chore(deps): update aiohttp requirement from >=3.13.3 to >=3.13.5#42
Merged
Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Collaborator
|
Re-triggering after GOVIND_GITHUB_TOKEN was added to the Dependabot secrets namespace on cueapi-core. The auto-merge job in feature-to-main.yml has been failing since 2026-05-04 because Dep-triggered runs only see the Dependabot-namespace secrets, not Actions-namespace. Now fixed; close+reopen forces the workflow to re-run with the new secret in scope. (Automated by cue-pm-pr-watcher per Mike's directive.) |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
mikemolinet
approved these changes
May 6, 2026
Collaborator
mikemolinet
left a comment
mikemolinet
left a comment
There was a problem hiding this comment.
Auto-approving Dependabot batch — CI checks (test + sdk-integration) are the binding gate; this satisfies branch-protection's review requirement so native auto-merge can complete the cycle. (Approval by cue-pm-pr-watcher under Mike's directive 2026-05-06.)
Collaborator
|
@dependabot recreate |
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/pip/aiohttp-gte-3.13.5
branch
from
92c701c to
5f27d0c
Compare
5 tasks
mikemolinet
added a commit
that referenced
this pull request
May 21, 2026
…uid (parity port of private cueapi PR #921) (#98) OSS port of private cueapi PR #921 (Jingim Q1 fix). Replaces the full `unique_user_agent_slug` UNIQUE constraint with a partial UNIQUE INDEX scoped to `deleted_at IS NULL`, enabling re-create of previously-soft- deleted slugs. Adds `existing_uuid` to the 409 `slug_taken` envelope for caller ergonomics. ## Why Jingim (Dock cross-org agent) hit this empirically 2026-05-20: cue.dock.svc vendors public cueapi-core; soft-deleting an agent on cueapi side left the slug locked. POST /v1/agents returned 409 slug_taken; GET /v1/agents/{slug} returned 404 (default include_deleted=false). Net: no clean way to recreate a previously- soft-deleted slug. Mike Q1 strategic call (private cueapi msg_bmu35t9aeql7 2026-05-20): ship option (a) partial-index + fold option (b) existing_uuid envelope. Private PR #921 merged + G14 5/5 PASS on api.cueapi.ai @ commit 454aac3. This PR ports to public cueapi-core for OSS / Dock / self-hosted consumption. ## What this PR ships (verbatim port from private PR #921) ### Migration 036 — partial UNIQUE INDEX Drops `unique_user_agent_slug` UNIQUE constraint. Recreates as a partial UNIQUE INDEX of the same name with `WHERE deleted_at IS NULL`. Uniqueness scoped to active rows only; soft-deleted rows can keep their original slug without blocking recreate. Index name preserved so the existing IntegrityError-error-text match at `app/services/agent_service.py` (`if "unique_user_agent_slug" in str(e.orig)`) continues to work without code change. Fail-fast downgrade safety rail: refuses downgrade if any (user_id, slug) pair has duplicates across active + soft-deleted rows. ### app/models/agent.py — Index instead of UniqueConstraint Replaces `UniqueConstraint("user_id", "slug", ...)` with `Index("unique_user_agent_slug", "user_id", "slug", unique=True, postgresql_where=text("deleted_at IS NULL"))` so test-DB schema (built via Base.metadata.create_all) matches prod schema (built via alembic). Single declaration source. ### app/services/agent_service.py — 409 envelope + existing_uuid - New pure helper `_lookup_existing_live_agent_uuid(db, user_id, slug)` → queries by `Agent.deleted_at.is_(None)`; returns Optional[str] - New helper `_http_error_slug_taken(final_slug, existing_uuid)` → builds 409 envelope with the new field - IntegrityError handler in `create_agent` calls both helpers when `"unique_user_agent_slug" in str(e.orig)` fires New envelope shape (additive; existing clients ignoring existing_uuid see code/message/status unchanged): ```json { "error": { "code": "slug_taken", "message": "slug 'jingim' already in use for this user", "status": 409, "existing_uuid": "agt_abc123def456" } } ``` ### parity-manifest.json — migration 036 entry Documents the port relationship: private 080 → OSS 036; private chain was 079→080 (post PR #919 slug-VARCHAR-raise-to-128); OSS keeps VARCHAR(64) for now (column-width raise NOT ported). ### tests/test_agents_slug_partial_index.py — 9 boundary tests 1. test_create_agent_with_soft_deleted_slug_succeeds — headline ask 2. test_create_agent_with_live_duplicate_slug_returns_409_with_existing_uuid 3. test_409_envelope_includes_required_fields — shape pin 4. test_create_agent_with_no_existing_slug_succeeds — happy path regression 5. test_partial_index_allows_multiple_soft_deleted_rows_same_slug — DB-layer 6-7. test_lookup_existing_live_agent_uuid_returns_{agt_id_when_live_match_exists,none_when_only_soft_deleted} — pure-helper unit tests (defeats ASGI trace gap) 8. test_create_agent_direct_call_triggers_409_with_existing_uuid — direct-call bypass for ASGI-dispatched IntegrityError handler body 9. test_non_slug_integrity_error_falls_through_to_raise — defensive (per private cue-pm G11-α add) 9/9 pass locally. 22/22 existing agents tests pass (no regression). ## OSS track-lag note Private cueapi additionally raised `agents.slug` from `VARCHAR(64)` to `VARCHAR(128)` in migration 079 (private PR #42 Substrate). That column-width raise is NOT ported here; OSS keeps `VARCHAR(64)`. Self- hosters whose slugs fit in 64 chars (the common case) are unaffected. If OSS users need the 128-char ceiling for labeled-Live composite slugs, that's a separate port. ## Gates - ✅ G11-α 2-way CONCUR (private cueapi msg_259g99wa5n5o for source PR; port G11-α CONCUR via msg_bgoh17xb0ns5) - ⏳ CI green on Feature PR to Main workflow - ⏳ G11-β 2-way (cue-pm + cueapi-secondary if available) - ⏳ Lighter G12 (CI greens + 1-2 directed route pings) - ⏳ Admin-merge to main - ⏳ Tag cut **messaging-v1.1.4** post-merge → Jingim's follow-up cue.dock.svc bump ## Cross-refs - Private cueapi PR #921: merge_commit b770983e (source cherry-pick) - Private G14 evidence: msg_9ja5upulf6fo (5/5 PASS verified) - Jingim Q1 source: msg_0xh469viafpc (parity-gap heads-up at msg_3xy1kly05va2) - cue-pm Q1 strategic call: msg_bmu35t9aeql7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)