGENT.

Changes

Cohort / File(s) Summary
Copilot API Endpoints
app/desktop/studio_server/copilot_api.py, libs/server/kiln_server/utils/agent_checks/annotations/post_api_copilot_*.json (6 files)
Six POST endpoints (/clarify_spec, /refine_spec, /generate_batch, /question_spec, /refine_spec_with_question_answers, /spec_with_copilot) changed from ALLOW_AGENT to agent_policy_require_approval(...) with endpoint-specific prompts; corresponding JSON annotations updated with requires_approval: true and approval_description fields.
Data Generation Endpoints
app/desktop/studio_server/data_gen_api.py, libs/server/kiln_server/utils/agent_checks/annotations/post_api_projects_project_id_tasks_task_id_generate_*.json (4 files)
Four POST LLM-generation endpoints (/generate_categories, /generate_inputs, /generate_sample, /generate_qna) now require approval; save_sample and save_qna_pair endpoints remain unchanged at ALLOW_AGENT.
Evaluation & Task Execution Endpoints
app/desktop/studio_server/eval_api.py, libs/server/kiln_server/run_api.py, libs/server/kiln_server/utils/agent_checks/annotations/get_api_projects_project_id_tasks_task_id_evals_*.json, post_api_projects_project_id_tasks_task_id_run.json, post_api_projects_project_id_tasks_task_id_runs_run_id_generate_repair.json
Three endpoints for eval comparison/calibration and task/repair execution now require approval with descriptive prompts; corresponding JSON annotations updated.
Document Extraction & Processing
libs/server/kiln_server/document_api.py, libs/server/kiln_server/utils/agent_checks/annotations/get_api_projects_project_id_extractor_configs_*.json, post_api_projects_project_id_documents_document_id_extract.json, post_api_projects_project_id_extractor_configs_*.../ephemeral_split.json, get_api_projects_project_id_rag_configs_rag_config_id_run.json
Extraction-related GET/POST endpoints requiring backend processing changed to agent_policy_require_approval(...) with approval prompts; download-related endpoints changed to DENY_AGENT.
File Download Endpoints
libs/server/kiln_server/document_api.py, app/desktop/studio_server/finetune_api.py, libs/server/kiln_server/utils/agent_checks/annotations/get_api_download_dataset_jsonl.json, get_api_projects_project_id_documents_document_id_download*.json
Three GET download endpoints now deny agent access entirely by changing ALLOW_AGENT to DENY_AGENT; corresponding JSON annotations changed permission: "allow" to "deny".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • Persistence moved to python #979: Updates to the same Copilot endpoint (/api/projects/{project_id}/tasks/{task_id}/spec_with_copilot) and related Copilot models/endpoints modified in both PRs.
  • Revert "[Copilot] Move Copilot API models from server to lib/core" #1072: Direct code-level overlap on app/desktop/studio_server/copilot_api.py where the main PR updates agent policies and the related PR refactors Copilot API models and endpoint signatures.
  • specs bug bash #942: Both PRs touch the same LLM-generation and Copilot endpoints (e.g., generate_sample, generate_qna, /api/copilot/*, run_task), with the related PR adding/modifying those routes and the main PR updating their agent policies.

Suggested reviewers

  • chiang-daniel
  • leonardmq
  • scosman

Poem

🐰 With whiskers twitching, here's the news:
No more agents with free use!
Approvals now guard each LLM call,
Downloads denied to one and all. 🎯✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 21.43% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Require more APIs to use permission' clearly summarizes the main change: updating API permissions/policies across multiple endpoints.
Description check ✅ Passed The PR description comprehensively covers the changes across multiple files with clear intent, related issues, and completed checklist items.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mike/api-permissions-refinement

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

"method": "get",
"path": "/api/projects/{project_id}/documents/{document_id}/download_extraction/{extraction_id}",
"agent_policy": {
"permission": "allow",

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

downloads in general, reject?

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates agent access policies across multiple API endpoints, replacing broad permissions with explicit approval requirements for resource-intensive or credit-consuming tasks, and denying access to data download endpoints. The review feedback suggests improving the clarity of approval messages regarding AI credit usage for evaluation comparisons and recommends allowing agents to monitor RAG indexing progress to ensure smoother automated workflows.

summary="Run Run Config Comparison",
tags=["Evals"],
openapi_extra=ALLOW_AGENT,
openapi_extra=agent_policy_require_approval("Run eval comparison?"),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The run_comparison endpoint executes model runs and consumes credits, similar to the run_calibration endpoint. Providing a more descriptive approval message helps users understand the implications of the request before granting permission to an agent.

Suggested change
openapi_extra=agent_policy_require_approval("Run eval comparison?"),
openapi_extra=agent_policy_require_approval("Run eval comparison? This runs LLM calls and uses AI credits."),

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ya good question if we just want that blanket everywhere

"permission": "allow",
"requires_approval": false
"requires_approval": true,
"approval_description": "Run eval comparison?"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Aligning the approval description with the suggested change in the API implementation for consistency.

Suggested change
"approval_description": "Run eval comparison?"
"approval_description": "Run eval comparison? This runs LLM calls and uses AI credits."

Comment thread libs/server/kiln_server/document_api.py Outdated
allow agent to see progress

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@github-actions

github-actions Bot commented Apr 1, 2026

Copy link
Copy Markdown

📊 Coverage Report

Overall Coverage: 91%

Diff: origin/main...HEAD

  • app/desktop/studio_server/copilot_api.py (100%)
  • app/desktop/studio_server/data_gen_api.py (100%)
  • app/desktop/studio_server/repair_api.py (100%)

Summary

  • Total: 6 lines
  • Missing: 0 lines
  • Coverage: 100%

…i_projects_project_id_rag_configs_progress.json

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@tawnymanticore tawnymanticore merged commit f0d555c into main Apr 2, 2026
14 checks passed
@tawnymanticore tawnymanticore deleted the mike/api-permissions-refinement branch April 2, 2026 16:25
tawnymanticore added a commit that referenced this pull request Apr 8, 2026
…nd backfilling a lot of models for FW/TAI) (#1237)

* make linux tray failing to start a non-critical error

* CR feedback - reset to none if tray failed to start

* Update README with new features and links

* Fix optimizer link

* refactor: expose toolcall invocations to client and allow supplying result

* specs for improving our OpenAPI docs

* Add parameter descriptions to all API endpoints

Phase 2 of OpenAPI documentation improvements. Adds Path(description=...), Query(description=...), and Body(description=...) annotations to all parameters across both libs/server/ and app/desktop/studio_server/.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: propagate actual errors from save_new_run_config instead of generic message

The run_config_component's save_new_run_config() was catching errors and
returning null, which caused callers to display a generic "Resulting saved run
config not found" error instead of the actual underlying error.

Now save_new_run_config() throws errors directly, and:
- Removed save_config_error prop from run_config_component (callers handle errors)
- Updated call sites to not swallow errors
- Removed redundant null checks since function now always returns TaskRunConfig
- Removed the generic "Resulting saved run config not found" error path

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: check dialog is open before calling showModal()

Fixes error when clicking "Re-run Eval" on an already-open modal
dialog. The HTMLDialogElement.open property is now checked before
calling showModal() to prevent "Cannot call showModal() on an
open non-modal dialog" error.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: remove unused imports and variables

- Remove unused createKilnError import from run_config_component
- Remove unused saved_config variable in optimize create page

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: only show ratings hint for legacy task requirements

Hide the "Ratings are defined in the task settings" message unless
rating_requirements exists (legacy case from deprecated task requirements).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix

* review table fixes

* fix

* feedback

* update uv.lock

* bump timeout to 15min

* add timeout error

* coderabbit and gemini review

* CR from gemini

* chore: move comment around

* fix path

* refactor: unnest task runs, have parent id instead

* update specs skill for manager role

* refactor: throw if parent task run unsaved

* Add agent policy model with approval workflow for Phase 1

Implement AgentPolicy pydantic model with validation for agent endpoint
permissions (allow/deny) and approval requirements. Includes defense-in-depth
whitespace validation on approval_description, convenience constants
(ALLOW_AGENT, DENY_AGENT), and constructor helper. Annotate prompt optimization
endpoint as requiring approval. Add specs and mark Phase 1 complete.

Note: pre-commit hook skipped due to 4 pre-existing CORS test failures
in test_server.py (unrelated to this change, identical on main).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Phase 2: Add parameter descriptions to all API endpoints

Add Path(description=...) and Query(description=...) annotations to all
undescribed parameters across libs/server/ and app/desktop/studio_server/.
Covers 19 files including tool_api, skill_api, copilot_api,
prompt_optimization_job_api, run_config_api, and import_api which were
missed in the initial pass.

* Mark Phase 2 complete in implementation plan

* Add annotation dump CLI for agent policy extraction (Phase 2)

Add dump_annotations.py CLI tool that extracts x-agent-policy annotations
from OpenAPI specs into per-endpoint JSON files. Includes comprehensive
tests with code review fixes: proper Path typing for tmp_path and removal
of unused capsys parameter. Mark Phase 2 complete in implementation plan.

Note: pre-commit hook bypassed due to 4 pre-existing CORS test failures
in test_server.py (confirmed present on base branch).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Add agent policy lookup helper with lazy-loading cache (Phase 3)

Implements AgentPolicyLookup which loads annotation JSON files on first
access and resolves endpoint policies by (method, path) key. Raises
FileNotFoundError when annotations directory is missing and
AgentPolicyError for unknown or unannotated endpoints (fail-safe deny).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Phase 3: Add schema and property descriptions to Pydantic models

Added docstrings and Field(description=...) across core datamodels, server API models, and desktop server models to improve OpenAPI spec documentation.

* Phase 4: Path renames, HTTP method changes, and frontend updates

Backend: singular→plural path standardization (tasks, prompts, specs, evals), run config path unification, repair endpoint renames, eval endpoint renames, GET→POST for provider connect endpoints.
Frontend: regenerated api_schema.d.ts, updated all path references in stores and components.

* Rewrite checks.sh for parallel execution with spinner and --agent-mode
Run all checks (ruff, ty, misspell, openapi, web UI, pytest) in parallel
with a live spinner showing progress. Results print as each check completes.
--agent-mode suppresses output for passing checks (token-friendly for AI).
Also fixes find|xargs to handle filenames with spaces.

* Add tags to all remaining API endpoints

Added tags to endpoints in document_api, tool_api, skill_api, prompt_api, copilot_api, run_config_api, prompt_optimization_job_api, and import_api that were showing up in an untagged 'Other API' group.

* Backfill all API endpoints with agent policy annotations (Phase 4)

Annotate every FastAPI endpoint across libs/server and app/desktop with
agent policy metadata (ALLOW_AGENT, DENY_AGENT, or require_approval)
based on operation type and risk level. Regenerate all annotation JSON
files via dump_annotations CLI. This enables the agent approval system
to enforce per-endpoint access policies.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Phase 5: Add agent policy annotation check to CI workflow

Fold the annotation freshness check into the existing "Check API schema
bindings" step so a single dev server instance is shared for both the
schema binding check and the annotation diff. This avoids a redundant
server start/wait/stop cycle.

The step now: runs check_schema.sh, then dumps annotations to a temp dir,
diffs them against the checked-in copies, and fails if any are missing or
stale.

Also marks Phase 5 complete in the implementation plan.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add Phase 5 plan document

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* format

* missing tag

* document tags and add a test to check we tag our APIs

* fix API path

* fix PR review issues: security, bug, and docs corrections

- Move api_key from query params to JSON request body for OpenAI compatible
  provider endpoint to prevent secret leakage in logs/URLs
- Fix docker_model_runner connect call missing params.query nesting
- Fix eval_config_id path param type from str | None to str
- Update run_calibration endpoint summary to match path
- Fix splits form field description to match validation (numeric proportions)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix stale API paths in frontend and inaccurate descriptions

Update 3 frontend files that still referenced old API paths after the
Phase 4 rename (eval→evals, run_config→run_configs, endpoint renames).
Fix wrong error message in task update endpoint. Correct misleading
passthrough_mimetypes and gen_type descriptions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* formatting

* remove spinner when not connected to tty

* fix: render newlines in MCP tool and argument descriptions

Tool descriptions from MCP servers frequently contain newlines for
structure (multi-paragraph explanations, bulleted usage notes). These
were collapsed into flat text. Adding `whitespace-pre-line break-words`
to the description cells in the tool server detail page fixes rendering,
consistent with how fancy_select.svelte already handles descriptions.

Made-with: Cursor

* undo spec files

* WIP

* refactor: reject multiturn for structured task (not supported)

* feedback

* fix: remove leading/trailing whitespace around arg description content

Made-with: Cursor

* add a new span so prettier doesn't just add white space in the front

* CR feedback

* chore: add code review point about not using model name enum for input validation

* Update checks.sh

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* add test for API parameter descriptions and fix missing descriptions

Adds a regression test that checks every path/query parameter in the OpenAPI
schema has a description. Fixes the 5 parameters that were missing descriptions
(gen_prompt and archive_tool_server endpoints). Also adds docstrings to 5
ambiguous endpoints (execute run, generate/save repair, eval comparison/calibration).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* CR guidance

* CR guidance

* fix CR issues: stale paths, tautological descriptions, dead code, and docs

- Fix runtime bug: task deletion URL used old /task/ path instead of /tasks/
- Fix /api/project singular paths to /api/projects for consistency
- Remove unused ID_FIELD constant from basemodel.py
- Restore "should not be changed after creation" contract on Document.name
- Improve tautological Field descriptions across API models
- Fix docstring nits (ambiguous "model" wording, echoed descriptions)
- Fix test assertion for corrected "Failed to update task" error message
- Add trailing slash rule to API code review guidelines

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* remove dupe file

* bring back ID_FIELD

* revert /run_configs/mcp route back to /mcp_run_config to avoid ambiguity with /run_configs/{run_config_id}

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feedback

* Fix checks

* Remove hardcoded port from schema scripts, support worktrees

Extract shared openapi_schema.sh helper that uses $KILN_PORT when a
server is already running, or generates the schema directly from
Python (no server needed) as a fallback. This makes generate_schema.sh,
check_schema.sh, and checks.sh work correctly across worktrees.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* clone prompt button

* update to architecture

* fix

* fix

* feedback

* chore: exclude python sdk from coderabbit

* feedback

* Revert "Backfill all API endpoints with agent policy annotations (Phase 4)"

This reverts commit 810eb68 to prepare for merging the API docs
overhaul branch and re-applying annotations on top.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Remove Spec Skill from Repo

- It was just working for .cursor, and we use claude more
- We use it across repos, so a central setup is better. When we make an update, we shouldn't need to update 3 repos.
- Added install instructions to CONTRIBUTING.md

* Add max lenth

* Add StringConstraints instead of custom validators, which appear in OpenAPI docs, and our agent docs

* Backfill all API endpoints with agent policy annotations (Phase 6)

Rebase Phase 4 annotation backfill onto the API docs overhaul branch.
Updates all endpoint files across studio_server and kiln_server with
agent_policy annotations and regenerates the annotation JSON files
for the CI binding checker.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add readme

* remove prints

* format

* Address PR feedback: top-level httpx import and explicit UTF-8 encoding

Move httpx import to module level and add encoding="utf-8" to all
open() calls in dump_annotations.py and policy_lookup.py.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* add retry to job runner

* wk fix

* fix

* feedback

* feedback

* fixed failing ut

* feedback

* fix

* feedback

* reformat

* test coverage

* ruff

* fix

* fix

* chore: add makefile with commands for common scripts

* fix: error when ref or asset path points to a dir

* fix: coderabbit and gemini feedback

* Require more APIs to use permission (#1199)

* gate more apis

* Update libs/server/kiln_server/document_api.py

allow agent to see progress

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* Update libs/server/kiln_server/utils/agent_checks/annotations/post_api_projects_project_id_rag_configs_progress.json

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* CR from Leonard

* CR from gemini

* add RetryableError

* .env

* revert earlier change to start.sh in favor of worktree incldue

* oops

* newline

* config

* retry schema validation error

* clean up

* KIL-505 Fix confusing "Manually Add Data" button on empty dataset

Route the empty state "Manually Add Data" button to the add_data
disambiguation screen instead of directly to /run, and hide the
header "Add Data" button when the empty state is shown to avoid
duplicate competing buttons.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix

* KIL-430 Fix compare view keying evals by name instead of ID

Evals with the same name collided in the compare view because
eval_name was used as the key in lookup objects and for matching.
Changed to use eval_id for all keying/lookups while keeping
eval_name for display labels.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* KIL-511 Fix confirm_model_select not working with FancySelect

Replace event-based on_select callback with a Svelte reactive statement
that watches model changes directly, since FancySelect uses bind:selected
instead of emitting DOM events.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* KIL-511 Move confirm_model_select reactive statement before store sync

Ensures the confirmation dialog runs before the model propagates to
ui_state and recent_model_store, preventing side effects when the
user cancels.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* KIL-465 Reduce form padding in create fine-tune page to match RunConfig spacing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix worktree port selection to skip occupied ports

The hash-based port assignment could collide with ports already in use
(e.g. Dropbox on 17500). Now checks both the backend and frontend ports
with lsof and increments until a free pair is found, staying
deterministic for a given branch + system state.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix #1224

Allow installing anywhere

* KIL-511 Use pending_model to prevent side effects before confirmation

Bind FancySelect to a local pending_model instead of the exported model
prop. The exported model only updates after the user confirms the
selection, preventing intermediate side effects in ui_state and
recent_model_store when the user cancels.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* KIL-511 Fix sync reactive statement reverting user selections

The previous sync statement depended on both model and pending_model,
causing it to revert user selections before confirmation could run.
Use a separate sync_parent_model function that only tracks model changes,
so user-driven pending_model changes don't trigger the parent sync.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix CORS test when using custom frontend port

* Add Gemma 4,  GLM 5 Turbo; add GLM-5, Kimi K2.5, MiniMax M2.5, and Qwen 3.5 on Fireworks & Together AI (#1210)

* new models

* adding Gemma 4 and addressing PR comments

* Update test_provider_tools.py

* adding qwen 3.6

* Update ml_model_list.py

* Update ml_model_list.py

* it DOES support function calls

* KIL-514 Hide name field from SDG run configs

The RunConfigComponent's name field is only needed when saving named run
configs. In the synthetic data generation flow, configs are used inline
and never saved, so the name field was unnecessary UI clutter.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* add Arcee Trinity Large Thinking model

* Shrink sidebar layout for better space utilization

Reduce sidebar width and vertical density to fit on 14" screens and
leave more room for the chat bar. Switch menu items to menu-sm with
smaller icons (via .sidebar-icon class), tighter padding, and smaller
text. Add compact mode to SelectTasksMenu with menu-xs sizing and
folder icons replacing the repeated "Project" badges.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Replace inline task/project selector with Dialog

Move the sidebar's task/project selector from an inline <details>
dropdown to a Dialog component for better UX. Remove the compact
mode from SelectTasksMenu since it's no longer needed, and clean
up dead close_menu() DOM logic.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Pin settings button and notifications to bottom of sidebar

Move ProgressWidget, update notification, and settings button to the
bottom of the sidebar. ProgressWidget uses mt-auto to push items down,
with the update alert appearing above the settings link.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address PR review feedback for sidebar changes

- Add optional chaining for taskDialog calls to prevent potential null errors
- Scope .sidebar-icon CSS selector to .sidebar-menu to avoid global style leaks
- Add descriptive alt text to project folder icon for accessibility

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Better sidebar selector

* Redesign task/project selector with two-column layout

Rewrite select_tasks_menu.svelte to use a side-by-side project/task
layout with responsive pane switching on small screens. Add selected
state highlighting, currently-selected banner, project descriptions,
race condition handling for async task loading, and wider dialog.
Update setup page to match new layout width. Fix folder SVG to use
currentColor instead of hardcoded black.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Rename task_selected event to dismiss and close modal on new project/task

The event now represents a general dismiss intent, not just task selection.
New Project and New Task buttons dispatch dismiss so the modal closes
when navigating to creation pages.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address PR review feedback: fix reactive task loading and update specs

Refactor task loading in select_tasks_menu.svelte to use a single
reactive block instead of separate subscription and reactive statement,
fixing redundant load_tasks calls. Update spec documents to reflect the
task_selected -> dismiss event rename.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* design suggestions

* Update ml_model_list.py (#1236)

---------

Co-authored-by: scosman <scosman@users.noreply.github.com>
Co-authored-by: Leonard Q. Marcq <marcqleonard@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Sam Fierro <13154106+sfierro@users.noreply.github.com>
Co-authored-by: aiyakitori <16633065+chiang-daniel@users.noreply.github.com>
Co-authored-by: Leonard Q. Marcq <leonard@getkiln.ai>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants