Remove inline instruction prompts from experiment generation and analysis. These instructions are now defined in ABTestGeneratePlugin and ABTestAnalyzePlugin, eliminating duplication and improving maintainability.
Simplify AI content generation by delegating to plugin system:
- Remove inline prompt instructions (now in LandingPageContentPlugin)
- Add extractJSON helper to handle markdown-wrapped responses
- Hardcode CTA URLs to repo URL instead of relying on AI
- Apply JSON extraction to both content generation and translation
- Reduces code duplication and improves maintainability
Implement internationalization system for landing pages:
- Database model for storing language-specific translations
- Language configuration with default and enabled languages
- Language switcher in navigation across all templates
- Translation management UI in settings
- Support for 15 languages including English, Spanish, German, French, Japanese, Chinese
- Auto-detection and manual language selection
- AI-powered translation generation capability
Allow private repositories to enable public release downloads on their landing pages. When enabled, unauthenticated users can download release attachments without accessing the repository. Adds download sections to all landing page templates with styling.
Separate packages into PublicPackages and PrivatePackages arrays for template rendering. Add CanWritePackages flag to determine if viewer has permission to publish packages (admin, owner, or org team member with write access). Revert anonymous user 404 redirect to show proper error page.
Improve UX for unauthenticated visitors by redirecting them to the homepage instead of showing a 404 page. Authenticated users still see the standard 404 error page.
Set Private flag based on whether actor is present. When actor is nil (anonymous), Private must be false so SearchRepositoryCondition correctly filters to public repos only. Fixes repo count visibility for unauthenticated users.
Pass actor/doer to GetOrgOverviewStats to filter repository count based on user access rights. Replace CountRepositories with SearchRepository to respect permission checks. Prevents users from seeing total count of repos they cannot access.
Parse .gitsecrets-ignore file from commits to filter out known false positives during secret scanning. Matches entries by SHA-256 content hash (truncated to 16 chars) and pattern ID. Update push rejection message to guide users toward GitSecrets addon for managing ignored detections.
Implement critical production readiness features for AI integration: per-request provider config, admin dashboard, workflow inspection, and plugin framework foundation.
Per-Request Provider Config:
- Add ProviderConfig struct to all AI request types
- Update queue to resolve provider/model/API key from cascade (repo > org > system)
- Pass resolved config to AI sidecar on every request
- Fixes multi-tenant issue where all orgs shared sidecar's hardcoded config
Admin AI Dashboard:
- Add /admin/ai page with sidecar health status
- Display global operation stats (total, 24h, success/fail/escalated counts)
- Show operations by tier, top 5 repos, token usage
- Recent operations table with repo, operation, status, duration
- Add GetGlobalOperationStats model method
Workflow Inspection:
- Add InspectWorkflow client method and types
- Implement workflow-inspect queue handler
- Add notifier trigger on workflow file push
- Analyzes YAML for syntax errors, security issues, best practices
- Returns structured issues with line numbers and suggested fixes
Plugin Framework (Phase 5 Foundation):
- Add external plugin config loading from app.ini
- Define ExternalPlugin interface and manager
- Add plugin.proto contract (Initialize, Shutdown, HealthCheck, OnEvent, HandleHTTP)
- Implement health monitoring with auto-restart for managed plugins
- Add event routing to subscribed plugins
- HTTP proxy support for plugin-served routes
This completes Tasks 1-4 from the production readiness plan and establishes the foundation for managed plugin lifecycle.
Refactor AI service layer to reduce code duplication and improve consistency.
Changes:
- Rename AIOperationRequest to OperationRequest for consistency
- Extract shared logic for issue-targeted operations (respond, triage) into triggerIssueAIOp helper
- Standardize field alignment in struct definitions
- Remove redundant error handling patterns
This reduces the API operations file by ~40 lines while maintaining identical functionality.
Add comprehensive web UI for configuring AI features at repository and organization levels, completing the activation workflow for AI operations.
Repository AI Settings (repo/settings/ai):
- Enable/disable AI unit for the repository
- Toggle Tier 1 operations (auto-respond, auto-review, auto-triage, workflow inspection)
- Configure Tier 2 agent mode with trigger labels and runtime limits
- Set escalation rules (label, team assignment)
- Override provider/model preferences
- Add custom instructions for different operation types
Organization AI Settings (org/settings/ai):
- Configure org-level AI provider and model
- Set encrypted API key (with masked display)
- Define rate limits (max operations per hour)
- Whitelist allowed operations
- Enable/disable agent mode for org repositories
Both interfaces include proper permission checks, form validation, and cascade resolution display (showing inherited vs. overridden values). Adds navigation entries to settings sidebars and full i18n support.
Implement core AI service infrastructure including agent operations, escalation handling, and asynchronous queue processing.
New services:
- Agent service: Handles Tier 2 AI operations with action runner integration
- Queue service: Asynchronous processing of AI operations with retry logic
- Escalation service: Routes complex issues to staff with configurable rules
- Notifier service: Sends notifications for AI operation results
Additional changes:
- Add GitCaddy AI system user (ID: -3) for bot operations
- Add AIConfig to repository units
- Add AI-specific error codes (rate limiting, service errors, etc.)
- Extend AI client with GenerateIssueResponse method
- Add AISettingsV2 struct for repository-level AI configuration
The queue system enables non-blocking AI operations with proper error handling and rate limiting.
Add repository setting to control anonymous access to app integration endpoints (issue submission, update checks). When enabled (default), the desktop app can access these endpoints without authentication. When disabled, vault token authentication is required.
This provides granular control over app integration access, allowing repository owners to enforce full authentication on sensitive repositories while maintaining ease of use for public/limited repos.
Changes include:
- New PublicAppIntegration boolean field on Repository model
- Database migration v365 to add the field (defaults to true)
- Repository settings UI to toggle the feature
- Updated checkVaultTokenForRepo to respect the setting
- Security enhancement: IssueStatusJSONEndpoint now only returns app-submitted issues to anonymous users
Adds dedicated error page and warnings for vault encryption key problems including missing configuration, fallback key usage, and decryption failures. Displays context-specific messages to help users understand and fix key configuration issues. Includes detection of crypto errors in vault operations and graceful error handling throughout the UI.
Adds keyword search and tag filtering to repository blog list with GetRepoTopTags for popular tags display. Implements user-level package privacy setting (KeepPackagesPrivate) to hide packages from profile page. Updates blog UI with search box, tag cloud, and clear filters button. Adds subscription CTA buttons and active subscription indicators.
Implements comprehensive wishlist/feature request system for repositories. Includes categories with colors, voting system, importance ratings (1-5 stars), status tracking (open/planned/in-progress/completed/declined), threaded comments with reactions, and release linking. Adds v2 API endpoints for CRUD operations. Includes repository settings toggle, header tab, and full UI templates for list/view/create. Supports vote counts, importance averages, and comment reactions.
Adds SubscriptionOnly flag to blog posts to restrict full content access to active subscribers. Shows teaser/preview for non-subscribers with subscribe CTA. Integrates with repository subscription system when monetization is enabled. Updates v2 API structs and editor UI with subscription toggle. Admins and repo writers bypass the gate.
Adds blog series field to group related posts together. Implements v2 API endpoints for listing, creating, updating, and deleting blog posts with proper error codes. Adds series filtering to explore page and sitemap support with pagination. Includes BlogPostV2 structs with author/repo references, HTML URLs, and content rendering. Updates editor UI with series input field.
Implements threaded comment system with support for authenticated users and verified guests. Adds email verification flow for guest commenters with token-based sessions and 6-digit codes. Includes reaction system (like/love/laugh/etc) for posts and comments. Adds comment count to blog posts, user profile blog tab, and email notifications for comment verification. Implements nested reply support with parent-child relationships.
Adds ability to promote secrets from repository to organization scope, or from repository/organization to global scope. Includes conflict detection to prevent duplicate names at target scope, permission checks (org owner for repo→org, system admin for →global), and UI buttons with confirmation dialogs. Implements MoveSecret model method and PerformSecretsPromote handler.
Adds comprehensive blog post system for repositories with draft/public/published status, featured images, tags, and subscriptions. Includes database models, migrations, CRUD operations, email notifications, explore page, and full UI templates for creating, editing, and viewing blog posts.
Implement complete subscription monetization system for repositories with Stripe and PayPal integration. Includes:
- Database models and migrations for monetization settings, subscription products, and user subscriptions
- Payment provider abstraction layer with Stripe and PayPal implementations
- Admin UI for configuring payment providers and viewing subscriptions
- Repository settings UI for managing subscription products and tiers
- Subscription checkout flow and webhook handlers for payment events
- Access control to gate repository code behind active subscriptions
Adds new social card customization options including solid color backgrounds and custom background images with Unsplash integration. Introduces new database fields for storing color, background image URL, and Unsplash attribution. Adds media kit settings page for repository-level social card configuration.
Implement Open Graph social card image generation with customizable themes. Cards are dynamically rendered with repository name, description, owner avatar, and GitCaddy branding.
Features:
- Three built-in themes: dark (default), light, and colorful
- 1200x630px cards optimized for social media platforms
- Avatar fetching with caching and fallback to default
- Text wrapping and truncation for long descriptions
- Repository settings UI for theme selection
- Migration to add social_card_theme column
Technical implementation:
- Uses golang.org/x/image for rendering with Inter font family
- Singleton renderer pattern for font reuse
- Endpoint: /:owner/:repo/socialcard.png
- Integrates with Open Graph meta tags in head template
Add Inter font files (Regular and Bold) and GitCaddy logo asset.
Simplify model name from RepoHiddenFolder to HiddenFolder since the repo context is already clear. Update function signatures to use comma-separated bool parameters and fix test calls to include new hidden folder parameters. Replace strings.Split with strings.SplitSeq for better performance.
Introduce a cron task that rescues waiting jobs stuck due to version-sync issues by bumping the task version for affected scopes. Also bump version after each successful job pick to ensure runners re-poll for remaining waiting jobs. Configurable via STUCK_JOB_TIMEOUT (default: 5 minutes).
Add repository setting to hide files and folders starting with "." from non-admin users in the code browser. Admins can still see dotfiles displayed dimmed. Includes database migration, settings form, filtering logic for tree views and file listings, and locale strings.
Allow repository admins to hide specific folders from the code browser for non-admin users. Hidden folders are shown dimmed to admins but completely hidden from regular users. Includes database migration, settings UI, tree filtering logic, and frontend support for toggling visibility.
Introduces a new "limited" visibility level between public and private. Limited repos are publicly browseable but restrict clone, fork, and archive downloads to collaborators only. Adds database migration, UI controls in settings, enforcement in git HTTP and SSH handlers, and corresponding locale strings.
Enables updating secret descriptions without changing the value by making the data field optional during updates. Displays global secrets as read-only in org/user/repo secret pages for visibility. Adds validation to require data only when creating new secrets. Updates locale strings for the new functionality.
Implements system-wide global secrets (OwnerID=0, RepoID=0) that can only be managed by admins. Global secrets are available to all workflows with lowest precedence (repo > org > global). Adds admin UI routes and templates for managing global secrets. Updates secret model to support three-tier hierarchy and proper precedence ordering.
Changes permission check from write to read access for viewing private packages. Organization members with read permissions can now view private packages, not just those with write access.
Implements comprehensive package visibility settings with migration v337. Adds database models for package and version-level access control, updates web UI templates for settings/list/view pages, and includes locale strings for the new features. Also adds .gitsecrets-ignore file to track false positives from secret scanning.
Add is_global flag to packages allowing them to be accessible at root URLs without owner prefix. Include database migration, package settings UI, admin bulk operations, and automatic repository matching. This enables cleaner package URLs for organization-wide packages.
Replace manual page/pageSize data with proper Pager object in audit handler. Add CreatedUnix and UsedCount fields to Token service struct to support complete token metadata.
Displays a warning message to admins when vault master key is not configured. Adds ConfigurablePlugin interface for plugins to report configuration status, and implements IsConfigured() and GetConfigurationError() service methods. Warning appears on vault pages with instructions to add MASTER_KEY to app.ini.
- Replace fmt.Errorf with errors.New for static error messages
- Use modules/json instead of encoding/json (depguard)
- Add nolint:dupl for intentionally similar API handlers
- Explicitly ignore Session.Set return values (errcheck)
- Apply gofmt formatting
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add organization-level license management with new settings page and locale strings across all languages. Add AI feature detection helpers (IsAIEnabled, IsAICodeReviewEnabled, IsAIIssueTriageEnabled) to template functions. Add license scanning functionality to repository settings.
Integrate GitCaddy AI service with support for code review, issue triage, documentation generation, code explanation, and chat interface. Add AI client module with HTTP communication, configuration settings, API routes (web and REST), service layer, and UI templates for issue sidebar. Include comprehensive configuration options in app.example.ini for enabling/disabling features and service connection settings.
Adds a "Move to Vault" button to the file view toolbar that allows
developers to move sensitive files directly into encrypted Vault storage.
Features:
- Button appears next to Edit/Delete when Vault plugin is loaded
- Confirmation page shows file details and warnings
- File is encrypted and stored in Vault as type "file"
- File is then deleted from the repository with a commit
- 50MB file size limit for vault storage
Files added:
- routers/web/repo/vault_move.go - Handler for move-to-vault action
- templates/repo/editor/move_to_vault.tmpl - Confirmation page
Files modified:
- routers/web/repo/view_file.go - Added CanMoveToVault permission check
- templates/repo/view_file.tmpl - Added Move to Vault button
- routers/web/web.go - Registered /_move-to-vault/* route
- services/forms/repo_form_editor.go - Added MoveToVaultForm
- options/locale/locale_en-US.json - Added translation keys
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds optional group_header field to organizations for categorizing them on the explore page (e.g., "Enterprise", "Community", "Partners"). Includes database migration, organization settings form field, and grouped display template. Groups are sorted alphabetically with ungrouped organizations shown last. Users can toggle grouping view with show_groups parameter.
Adds a GroupHeader field to repositories allowing them to be grouped under custom headers on organization pages. Includes database migration v333, form handling, and grouped/ungrouped view toggle in the UI.
Go's semantic import versioning requires v2+ modules to include the
major version in the module path. This enables using proper version
tags (v3.x.x) instead of pseudo-versions.
Updated module path: code.gitcaddy.com/server/v3
