♻️ refactor: add the user creds modules & skill should auto inject the need creds#13124
Conversation
There was a problem hiding this comment.
Sorry @ONLY-yours, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@nekomeowww @arvinxx - This PR adds a user creds module with backend server router changes in the market area and new settings UI. Since the primary feature owner is the PR author, please review the backend API design and overall architecture. |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #13124 +/- ##
===========================================
- Coverage 84.35% 74.19% -10.17%
===========================================
Files 375 1535 +1160
Lines 24447 126325 +101878
Branches 4740 13917 +9177
===========================================
+ Hits 20623 93722 +73099
- Misses 3731 32492 +28761
- Partials 93 111 +18
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3f9e6abbf9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| message.info(t('creds.file.uploadNotImplemented')); | ||
| setFileName(file.name); | ||
| // Placeholder hash - in production this would come from the upload API | ||
| setFileHashId('placeholder-hash-id-' + Date.now()); |
There was a problem hiding this comment.
Block file credential creation without a real upload hash
This form stores a synthetic fileHashId (placeholder-hash-id-...) and then submits it to market.creds.createFile, but the backend validator in src/server/routers/lambda/market/creds.ts requires a 64-character hash. In practice, every file-credential create attempt will fail validation, so the file credential flow is currently unusable until this is replaced with a real upload-derived hash.
Useful? React with 👍 / 👎.
| const values = (result as any).values || {}; | ||
| const kvPairs = Object.entries(values).map(([key, value]) => ({ |
There was a problem hiding this comment.
Read decrypted KV fields from the correct response property
After calling market.creds.get({ decrypt: true }), the editor reads (result as any).values, but the credential type added in this commit (CredWithPlaintext) models decrypted KV content under plaintext. Because of this mismatch, existing KV secrets can load as empty and a subsequent save submits an empty values object, risking unintended credential value erasure when users only edit metadata.
Useful? React with 👍 / 👎.
|
❤️ Great PR @ONLY-yours ❤️ The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world. |
# 🚀 release: 20260326 This release includes **91 commits**. Key updates are below. - **Agent can now execute background tasks** — Agents can perform long-running operations without blocking your conversation. [#13289](#13289) - **Better error messages** — Redesigned error UI across chat and image generation with clearer explanations and recovery options. [#13302](#13302) - **Smoother topic switching** — No more full page reloads when switching topics while an agent is responding. [#13309](#13309) - **Faster image uploads** — Large images are now automatically compressed to 1920px before upload, reducing wait times. [#13224](#13224) - **Improved knowledge base** — Documents are now properly parsed before chunking, improving retrieval accuracy. [#13221](#13221) ### Bot Platform - **WeChat Bot support** — You can now connect LobeChat to WeChat, in addition to Discord. [#13191](#13191) - **Richer bot responses** — Bots now support custom markdown rendering and context injection. [#13294](#13294) - **New bot commands** — Added `/new` to start fresh conversations and `/stop` to halt generation. [#13194](#13194) - **Discord stability fixes** — Fixed thread creation issues and Redis connection drops. [#13228](#13228) [#13205](#13205) ### Models & Providers - **GLM-5** is now available in the LobeHub model list. [#13189](#13189) - **Coding Plan providers** — Added support for code planning assistant providers. [#13203](#13203) - **Tencent Hunyuan 3.0 ImageGen** — New image generation model from Tencent. [#13166](#13166) - **Gemini content handling** — Better handling when Gemini blocks content due to safety filters. [#13270](#13270) - **Claude token limits fixed** — Corrected max window tokens for Anthropic Claude models. [#13206](#13206) ### Skills & Tools - **Auto credential injection** — Skills can now automatically request and use required credentials. [#13124](#13124) - **Smarter tool permissions** — Built-in tools skip confirmation for safe paths like `/tmp`. [#13232](#13232) - **Model switcher improvements** — Quick access to provider settings and visual highlight for default model. [#13220](#13220) ### Memory - **Bulk delete memories** — You can now delete all memory entries at once. [#13161](#13161) - **Per-agent memory control** — Memory injection now respects individual agent settings. [#13265](#13265) ### Desktop App - **Gateway connection** — Desktop app can now connect to LobeHub Gateway for enhanced features. [#13234](#13234) - **Connection status indicator** — See gateway connection status in the titlebar. [#13260](#13260) - **Settings persistence** — Gateway toggle state now persists across app restarts. [#13300](#13300) ### CLI - **API key authentication** — CLI now supports API key auth for programmatic access. [#13190](#13190) - **Shell completion** — Tab completion for bash/zsh/fish shells. [#13164](#13164) - **Man pages** — Built-in manual pages for CLI commands. [#13200](#13200) ### Security - **XSS protection** — Sanitized search result image titles to prevent script injection. [#13303](#13303) - **Workflow hardening** — Fixed potential shell injection in release automation. [#13319](#13319) - **Dependency update** — Updated nodemailer to address security advisory. [#13326](#13326) ### Bug Fixes - Fixed skill page not redirecting correctly after import. [#13255](#13255) [#13261](#13261) - Fixed token counting in group chats. [#13247](#13247) - Fixed editor not resetting when switching to empty pages. [#13229](#13229) - Fixed manual tool toggle not working. [#13218](#13218) - Fixed Search1API response parsing. [#13207](#13207) [#13208](#13208) - Fixed mobile topic menus rendering issues. [#12477](#12477) - Fixed history count calculation for accurate context. [#13051](#13051) - Added missing Turkish translations. [#13196](#13196) ### Credits Huge thanks to these contributors: @bakiburakogun @hardy-one @Zhouguanyang @sxjeru @hezhijie0327 @arvinxx @cy948 @CanisMinor @Innei @lijian @lobehubbot @neko @rdmclin2 @rivertwilight @tjx666
…creds
💻 Change Type
🔗 Related Issue
🔀 Description of Change
🧪 How to Test
📸 Screenshots / Videos
📝 Additional Information