Skip to content

fix(ui): Prefer fixed plugin option values over values from last run#5270

Open
mnonnenmacher wants to merge 1 commit into
mainfrom
fix-rerun-fixed-option
Open

fix(ui): Prefer fixed plugin option values over values from last run#5270
mnonnenmacher wants to merge 1 commit into
mainfrom
fix-rerun-fixed-option

Conversation

@mnonnenmacher

Copy link
Copy Markdown
Contributor

If a plugin options is set to a fixed value in a plugin template, that value is enforced by the backend: If a different value for that option is sent to the API, the run request is rejected.

This could cause issues when starting a run with "rerun" and plugin templates were changed in the meantime, because a plugin option used for the last run may now not be allowed anymore.

To fix this, always prefer fixed plugin option values over values used by the last run.

@sschuberth

Copy link
Copy Markdown
Contributor

If a plugin options

"options" -> "option"

To fix this, always prefer fixed plugin option values over values used by the last run.

Maybe explicitly add "... and do not reject the run".

If a plugin options is set to a fixed value in a plugin template, that
value is enforced by the backend: If a different value for that option
is sent to the API, the run request is rejected.

This could cause issues when starting a run with "rerun" and plugin
templates were changed in the meantime, because a plugin option used for
the last run may now not be allowed anymore.

To fix this, always prefer fixed plugin option values over values used
by the last run.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@doubleopen.io>
@mnonnenmacher mnonnenmacher force-pushed the fix-rerun-fixed-option branch from 31e776c to 40e7a42 Compare June 12, 2026 10:39
@Etsija

Etsija commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

I couldn't find anything suspicious from the UI code, but GPT-5.5 thinks it's found something:

ui/src/.../create-run/-components/plugin-utils.ts:175 — fixed required secrets are deleted and then fail client-side validation.

The new fixed-option override deletes fixed SECRET values when getPluginDefaultValues() has no default for them. But getPluginDefaultValues() intentionally ignores all secret defaults, and validateRequiredPluginOptions() still requires selected required options even when option.isFixed is true. So a rerun with a selected plugin that has an admin-fixed required secret will now end up with config.<plugin>.secrets.<name> removed, the field is disabled in the UI, and form validation blocks submission.

This can break reruns even when the template did not change.

Please either skip required validation for fixed options that are supplied by the server/template, or otherwise
preserve/provide a valid representation for fixed required secrets, and add a regression test with type: 'SECRET', isFixed: true, and isRequired: true.


I did verify the finding by:

  1. Specifying a secret for the SCANOSS API key and setting it to final:
Screenshot from 2026-06-16 08-10-45
  1. Now when I start a new run (using rerun, but I believe this would also happen for a new run from scratch), the API key secret is locked and empty, cannot be changed:
Screenshot from 2026-06-16 08-13-48

GPT 5.5 was wrong: the form doesn't fail validation. It allows the run to be created, but the result is, SCANOSS fails with this weird issue without an originator:

Screenshot from 2026-06-16 08-22-59

When the API key secret in the SCANOSS template is made non-final, I can choose the correct API key in the run form, and SCANOSS passes normally with results.

I believe we've already discussed that a real fix would probably be to prevent any secrets from being "final" in the plugin templates section?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants