fix(rag): consume feedback streams with cursor tracking (#2102)#2179
Merged
mrveiss merged 13 commits intoDev_new_guifrom Mar 23, 2026
Merged
fix(rag): consume feedback streams with cursor tracking (#2102)#2179mrveiss merged 13 commits intoDev_new_guifrom
mrveiss merged 13 commits intoDev_new_guifrom
Conversation
EdgeLearner now tracks per-stream cursors to consume only new events on each scheduler call, preventing duplicate processing. Stream TTL extended from 7 to 30 days so data survives until Phase 3 consumers are wired. Adds two tests for cursor persistence and advancement.
✅ SSOT Configuration Compliance: Passing🎉 No hardcoded values detected that have SSOT config equivalents! |
) (#2100) * fix(frontend): add missing navigation links for 7 registered routes (#2071) * refactor(frontend): data-driven nav with v-for + i18n for all locales (#2071) - Replace 500+ lines of duplicated desktop/mobile nav markup with a single navItems array and v-for loops (App.vue: 1247 -> 857 lines) - Add navItems return value to Options API setup - Add missing nav.* i18n keys to all 10 non-English locale files (ar, de, es, fa, fr, he, lv, pl, pt, ur) using English as placeholder - Keep SLM Admin as a special-case external link
…2107) * fix(frontend,backend): add placeholder states for Code Intelligence findings (#2068) * fix(security): add auth + error handling to stub endpoints (#2068) - Add check_admin_permission dependency to all 3 stub endpoints - Add @with_error_handling decorator matching existing patterns - Rename URLs from flat /security-findings to hierarchical /security/findings to match existing convention (/security/score, /security/report, etc.)
* feat(backend,frontend): add batch vectorization endpoint (#2077) * fix(backend,frontend): improve batch vectorization reliability (#2077) Backend: - Replace sequential processing with asyncio.gather + Semaphore(10) for controlled concurrency, preventing HTTP timeout on large batches - Add field_validator to deduplicate document_ids and validate each element (non-empty, max 255 chars) Frontend: - Add scaled timeout to batch API call (knowledge timeout * count, capped at 5 minutes) - Only fall back to individual requests on 404/405; rethrow real errors (500, 401) instead of silently masking them - Wrap fallback Promise.allSettled in try/catch to prevent uncaught propagation
* security: add validate_relative_path to shared path validator (#1721) - Extend autobot-shared/security/path_validator.py with validate_relative_path() - Validates user-controlled paths resolve within allowed base directories - Prevents directory traversal attacks (../../etc/passwd) Foundation for fixing 64 path injection CodeQL alerts in #1721 * security: fix path injection in core file/data APIs (#1721) - Add path validation to files.py, data_storage.py, filesystem_mcp.py, logs.py, session.py, git_mcp.py - Validate user-controlled paths against allowed base directories Resolves 47 of 64 path injection CodeQL alerts for #1721 * security: fix path injection in remaining backend files (#1721) - Add path validation to terminal_secrets_service, vnc_manager, reports, prompts, chat_sessions, chat_knowledge, ownership, environment, fast_document_scanner, secure_sandbox_executor Resolves remaining 17 of 64 path injection CodeQL alerts for #1721 * fix(security): fix path leakage in validator + CWD-dependent base (#1721) - Restructure validate_path() exception handler to separate relative_to() failure from must_exist check, preventing internal path leakage in error messages - Replace Path(".") with PROJECT_ROOT in reports.py to ensure deterministic path containment regardless of CWD at runtime * security: convert remaining filesystem_mcp endpoints to _validated_path (#1721) Convert 7 endpoints from is_path_allowed() (bool check on raw path) to _validated_path() (returns resolved safe path for all fs operations): - _read_single_file_for_batch: preserves error-dict contract - create_directory_mcp: os.makedirs uses safe_path - list_directory_mcp: os.listdir + os.path.join use safe_path - move_file_mcp: validates both source + destination - search_files_mcp: os.walk uses safe_path - directory_tree_mcp: recursive walk uses safe_path - get_file_info_mcp: os.stat uses safe_path No remaining is_path_allowed() call sites in any endpoint.
…) (#2147) Breaks complex queries into 2-4 sequential sub-steps via LLM. Executes each step through NeuralMeshRetriever with prior context. 9 tests.
Replace skip-guard approach with ID-increment (exclusive lower bound) for stream cursor. Prevents within-call duplicate processing when a batch contains exactly 100 entries. Add comment noting cursors are ephemeral and lost on restart.
This was referenced Mar 23, 2026
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
test_cursor_persists_between_calls_no_duplicate_processingpassestest_cursor_advances_when_new_entries_arrivepassesrag_service_events_test.py🤖 Generated with Claude Code