Implement critical production readiness features for AI integration: per-request provider config, admin dashboard, workflow inspection, and plugin framework foundation.
Per-Request Provider Config:
- Add ProviderConfig struct to all AI request types
- Update queue to resolve provider/model/API key from cascade (repo > org > system)
- Pass resolved config to AI sidecar on every request
- Fixes multi-tenant issue where all orgs shared sidecar's hardcoded config
Admin AI Dashboard:
- Add /admin/ai page with sidecar health status
- Display global operation stats (total, 24h, success/fail/escalated counts)
- Show operations by tier, top 5 repos, token usage
- Recent operations table with repo, operation, status, duration
- Add GetGlobalOperationStats model method
Workflow Inspection:
- Add InspectWorkflow client method and types
- Implement workflow-inspect queue handler
- Add notifier trigger on workflow file push
- Analyzes YAML for syntax errors, security issues, best practices
- Returns structured issues with line numbers and suggested fixes
Plugin Framework (Phase 5 Foundation):
- Add external plugin config loading from app.ini
- Define ExternalPlugin interface and manager
- Add plugin.proto contract (Initialize, Shutdown, HealthCheck, OnEvent, HandleHTTP)
- Implement health monitoring with auto-restart for managed plugins
- Add event routing to subscribed plugins
- HTTP proxy support for plugin-served routes
This completes Tasks 1-4 from the production readiness plan and establishes the foundation for managed plugin lifecycle.
Significantly expand the AI features section of the README with comprehensive configuration and usage documentation.
New content includes:
- Detailed explanation of Tier 1 (light operations) vs Tier 2 (agent mode)
- Complete app.ini configuration reference with all AI settings
- Step-by-step setup guide (system → org → repo → runner)
- Configuration cascade explanation (repo > org > system)
- Built-in safety features (bot user, loop prevention, rate limits, escalation)
- Automatic operation triggers table
- Manual API trigger examples
- Operation history and audit log access
- Escalation workflow documentation
- V2 API configuration section
This provides users with everything needed to deploy and configure the AI features, from initial setup through advanced agent mode configuration.
Refactor AI service layer to reduce code duplication and improve consistency.
Changes:
- Rename AIOperationRequest to OperationRequest for consistency
- Extract shared logic for issue-targeted operations (respond, triage) into triggerIssueAIOp helper
- Standardize field alignment in struct definitions
- Remove redundant error handling patterns
This reduces the API operations file by ~40 lines while maintaining identical functionality.
Add comprehensive web UI for configuring AI features at repository and organization levels, completing the activation workflow for AI operations.
Repository AI Settings (repo/settings/ai):
- Enable/disable AI unit for the repository
- Toggle Tier 1 operations (auto-respond, auto-review, auto-triage, workflow inspection)
- Configure Tier 2 agent mode with trigger labels and runtime limits
- Set escalation rules (label, team assignment)
- Override provider/model preferences
- Add custom instructions for different operation types
Organization AI Settings (org/settings/ai):
- Configure org-level AI provider and model
- Set encrypted API key (with masked display)
- Define rate limits (max operations per hour)
- Whitelist allowed operations
- Enable/disable agent mode for org repositories
Both interfaces include proper permission checks, form validation, and cascade resolution display (showing inherited vs. overridden values). Adds navigation entries to settings sidebars and full i18n support.
Add comprehensive API v2 endpoints for managing AI operations and repository-level AI settings.
AI Operations endpoints:
- GET /repos/{owner}/{repo}/ai/operations - List AI operation logs
- GET /repos/{owner}/{repo}/ai/operations/{id} - Get specific operation details
- POST /repos/{owner}/{repo}/ai/operations/trigger - Manually trigger AI operations
- GET /repos/{owner}/{repo}/ai/stats - Get AI usage statistics
AI Settings endpoints:
- GET /repos/{owner}/{repo}/ai/settings - Get repository AI configuration
- PATCH /repos/{owner}/{repo}/ai/settings - Update AI settings (admin only)
Settings include Tier 1 operations (auto-respond, auto-review), Tier 2 agent mode, escalation rules, provider/model preferences, and custom instructions. All endpoints validate AI unit enablement and permissions.
Implement core AI service infrastructure including agent operations, escalation handling, and asynchronous queue processing.
New services:
- Agent service: Handles Tier 2 AI operations with action runner integration
- Queue service: Asynchronous processing of AI operations with retry logic
- Escalation service: Routes complex issues to staff with configurable rules
- Notifier service: Sends notifications for AI operation results
Additional changes:
- Add GitCaddy AI system user (ID: -3) for bot operations
- Add AIConfig to repository units
- Add AI-specific error codes (rate limiting, service errors, etc.)
- Extend AI client with GenerateIssueResponse method
- Add AISettingsV2 struct for repository-level AI configuration
The queue system enables non-blocking AI operations with proper error handling and rate limiting.
Add database models and infrastructure for AI operation tracking and organization-level AI configuration.
OperationLog model tracks all AI operations for auditing, including:
- Operation type, tier, and trigger event
- Token usage (input/output)
- Status tracking (pending, success, failed, escalated)
- Performance metrics (duration)
- Rate limiting support via CountRecentOperations
OrgAISettings model stores per-organization AI configuration:
- Provider and model selection
- Encrypted API key storage
- Rate limits (max operations per hour)
- Allowed operations whitelist
- Agent mode permissions
Also adds AI unit type to repository units for enabling/disabling AI features per repo.
Add repository setting to control anonymous access to app integration endpoints (issue submission, update checks). When enabled (default), the desktop app can access these endpoints without authentication. When disabled, vault token authentication is required.
This provides granular control over app integration access, allowing repository owners to enforce full authentication on sensitive repositories while maintaining ease of use for public/limited repos.
Changes include:
- New PublicAppIntegration boolean field on Repository model
- Database migration v365 to add the field (defaults to true)
- Repository settings UI to toggle the feature
- Updated checkVaultTokenForRepo to respect the setting
- Security enhancement: IssueStatusJSONEndpoint now only returns app-submitted issues to anonymous users
Adds bulk delete functionality to admin packages page, allowing deletion of multiple packages and all their versions at once. Includes confirmation dialog, success/warning flash messages showing count of deleted packages and versions, and proper error handling. Adds new locale strings for delete action, confirmation prompt, and result messages.
Add ability to bulk set packages as private or public in both admin and repository package views. Includes new bulk action buttons, visibility grouping in repository view, and corresponding backend handlers for processing visibility changes. Admin can manage all packages while repository owners can manage their own packages.
Replace link-action class with proper async methods (rerunJob and rerunAll) for handling job and workflow reruns in RepoActionView. This provides better control over the rerun flow and ensures proper page reload after the POST request completes.
Adds view_count field to blog_post table with database migration. Implements atomic increment on post views in both standalone and repo blog routes. Displays view count with eye icon in post templates.
Adds dedicated error page and warnings for vault encryption key problems including missing configuration, fallback key usage, and decryption failures. Displays context-specific messages to help users understand and fix key configuration issues. Includes detection of crypto errors in vault operations and graceful error handling throughout the UI.
Improve GetExploreTopTags performance by limiting the tag aggregation scan to the 500 most recent published posts instead of scanning all posts. This reduces database load while still providing relevant trending tags.
Simplify blog header to show owner/repo format without redundant "Blog" label. Add fallback to CreatedUnix when PublishedUnix is not available for featured posts.
Add HasSubscriptionOnlyBlogPosts function to check if a repository has premium blog content. Update subscribe page to display different messaging when paid blogs are available. Redesign featured blog section with centered layout, larger images, and improved hover effects.
Adds locale strings for subscription plan types (monthly/yearly/lifetime), pricing display, payment buttons, and success/empty states. Updates subscribe page title to include repository name for better context.
Adds keyword search and tag filtering to repository blog list with GetRepoTopTags for popular tags display. Implements user-level package privacy setting (KeepPackagesPrivate) to hide packages from profile page. Updates blog UI with search box, tag cloud, and clear filters button. Adds subscription CTA buttons and active subscription indicators.
Implements comprehensive wishlist/feature request system for repositories. Includes categories with colors, voting system, importance ratings (1-5 stars), status tracking (open/planned/in-progress/completed/declined), threaded comments with reactions, and release linking. Adds v2 API endpoints for CRUD operations. Includes repository settings toggle, header tab, and full UI templates for list/view/create. Supports vote counts, importance averages, and comment reactions.
Adds SubscriptionOnly flag to blog posts to restrict full content access to active subscribers. Shows teaser/preview for non-subscribers with subscribe CTA. Integrates with repository subscription system when monetization is enabled. Updates v2 API structs and editor UI with subscription toggle. Admins and repo writers bypass the gate.
Adds blog series field to group related posts together. Implements v2 API endpoints for listing, creating, updating, and deleting blog posts with proper error codes. Adds series filtering to explore page and sitemap support with pagination. Includes BlogPostV2 structs with author/repo references, HTML URLs, and content rendering. Updates editor UI with series input field.
Shows existing comments as read-only when commenting is disabled on a post. Fixes attachment access control for blog featured images by checking repo-level read permissions when attachment isn't linked to issue/release. Updates README with detailed SMTP configuration examples and provider table. Fixes explore page navigation when blogs are in top nav.
Displays organization-level secrets in repository settings as read-only when the repo belongs to an organization. Helps users understand which secrets are inherited from the org scope without allowing modification. Adds separate section with org icon and read-only badge.
Implements thumbs up/down reactions for blog comments with toggle functionality. Adds batch loading of reaction counts and user reactions for performance. Updates standalone view and repo blog view to display comment reactions. Improves explore blogs UI with better card layout and navigation. Includes guest IP tracking for anonymous reactions.
Adds standalone blog post view at /blog/:id with full content rendering, comments, reactions, and OpenGraph metadata. Implements optional "Blogs" link in site header navigation (configurable in admin settings). Enforces repository access permissions on standalone view. Loads repo owners for avatar fallback on explore page. Includes SEO-friendly URLs and social media sharing support.
Implements search by keyword (title/subtitle), tag filtering, and sort by newest/popular on explore blogs page. Adds GetExploreTopTags to show popular tags with usage counts. Enforces repository access permissions using AccessibleRepositoryCondition. Fixes secret lookup to skip scope conditions when querying by ID. Updates UI with tag cloud, search box, and sort dropdown.
Implements threaded comment system with support for authenticated users and verified guests. Adds email verification flow for guest commenters with token-based sessions and 6-digit codes. Includes reaction system (like/love/laugh/etc) for posts and comments. Adds comment count to blog posts, user profile blog tab, and email notifications for comment verification. Implements nested reply support with parent-child relationships.
Adds ability to promote secrets from repository to organization scope, or from repository/organization to global scope. Includes conflict detection to prevent duplicate names at target scope, permission checks (org owner for repo→org, system admin for →global), and UI buttons with confirmation dialogs. Implements MoveSecret model method and PerformSecretsPromote handler.
Adds direct file upload for blog featured images with attachment handling. Implements Unsplash API integration for searching and selecting stock photos as featured images. Updates editor UI with image upload button, Unsplash search modal, tag management, and preview mode. Adds drag-and-drop and paste support for inline images in the editor.
Changes blog tab visibility check from generic IsWriter to specific CanWrite permission for code unit. Adds help text to blog and subscription settings explaining behavior and access requirements.
Adds comprehensive blog post system for repositories with draft/public/published status, featured images, tags, and subscriptions. Includes database models, migrations, CRUD operations, email notifications, explore page, and full UI templates for creating, editing, and viewing blog posts.
- Add exploreAnonymousGuard middleware to redirect anonymous users when Explore is hidden
- Move enforcement from template to route level for better security
- Prevent direct URL access to /explore routes when feature is disabled
- Keep Explore button visible in navbar but make routes inaccessible
This prevents users from bypassing the UI restriction by directly accessing /explore URLs.
- Add theme.hide_explore_button configuration option
- Add admin UI toggle in Site Administration > Configuration > Theme
- Conditionally hide Explore button from header navigation when enabled
- Separate from hide_explore_users (which only hides the Users tab)
- Useful for private instances that don't want to expose the Explore feature
Implement complete subscription monetization system for repositories with Stripe and PayPal integration. Includes:
- Database models and migrations for monetization settings, subscription products, and user subscriptions
- Payment provider abstraction layer with Stripe and PayPal implementations
- Admin UI for configuring payment providers and viewing subscriptions
- Repository settings UI for managing subscription products and tiers
- Subscription checkout flow and webhook handlers for payment events
- Access control to gate repository code behind active subscriptions
Moves Unsplash photo attribution from centered below repo name to lower-left corner of the image area. Adds text shadow for better readability over photos.
Changes the cross-promotion UI from manual owner/name text input to a searchable dropdown grouped by owner. Improves UX by showing available repositories and preventing invalid entries. Refactors validation logic to use repo ID instead of parsing owner/name strings.
Add ability for repository owners to cross-promote up to 6 related repositories in the sidebar. Create repo_cross_promote table with migration v344 to store source-target relationships with display order. Add settings UI for managing promoted repos with drag-and-drop reordering. Display promoted repos in home sidebar with repository cards. Include locale strings and routing for cross-promotion management.
