feat: Add AgilePlus Agent and Worktrees modules with CRUD API and UI#1
Merged
KooshaPari merged 230 commits intomasterfrom Mar 29, 2026
Merged
feat: Add AgilePlus Agent and Worktrees modules with CRUD API and UI#1KooshaPari merged 230 commits intomasterfrom
KooshaPari merged 230 commits intomasterfrom
Conversation
…own management (makeplane#8202) * feat: enhance CustomSelect component with context for dropdown management * refactor: streamline CustomSelect component structure and improve dropdown options rendering
…akeplane#8266) * feat: enhance workspace settings layout and members page with new components * refactor: update workspace settings layout and members page to use default exports * refactor: settings layout import changes * refactor: simplify workspaceSlug usage in settings layout
…upport (makeplane#8251) * chore: add static files collection and update settings for static files support * chore: add WhiteNoise middleware for static file handling * chore(deps): upgrade WhiteNoise to version 6.11.0 and add static file reverse proxy in Caddyfile
* chore: quick actions refactor * chore: lint fix * chore: unified factory for actions * chore: lint fix * * chore: removed redundant files * chore: updated imports * chore: updated interfaces to types * chore: updated undefined handling
…akeplane#8232) * feat: add placeholderOnEmpty functionality to editor components * Update packages/editor/src/core/extensions/placeholder.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: rename placeholderOnEmpty to showPlaceholderOnEmpty across editor components * chore : make optional --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…#8229) * feat: enhance clipboard functionality for markdown and HTML content * fix: improve error handling and state management in CustomImageNodeView component * fix: correct asset retrieval query by removing workspace filter in DuplicateAssetEndpoint * fix: update meta tag creation in PasteAssetPlugin for clipboard HTML content * feat: implement copyMarkdownToClipboard utility for enhanced clipboard functionality * refactor: replace copyMarkdownToClipboard utility with copyTextToClipboard for simplified clipboard operations * refactor: streamline clipboard operations by replacing copyTextToClipboard with copyMarkdownToClipboard in editor components * refactor: simplify PasteAssetPlugin by removing unnecessary meta tag handling and streamlining HTML processing * feat: implement asset duplication processing on paste for enhanced clipboard functionality * chore:remove async from copy markdown method * chore: add paste html * remove:prevent default * refactor: remove hasChanges from processAssetDuplication return type for simplified asset processing * fix: format options-dropdown.tsx
* feat: add timezone selection to workspace onboarding, creation and settings * refactor: remove timezone selection from workspace creation and onboarding forms
… on save (makeplane#8270) - Added an override for the save method in ChangeTrackerMixin to store changed fields before resetting tracking. - Implemented a new method, _reset_tracked_fields, to ensure subsequent saves detect changes relative to the last saved state. - Updated IssueComment to utilize _changes_on_save for determining changed fields, improving accuracy in tracking modifications.
* chore: timeline chart refactor * fix: format
…ongoDB (makeplane#8241) * feat: enhance APITokenLogMiddleware to support logging to MongoDB - Added functionality to log external API requests to MongoDB, with a fallback to PostgreSQL if MongoDB is unavailable. - Implemented error handling for MongoDB connection and logging operations. - Introduced additional fields for MongoDB logs, including timestamps and user identifiers. - Refactored request logging logic to streamline the process and improve maintainability. * fix: improve MongoDB availability checks in APITokenLogMiddleware - Enhanced the logic for determining MongoDB availability by checking if the collection is not None. - Added a check for MongoDB configuration before attempting to retrieve the collection. - Updated error handling to ensure the middleware correctly reflects the state of MongoDB connectivity. * feat: implement logging functionality in logger_task for API activity - Added a new logger_task module to handle logging of API activity to MongoDB and PostgreSQL. - Introduced functions for safely decoding request/response bodies and processing logs based on MongoDB availability. - Refactored APITokenLogMiddleware to utilize the new logging functions, improving code organization and maintainability. * refactor: simplify MongoDB logging in logger_task and middleware - Removed direct dependency on MongoDB collection in log_to_mongo function, now retrieving it internally. - Updated process_logs to check MongoDB configuration before logging, enhancing error handling. - Cleaned up logger.py by removing unused imports related to MongoDB. * feat: add Celery task decorator to process_logs function in logger_task - Introduced the @shared_task decorator to the process_logs function, enabling asynchronous processing of log data. - Updated function signature to include a return type of None for clarity.
…#8288) * chore: Hide "Pro" Features in Community Edition * refactor: remove time tracking feature and simplify project features list
…ync and indexed db access (makeplane#8294) * fix: robust way to handle socket connection and read from indexeddb cache when reqd * fix: realtime sync working with failure handling * fix: title editor added * merge preview into fix/realtime-sync * check * page renderer props * lint errors * lint errors * lint errors * sanitize html * sanitize html * format fix * fix lint
…n rapid succession (makeplane#8298) - Replace advisory lock with transaction-level lock in Issue model save method - Updated the save method in the Issue model to use a transaction-level advisory lock for better concurrency control. - Simplified the locking mechanism by removing the explicit unlock step, as the lock is automatically released at the end of the transaction. - Maintained existing functionality for sequence and sort order management while improving code clarity.
* chore: upate function declarations * chore: formatted files
Co-authored-by: Pushya Mitra Thiruvooru <pushya@Pushyas-MacBook-Pro.local>
* Update README to remove Discord and add Forum link Removed Discord badge and replaced Releases link with Forum link. * Fix forum link in README.md
* fix: add scroll in heading layout * chore: remove visible scroll bar * fix :format * chore: fix outline scroll * chore: fix format * chore: fix translation --------- Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com>
* fix: replace eslint with oxlint * chore: adding max warning * fix: formatting
…8675) * fix: package updates * fix: package upgrades * fix: minimatch package vulnerabilities * fix: ajv package vulnerabilities * fix: lint * fix: format
* add project summary endpoint * update response structure
* chore: updated the logic for page version task * chore: updated the html variable * chore: handled the exception * chore: changed the function name * chore: added a custom variable
…nd info message (makeplane#7998) * feat: enhance authentication logging with detailed error and info messages - Added logging for various authentication events in the Adapter and its subclasses, including email validation, user existence checks, and password strength validation. - Implemented error handling for GitHub OAuth email retrieval, ensuring proper logging of unexpected responses and missing primary emails. - Updated logging configuration in local and production settings to include a dedicated logger for authentication events. * chore: address copilot comments * chore: addressed some additional comments * chore: update log * fix: lint
…akeplane#8657) * chore: replace Discord references with Forum links * chore: migrate help and community CTAs from Discord to Forum * refactor: replace Discord icons with lucide MessageSquare * chore: rename Discord labels and keys to Forum * chore: remove obsolete Discord icon component * chore: update Discord references to Forum in templates * chore: code refactoring
After makeplane#8677 replaced ESLint with OxLint, the react-in-jsx-scope rule was not disabled. This causes all commits touching JSX files to fail the pre-commit hook (oxlint --deny-warnings). React 17+ uses automatic JSX runtime so explicit React imports are not required. Fixes makeplane#8681
* chore: change the space folders structure * fix: format
…akeplane#8718) * chore: add self-hosted social icon assets for email templates * chore: pass current_site to project invitation email context * chore: replace mailinblue CDN icons with self-hosted static assets
|
Important Review skippedToo many files! This PR contains 298 files, which is 148 over the limit of 150. ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (298)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request migrates the admin application from Next.js to React Router, updates the UI to a new design system, and introduces AI Agent management features. On the backend, it enhances project summaries, renames user property models, and adds event tracking for workspace activities. Review feedback identifies a high-severity security vulnerability in the asset duplication logic where a missing workspace filter could allow unauthorized data access. Additionally, it is recommended to implement a Content Security Policy (CSP) in the Nginx configuration to replace deprecated security headers.
| original_asset = FileAsset.objects.filter( | ||
| workspace=workspace, id=asset_id, is_uploaded=True | ||
| ).first() | ||
| original_asset = FileAsset.objects.filter(id=asset_id, is_uploaded=True).first() |
There was a problem hiding this comment.
There seems to be a potential security vulnerability here. The filter for workspace has been removed when querying for the original_asset. This could allow a user who is a member of the current workspace to duplicate an asset from another workspace if they know the asset's ID, potentially leading to unauthorized data access.
I recommend re-adding the workspace filter to ensure assets can only be duplicated within the same workspace.
Suggested change
| original_asset = FileAsset.objects.filter(id=asset_id, is_uploaded=True).first() | |
| original_asset = FileAsset.objects.filter(workspace=workspace, id=asset_id, is_uploaded=True).first() |
Comment on lines
+24
to
+27
| add_header X-Frame-Options "DENY" always; | ||
| add_header X-Content-Type-Options "nosniff" always; | ||
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| add_header X-XSS-Protection "1; mode=block" always; |
There was a problem hiding this comment.
While adding these security headers is a good step, the X-XSS-Protection header is deprecated in modern browsers. For more robust protection against Cross-Site Scripting (XSS) and other injection attacks, I recommend implementing a Content-Security-Policy (CSP) header.
A strict CSP can significantly enhance security by controlling which resources the browser is allowed to load.
Example of a basic CSP:
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self';";
You would need to adjust the policy based on your application's specific needs (e.g., allowing scripts from a CDN).
KooshaPari
changed the title
- Add Agent CRUD API and frontend - Add Worktrees page with CRUD - Add extended routes for /agents and /worktrees - Add custom sidebar navigation
KooshaPari
force-pushed
the
feat/agileplus-agents
branch
from
2211d1c to
51c09a7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds the AgilePlus Agent and Worktrees modules to Plane.
Changes
Backend (Django)
Frontend (React)
Features
API Endpoints
Testing
Navigate to: