Commit Graph

7068 Commits

Author SHA1 Message Date
Rahulcheryala
b8d9efe5b6 DOCS for work continuation 2026-06-05 13:57:08 +05:30
Rahulcheryala
50cf8f8bbf refactor: migrate services (project-view) from apps/web to @plane/services 2026-06-04 18:52:20 +05:30
Rahulcheryala
754630fd16 refactor: migrate services (module) from apps/web to @plane/services 2026-06-04 18:36:40 +05:30
Rahulcheryala
c0c06599c9 refactor: migrate services (cycle) from apps/web to @plane/services 2026-06-04 18:05:24 +05:30
Rahulcheryala
9a6667e07c refactor: migrate services (instance) from apps/web to @plane/services 2026-06-04 17:50:14 +05:30
Rahulcheryala
7cdf150bdf refactor: migrate services (webhook) from apps/web to @plane/services 2026-06-04 17:42:23 +05:30
Rahulcheryala
bffa52c974 refactor: migrate services (dashboard) from apps/web to @plane/services 2026-06-04 17:38:01 +05:30
Rahulcheryala
f266e80556 refactor: migrate services (cycle-archive) from apps/web to @plane/services 2026-06-04 17:32:29 +05:30
Rahulcheryala
7f40365aae refactor: migrate services (ai) from apps/web to @plane/services 2026-06-04 17:27:13 +05:30
Rahulcheryala
30c0bca0b1 refactor: migrate services (file-upload) from apps/web to @plane/services 2026-06-04 17:21:15 +05:30
Rahulcheryala
1dd0ccd901 refactor: migrate services (auth) from apps/web to @plane/services 2026-06-04 17:15:06 +05:30
Rahulcheryala
ecaac0dcbc refactor: migrate services (integrations) from apps/web to @plane/services 2026-06-04 16:35:57 +05:30
Rahulcheryala
1c3880e977 refactor: migrate services (project-page, project-page-version) from apps/web to @plane/services 2026-06-04 16:17:31 +05:30
Rahulcheryala
c4abc24578 refactor: migrate services (inbox-issue, intake-work-item-version) from apps/web to @plane/services 2026-06-04 14:52:08 +05:30
Rahulcheryala
338a650935 refactor: migrate services (issue-attachment, issue-comment) from apps/web to @plane/services 2026-06-04 14:38:39 +05:30
Rahulcheryala
7f90ed2e83 refactor: migrate services (issue) from apps/web to @plane/services 2026-06-04 14:36:19 +05:30
Rahulcheryala
ea1eabac9e refactor: migrate services (work-item-version, workspace-draft) from apps/web to @plane/services 2026-06-04 14:11:48 +05:30
Rahulcheryala
384fef9f30 refactor: migrate services (issue-reaction, issue-relation) from apps/web to @plane/services 2026-06-04 13:56:53 +05:30
Rahulcheryala
7543413947 refactor: migrate services (issue-activity, issue-archive, issue-label) from apps/web to @plane/services 2026-06-04 13:37:32 +05:30
Rahulcheryala
b053e10961 refactor: migrate services (project) from apps/web to @plane/services 2026-06-04 13:26:10 +05:30
Rahulcheryala
cae8617f3e refactor: migrate services (project-publish, project-state) from apps/web to @plane/services 2026-06-04 13:23:14 +05:30
Rahulcheryala
42f582acae refactor: migrate services (project-export, project-archive, project-member) from apps/web to @plane/services 2026-06-04 13:17:25 +05:30
Rahulcheryala
8c88af8057 refactor: migrate services (index files) from apps/web to @plane/services 2026-06-04 13:06:27 +05:30
Rahulcheryala
378b49b27a refactor: migrate services (issue-filter) from apps/web to @plane/services 2026-06-04 13:06:07 +05:30
Rahulcheryala
033ea1262d refactor: migrate services (app-installation, app-config, module-archive) from apps/web to @plane/services 2026-06-04 13:01:46 +05:30
Rahulcheryala
813de842e9 refactor: migrate services (sticky) from apps/web to @plane/services 2026-06-04 12:49:17 +05:30
Rahulcheryala
0f0104fcac refactor: migrate services (timezone) from apps/web to @plane/services 2026-06-04 12:45:12 +05:30
Rahulcheryala
9ae465178c refactor: migrate services (estimate) from apps/web to @plane/services 2026-06-04 12:42:08 +05:30
Rahulcheryala
5cebdab9c8 refactor: migrate services (analytics) from apps/web to @plane/services 2026-06-04 12:37:32 +05:30
Rahulcheryala
0c9abc14ec refactor: migrate services (notification, favorite) from apps/web to @packages/services 2026-06-03 21:06:36 +05:30
Rahulcheryala
47606db169 resolved lint errors 2026-06-03 20:08:52 +05:30
Rahulcheryala
4f0f05fd0c refactor: migrate constants (plans) from apps/web to @core/components 2026-06-03 19:06:21 +05:30
Rahulcheryala
d7d016d350 refactor: migrate constants (editor) from apps/web to @plane/constants 2026-06-01 19:29:12 +05:30
Rahulcheryala
c024d37dd2 refactor: migrate constants (sidebar, favorites) from apps/web to @plane/constants 2026-06-01 19:29:12 +05:30
Rahulcheryala
1b9e67fd82 refactor: migrate constants (ai, calenda, gaant) from apps/web to @plane/constants 2026-06-01 19:29:12 +05:30
Rahulcheryala
f6286cc403 refactor: migrate constants (fetch-keys) from apps/web to @plane/constants 2026-06-01 19:29:12 +05:30
Rahulcheryala
5303ce2a2f refactor: migrate types from apps/web to @plane/types 2026-06-01 19:29:12 +05:30
sriram veeraghanta
b1c78fe4c8 fix(api): rate-limit magic-code verify, bound per-token attempts (GHSA-9pvm-fcf6-9234) (#9130)
* fix(api): rate-limit magic-code verification and bound per-token attempts

The magic-link sign-in / sign-up endpoints accept a 6-digit numeric code
(900k-value space, 600s TTL) but never increment a failure counter on a
wrong-code verify and extend django.views.View rather than DRF APIView,
so DRF's AuthenticationThrottle never runs against them. The space-side
generate endpoint also lacked throttle_classes. Combined, this allowed
an unauthenticated attacker who knew a victim's email to brute-force
the code within the TTL window and log in as the victim.

- Add MAX_VERIFY_ATTEMPTS=5 in MagicCodeProvider.set_user_data: failed
  comparisons now persist verify_attempts in Redis under the remaining
  TTL and, on hitting the limit, delete the key and raise
  EMAIL_CODE_ATTEMPT_EXHAUSTED. This is the load-bearing fix - it caps
  total attempts per issued token regardless of request rate.
- Add authentication_throttle_allows() so plain Django Views can apply
  AuthenticationThrottle without converting to APIView (would change
  CSRF + request-parsing semantics for the redirect-flow endpoints).
- Apply the throttle to MagicSignIn/UpEndpoint and the space variants;
  add throttle_classes to MagicGenerateSpaceEndpoint to match its app
  sibling.

Refs GHSA-9pvm-fcf6-9234.

* fix(api): make verify-attempt increment atomic, expose throttle rate via env

Address PR review feedback:

- Replace the JSON read-modify-write of verify_attempts with a Lua
  EVAL script that INCRs a dedicated counter key and EXPIREs it only
  on the first increment. The previous round-trip was racy: parallel
  wrong-code requests could read the same value and both write the
  same incremented count, letting an attacker exceed MAX_VERIFY_ATTEMPTS
  under concurrency. Counter is now reset on each new token issuance
  and cleared on successful verify / exhaustion.
- Make AuthenticationThrottle.rate configurable via the
  AUTHENTICATION_RATE_LIMIT env var (default 10/minute, down from 30
  to tighten the budget on unauth auth-adjacent endpoints). Document
  it in deployments/aio and deployments/cli variables.env.

* test(api): cover magic-code attempt cap, counter reset, and auth throttle

Add the contract tests called out in the PR test plan:

- TestMagicSignInVerifyAttempts:
  - test_exhausted_after_max_wrong_attempts: after MAX_VERIFY_ATTEMPTS
    wrong codes the next verify redirects with EMAIL_CODE_ATTEMPT_
    EXHAUSTED_SIGN_IN and both Redis keys are deleted; a follow-up
    verify reports EXPIRED.
  - test_counter_increments_on_each_wrong_attempt: the dedicated
    verify_attempts counter advances by exactly one per wrong POST,
    matching the atomic Lua INCR.
  - test_counter_resets_on_token_regeneration: regenerating the
    magic-link clears the counter so the user isn't pre-locked-out by
    a prior session's wrong attempts.
- TestMagicSignUpVerifyAttempts.test_signup_exhausted_after_max_wrong_attempts:
  the sign-up endpoint returns EMAIL_CODE_ATTEMPT_EXHAUSTED_SIGN_UP on
  the exhausting attempt.
- TestAuthenticationThrottle: exercises authentication_throttle_allows
  on the plain-View redirect-flow endpoints by patching the rate down
  and asserting RATE_LIMIT_EXCEEDED is appended to the redirect URL
  once the per-IP budget is exceeded, for both magic-sign-in and
  magic-sign-up.

Each new class clears Django cache (DRF throttle storage) and the
per-email Redis keys around every test so runs are independent.

* fix(api): clamp remaining_ttl to >=1 for verify-attempt counter EXPIRE

ri.ttl() returns 0 when the token has less than one second remaining
(Redis floors to whole seconds). The previous clamp only caught
None and < 0, so a sub-second TTL would pass through and the Lua
script's EXPIRE counter 0 would immediately delete the key — letting
an attacker bypass MAX_VERIFY_ATTEMPTS during the final second of the
token's life. Switch the comparison to <= 0.

Narrow real-world impact (sub-second window, throttle still bounds
the rate) but the cap should hold regardless of timing.
2026-06-01 18:44:57 +05:30
sriram veeraghanta
7ec8d4990f fix: bump npm deps to resolve Dependabot advisories (#9191)
* fix: bump npm deps to resolve Dependabot advisories

Resolve 8 open Dependabot alerts (all npm, in pnpm-lock.yaml) by bumping
the affected packages in pnpm-workspace.yaml and regenerating the lockfile:

- axios 1.15.2 -> 1.16.0 (catalog): CVE-2026-44494/44492/44490/44489
- tmp -> 0.2.6 (override): CVE-2026-44705 path traversal
- ws 8.x -> 8.20.1 (catalog + scoped override): CVE-2026-45736
- qs 6.14.2 -> 6.15.2 (override): CVE-2026-8723 DoS
- brace-expansion 5.0.5 -> 5.0.6 (override): CVE-2026-45149 DoS

brace-expansion and qs were pinned to their vulnerable versions in the
overrides block, so the pins had to be bumped directly. ws is scoped to
the 8.x major (ws@7.5.10 is below the vulnerable >=8.0.0 floor). All bumps
are semver-compatible patch/minor upgrades; no source changes required.

* fix: use named axios `create` import after 1.16.0 bump

axios 1.16.0 newly exposes `create` as a named export, so oxlint's
import/no-named-as-default-member rule now flags `axios.create(...)`.
That added one warning to @plane/services (7 > its --max-warnings=6
baseline) and to apps/web and apps/live, failing check:lint — surfaced
on this PR because the lockfile change busts Turbo's lint cache.

Switch the three `axios.create(...)` call sites to a named `{ create }`
import. `create` is a real value+type export in axios 1.16.0 (verified
via tsc). isCancel/CancelToken are left as `axios.*`: CancelToken is
only a type export (cannot be a value import under verbatimModuleSyntax)
and both were already counted within the existing baselines.

Verified locally: full `pnpm check:lint` (16/16) and `check:types`
(15/15) pass.
2026-06-01 18:37:35 +05:30
sriram veeraghanta
e388cb9125 fix: declare @tailwindcss/postcss in admin/space/web for Docker builds (#9189)
The web/admin/space Docker image builds fail at the Vite/PostCSS step with
"Cannot find module '@tailwindcss/postcss'". These apps load the shared
@plane/tailwind-config/postcss.config.js, which references the @tailwindcss/postcss
plugin by name, but the plugin was only declared as a dependency of
packages/tailwind-config.

The Docker build installs via turbo prune + 'pnpm fetch' + 'pnpm install --offline',
which lays out node_modules so PostCSS resolves the plugin relative to the app
directory (apps/<app>), where it is not reachable. A plain 'pnpm install' resolves
it from tailwind-config's context instead, which is why local builds passed and
masked the issue.

Declare @tailwindcss/postcss as a direct devDependency of the three apps that run
Vite/PostCSS so it is symlinked into each app's node_modules and resolves under the
isolated linker regardless of install flow.

Verified by reproducing the exact Docker flow (prune -> fetch -> --frozen-lockfile
offline install -> build) for admin, space and web: all install in sync and build
successfully with full Tailwind CSS output.
2026-06-01 16:44:16 +05:30
Rahul Cheryala
bd0d164e0b fix(GIT-235): add styles to onboarding tour close button for contrast (#9188) 2026-06-01 16:43:45 +05:30
sriram veeraghanta
011328c793 [GIT-213] fix: return HTTP response from dispatch() exception handler (#9179)
* fix(api): return HTTP response from dispatch() exception handler

BaseAPIView.dispatch() and BaseViewSet.dispatch() built the proper
error Response via handle_exception() but returned the raw exception
object instead, causing Django to raise
"TypeError: 'Exception' object is not a valid HTTP response".

Fix all six occurrences across the api, app, license and space view
bases, and add a regression test covering every affected base class.

Fixes #9157

* chore(api): add copyright header to tests/unit/views/__init__.py

The empty package init file was missing the AGPL copyright header,
failing the Copy Right Check CI (addlicense -check on all tracked
.py files).
2026-06-01 15:03:22 +05:30
sriram veeraghanta
3f57fefdb4 chore: move all dependencies into pnpm catalog (#9153)
Centralize every external dependency version in the pnpm catalog
(pnpm-workspace.yaml) and reference them via `catalog:` across all
apps and packages. Packages that previously used differing versions
were unified to the highest (notably @react-pdf/renderer ^3.4.5 ->
^4.3.0 in apps/web).
2026-05-31 15:56:12 +05:30
sriram veeraghanta
04622ce118 fix: harden webhook/link/OAuth-avatar SSRF (advisory clusters A/B/C/E) (#9163)
* fix(api): harden webhook & link-unfurl SSRF (advisory clusters A/B/C)

Resolves three overlapping SSRF advisory clusters around webhook delivery
and work-item link unfurling:

- Cluster A (private-IP validation + PATCH bypass): the webhook PATCH
  handler passed context={request: request} (the request object as the
  dict key) so the loopback/disallowed-domain guard silently no-op'd —
  now context={"request": request}. Hardened IP classification
  (is_blocked_ip) to also block multicast, unspecified, CGNAT
  (100.64.0.0/10), and IPv4 embedded in IPv6 transition addresses
  (IPv4-mapped, NAT64, 6to4, Teredo), robust across Python versions.

- Cluster B (DNS-rebinding TOCTOU): validators resolved DNS, then
  requests resolved it again at connect time. New pinned-IP client
  (plane/utils/url_security.py) resolves+validates once and connects to
  the validated IP literal so urllib3 performs no second lookup, while
  preserving Host header, TLS SNI and certificate verification against
  the real hostname.

- Cluster C (redirect SSRF): webhook delivery never follows redirects;
  the link crawler follows them manually, re-resolving + re-validating +
  re-pinning every hop.

Also: pin requests==2.33.0 in base.txt (imported directly; the pinning
adapter needs the >=2.32 get_connection_with_tls_context hook), and log
webhook URL-validation rejections to WebhookLog instead of swallowing
them.

Tests: new test_url_security.py (pinning, rebinding, redirect
re-validation, IP edge cases, TLS SNI) + updated link-task tests.
Full unit suite: 178 passed.

* fix(api): block OAuth avatar SSRF + add per-advisory SSRF regression tests

Verified every SSRF-class advisory against the current code. The webhook /
link / favicon reports — including the published CVE-2026-30242 and
CVE-2026-39843 and the newer "still bypassable" reports (DNS rebinding
GHSA-3856/-fgcv/-9292/-whh3/-4mjx/-6p39/-fv24/-8wvv, IP-classification gaps
GHSA-75fg, redirect GHSA-6v37/-jw6g/-mq87) — are resolved by the pinned-IP
client + hardened classifier in this branch.

The one SSRF family still unresolved was the OAuth avatar path:
download_and_upload_avatar() fetched the provider-supplied avatar_url with a
raw requests.get (no IP validation, default redirect following), so an
attacker-controlled avatar could reach internal addresses and be exfiltrated
via the static-asset endpoint (GHSA-cv9p-325g-wmv5, and the avatar hop of the
Gitea SSRF GHSA-hx79-5pj5-qh42). It now uses pinned_fetch_following_redirects,
which validates + pins every hop and blocks internal targets.

Adds test_ssrf_advisories.py: a per-advisory regression map covering webhook
IP validation, the PATCH context-key guard, webhook DNS rebinding, webhook
redirect, favicon redirect + rebinding, and OAuth avatar SSRF.

docker compose test: 199 unit tests pass.

* fix(api): address PR review feedback on the SSRF pinned client

- url_security: preserve URL-embedded credentials (user:pass@host) as Basic
  Auth instead of silently dropping them when rewriting to the IP literal
  (Copilot); bracket IPv6-literal hostnames in the Host header (Copilot);
  add stream=True support that keeps the session open until the response is
  closed, and release intermediate redirect hops.
- ip_address / work_item_link_task: treat UnicodeError (IDNA failures) from
  getaddrinfo as a resolution failure, not an uncaught exception (CodeRabbit).
- authentication/adapter/base: stream the avatar download so the size cap
  actually bounds memory, upload the size-bounded buffer (not response.content),
  and always close the response (CodeRabbit, major).
- tests: cover auth preservation, IPv6 Host bracketing, IDNA handling, and
  streamed session lifetime; drop an unused import.

docker compose test: 204 unit tests pass.
2026-05-31 00:12:23 +05:30
sriram veeraghanta
248f5d66e6 refactor(api): source API_KEY_RATE_LIMIT from settings, drop service token throttle (#9161)
- Define API_KEY_RATE_LIMIT in plane/settings/common.py and read it via
  django.conf.settings in ApiKeyRateThrottle instead of os.environ.
- Remove ServiceTokenRateThrottle and the service-token branch in
  BaseAPIView.get_throttles; all API key requests now go through
  ApiKeyRateThrottle.
2026-05-29 00:13:41 +05:30
KanteshMurade
f14451a5de fix(web): add Safari fallback for requestIdleCallback (#9137)
* fix(web): add Safari fallback for requestIdleCallback

* fix(web): use globalThis in idle-task fallbacks

Switch idle-task fallback paths from window.* to globalThis.* so the
fallback no longer crashes in environments where window is undefined.
Also thread IdleRequestOptions through requestIdleFallback so the
caller's timeout hint is honored when falling back.

Addresses CodeRabbit review feedback on #9137.

---------

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
2026-05-28 23:56:46 +05:30
Manish Gupta
095b1aa360 [WEB-7447] feat: migrate CE telemetry from OTLP traces to OTLP metrics (#9156)
* [WEB-7447] feat: migrate CE telemetry from OTLP traces to OTLP metrics

Replace span-based tracing (tracer.py) with OTLP observable gauges,
mirroring the approach already used in plane-ee. Key changes:

- Add otlp_endpoints.py — shared gRPC/HTTP endpoint helpers
- Add telemetry_metrics.py — push_instance_metrics task using
  MeterProvider + observable gauges (service name: plane-ce-api)
- User count excludes bots (is_bot=False)
- Page count excludes bot-owned private pages only
- Domain derived from WEB_URL env var
- Celery beat entry replaced with timedelta schedule +
  configurable METRICS_PUSH_INTERVAL_MINUTES (default 360 min)
- Add explicit opentelemetry-exporter-otlp-proto-grpc dep
- Delete tracer.py and telemetry.py (no longer needed)

Co-authored-by: Plane AI <noreply@plane.so>

* fix: address review comments on CE telemetry metrics

- harden grpc_endpoint_from_url for scheme-less OTLP_ENDPOINT values
  (e.g. "telemetry.plane.so:4317") by prepending "//" before urlparse
- fix WEB_URL domain extraction for scheme-less values with same approach
- replace N+1 workspace count queries (6×N) with 6 batched annotate(Count)
  aggregation queries — reduces DB load significantly at WORKSPACE_METRICS_LIMIT
- add deterministic ordering (order_by created_at) to workspace slice
- harden METRICS_PUSH_INTERVAL_MINUTES env parsing with try/except guard
  and positive-value validation to avoid crash on malformed input

Co-authored-by: Plane AI <noreply@plane.so>

* fix: cap METRICS_PUSH_INTERVAL_MINUTES to prevent timedelta overflow

Add upper-bound check (10_000_000 minutes) and catch OverflowError alongside
ValueError so an arbitrarily large env value cannot crash worker startup via
timedelta(minutes=...) OverflowError.

Co-authored-by: Plane AI <noreply@plane.so>

---------

Co-authored-by: Plane AI <noreply@plane.so>
2026-05-28 18:34:27 +05:30
sriram veeraghanta
0acb32e65e chore: bump turbo to 2.9.14, migrate pnpm config to workspace yaml (#9147)
* chore: bump turbo to 2.9.14, migrate pnpm config to workspace yaml

- Bump turbo from 2.9.4 to 2.9.14 in root package.json and the
  four production Dockerfiles (web, live, admin, space).
- Move pnpm.overrides, onlyBuiltDependencies, and
  ignoredBuiltDependencies from package.json into pnpm-workspace.yaml.
  pnpm v10+ no longer reads the pnpm field in package.json, so the
  full overrides block and most of onlyBuiltDependencies were being
  silently ignored.
- Add @plane/utils as a workspace dependency to the live server.

* chore: drop unused allowBuilds block, bump lodash-es to 4.18.1

- Remove the `allowBuilds` block from pnpm-workspace.yaml. It is not
  a recognized pnpm v10/v11 key and its values were inconsistent with
  the actual `onlyBuiltDependencies` / `ignoredBuiltDependencies`
  configuration.
- Bump `lodash-es` catalog entry from 4.18.0 to 4.18.1. With overrides
  now applied workspace-wide, 4.18.0 (marked deprecated as a "bad
  release") was being enforced everywhere.

* fix: use pnpm v11 allowBuilds in place of removed legacy keys

`onlyBuiltDependencies` and `ignoredBuiltDependencies` were removed
in pnpm v11. They were being silently ignored on this branch, which
caused `ERR_PNPM_IGNORED_BUILDS` to fail CI under `--frozen-lockfile`.

Replace them with the v11-native `allowBuilds:` block, mapping the
previous allowlist to `true` and the previous denylist (sharp) to
`false`. Locally verified that the build scripts for @parcel/watcher,
@swc/core, esbuild, and msgpackr-extract now run on install.
2026-05-27 16:06:15 +05:30
sriram veeraghanta
edf2475413 refactor: logging with retention + API token hardening (#9148)
* fix: harden API token handling against rate-limit tampering and plaintext logging

- Make `allowed_rate_limit` read-only on APITokenSerializer so users can no
  longer raise their own API token rate limit via PATCH (GHSA-xfgr-2x3f-g2cf).
- Stop persisting API keys in plaintext in APITokenLogMiddleware: store a
  SHA-256 hash as the token identifier and redact sensitive request headers
  (X-Api-Key, Authorization, Cookie) before logging (GHSA-r5p8-cj3q-38cc).

* refactor: remove MongoDB log sink and add per-log-type retention

Logs are now written to and cleared from PostgreSQL only; MongoDB is no
longer used as a log sink or archive.

- Drop the MongoDB write/archival paths from the API request logger, the
  webhook log writer, and the cleanup tasks; Postgres is the sole sink.
- Cleanup tasks now hard-delete expired rows in batches via `all_objects`
  (rows are removed immediately, not soft-deleted).
- Add env-backed, per-log-type retention settings: API activity logs
  (API_ACTIVITY_LOG_RETENTION_DAYS, default 14), webhook logs
  (WEBHOOK_LOG_RETENTION_DAYS, default 14), email logs
  (EMAIL_LOG_RETENTION_DAYS, default 7). HARD_DELETE_AFTER_DAYS no longer
  drives any log cleanup.
- Delete settings/mongo.py, remove MONGO_DB_* settings and the plane.mongo
  loggers, and drop the pymongo dependency.

* chore: gitignore local advisories.md notes file

* fix: use keyed HMAC-SHA256 for API token log identifier

Address CodeQL "weak hashing of sensitive data" by hashing the API key with
a SECRET_KEY-keyed HMAC instead of a bare SHA-256. The identifier is a
non-reversible tokenization of a high-entropy key (not password storage);
keying it also prevents precomputing the digest from a known key value.

* chore: address review feedback on log cleanup and request logging

- process_logs accepts extra kwargs so jobs enqueued by an older release
  (with a mongo_log arg) don't fail during a rolling deploy.
- Log-cleanup batch delete failures are logged and skipped rather than
  aborting the run, so a single bad batch can't block the rest.
- Extend logger middleware test to assert Authorization and Cookie headers
  are redacted; add a test that a failing cleanup batch is swallowed.

* fix: fall back to default when a log retention env value is invalid

Negative (or unparseable) retention values would compute a future cutoff and
delete every log row. The retention settings now fall back to their defaults
in that case via a shared `_retention_days` helper.
2026-05-27 16:00:05 +05:30
sriram veeraghanta
310d2eda21 chore: restructure .claude/skills into per-skill directories (#9146)
- Replace flat pr-description.md / release-notes.md with per-skill folders
- Add new branch-name and translate skills
- Update release-notes skill to match the GitHub Releases format (v1.2.0)
2026-05-26 22:25:56 +05:30