UN-3476 [FIX] Revert atomic wrap on set_user_organization#1977
Merged
chandrasekharan-zipstack merged 2 commits intoMay 21, 2026
mainZipstack/unstract:mainfrom
fix/un-3476-frictionlessZipstack/unstract:fix/un-3476-frictionlessCopy head branch name to clipboard
Merged
UN-3476 [FIX] Revert atomic wrap on set_user_organization#1977chandrasekharan-zipstack merged 2 commits intomainZipstack/unstract:mainfrom fix/un-3476-frictionlessZipstack/unstract:fix/un-3476-frictionlessCopy head branch name to clipboard
chandrasekharan-zipstack merged 2 commits into
mainZipstack/unstract:mainfrom
fix/un-3476-frictionlessZipstack/unstract:fix/un-3476-frictionlessCopy head branch name to clipboard
Conversation
The atomic wrap from #1954 uncommits the new org row when frictionless_onboarding HTTP-calls the LLMW portal mid-transaction. The portal runs on a separate DB session and under READ COMMITTED cannot see the uncommitted row, so the call returns 400 and the caller silently persists an adapter with an empty unstract_key. Every new signup since 2026-05-19 09:47 UTC ships a broken free-trial X2Text adapter (401 on first OCR). Hotfix only — Phase 2 (UN-3476) restructures the function so the atomic guarantee is reapplied around just the pure-DB writes, with HTTP and non-DB side effects moved outside the transaction. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
WalkthroughThis PR implements a retry mechanism for frictionless onboarding when free-trial adapter provisioning is incomplete. The backend refactors organization setup transaction scoping and unconditionally runs frictionless onboarding with robust error handling. The frontend adds a retry UI with state tracking, adapter refresh logic, and a conditional Alert banner. ChangesFrictionless Onboarding Retry Feature
Sequence DiagramssequenceDiagram
participant Client
participant SetUserOrg as set_user_organization
participant OrgService as OrganizationService
participant AuthService as auth_service
participant DB as Database
Client->>SetUserOrg: request to set organization
SetUserOrg->>OrgService: create_organization()
OrgService->>DB: [atomic] write org + tenant user
DB-->>OrgService: committed rows
OrgService-->>SetUserOrg: org created
SetUserOrg->>AuthService: frictionless_onboarding(org,user)
AuthService-->>SetUserOrg: success or logged error
SetUserOrg->>Client: org setup complete
sequenceDiagram
participant User
participant OnBoard as OnBoard component
participant API as /api/v1/users/profile/retry-frictionless-setup
participant AdapterAPI as /api/v1/unstract/adapter
participant SessionStore as Session Store
User->>OnBoard: click Retry button
OnBoard->>API: POST retry request
API-->>OnBoard: success or error
OnBoard->>AdapterAPI: GET adapter types
AdapterAPI-->>OnBoard: adapter list
OnBoard->>SessionStore: persist updated adapters
OnBoard->>OnBoard: update UI state (complete or warning)
OnBoard-->>User: dismiss or show banner
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@backend/account_v2/authentication_controller.py`:
- Around line 190-204: The current except block around transaction.atomic() maps
any IntegrityError to an organization-duplicate error; narrow the handling so
IntegrityErrors from OrganizationService.create_organization are converted to
DuplicateData with the organization message but IntegrityErrors from
self.create_tenant_user are handled differently (either raise a member-specific
DuplicateData or re-raise the original IntegrityError). Concretely, isolate the
call to OrganizationService.create_organization inside its own try/except
IntegrityError and raise the organization DuplicateData there, then call
self.create_tenant_user inside the same transaction but without catching all
IntegrityError into the organization message (or catch and raise a
member-specific error) so the true cause is preserved.
In `@frontend/src/components/onboard/OnBoard.jsx`:
- Around line 42-44: The current UI derives showFrictionlessRetry from
adaptersList.length which can misidentify manually-connected orgs as having an
interrupted free-trial; replace this heuristic with an explicit server-supplied
flag (e.g., use a prop or org state such as isFrictionlessProvisioning,
freeTrialProvisioning, or provisioningStatus) and compute showFrictionlessRetry
from that flag instead of adaptersList.length; update the OnBoard.jsx logic that
sets showFrictionlessRetry and any consumers that call the retry endpoint
(referencing showFrictionlessRetry and adaptersList) so the banner and retry
action are only shown when the server indicates interrupted frictionless
onboarding.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 82ea679f-4728-41ae-88dc-8939556160fb
📒 Files selected for processing (3)
backend/account_v2/authentication_controller.pyfrontend/src/components/onboard/OnBoard.jsxfrontend/src/components/onboard/onBoard.css
Contributor
|
| Filename | Overview |
|---|---|
| backend/account_v2/authentication_controller.py | Removes @transaction.atomic decorator and its import — a precise two-line revert that restores pre-#1954 commit ordering so the org row is visible to the portal before the HTTP call fires. |
Sequence Diagram
sequenceDiagram
participant Client
participant set_user_organization
participant LocalDB as Local DB (Django session)
participant Portal as LLM Whisperer Portal
participant PortalDB as Portal DB (separate session)
Note over set_user_organization,LocalDB: BEFORE this PR (#1954 broken state)
Client->>set_user_organization: login / org selection
set_user_organization->>LocalDB: BEGIN (transaction.atomic)
set_user_organization->>LocalDB: INSERT org row (uncommitted)
set_user_organization->>Portal: POST /onboarding-setup/
Portal->>PortalDB: SELECT org row
PortalDB-->>Portal: row not visible (uncommitted)
Portal-->>set_user_organization: 400 error
set_user_organization->>LocalDB: writes empty unstract_key
set_user_organization->>LocalDB: COMMIT
Note right of LocalDB: org saved with empty key
Note over set_user_organization,LocalDB: AFTER this PR (reverted / correct state)
Client->>set_user_organization: login / org selection
set_user_organization->>LocalDB: INSERT org row
set_user_organization->>LocalDB: COMMIT (auto-commit)
set_user_organization->>Portal: POST /onboarding-setup/
Portal->>PortalDB: SELECT org row
PortalDB-->>Portal: row visible (committed)
Portal-->>set_user_organization: 200 + subscription key
set_user_organization->>LocalDB: writes valid unstract_key
Reviews (4): Last reviewed commit: "Merge branch 'main' into fix/un-3476-fri..." | Re-trigger Greptile
1cf1847 to
86331f1
Compare
Contributor
Frontend Lint Report (Biome)✅ All checks passed! No linting or formatting issues found. |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
frontend/src/components/onboard/OnBoard.jsx (1)
42-44:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftUse an explicit provisioning flag, not adapter count, to gate retry UI.
Line 42-Line 44 still infer interrupted free-trial from adapter count, which can misclassify manually configured orgs and call the retry endpoint incorrectly. Gate this on a backend-provided provisioning/free-trial status instead.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@frontend/src/components/onboard/OnBoard.jsx` around lines 42 - 44, The UI currently infers interrupted free-trial from adaptersList length via the showFrictionlessRetry constant; replace this heuristic with an explicit backend-provided flag (e.g., freeTrialStatus or isProvisioning) passed into OnBoard.jsx (props or derived from API/state) and use that flag to determine whether to show the retry UI and call the retry endpoint; update references to showFrictionlessRetry to read the new flag (and remove the adaptersList length check) and ensure any retry API call is only invoked when the backend flag indicates an interrupted provisioning/free-trial.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@frontend/src/components/onboard/OnBoard.jsx`:
- Around line 57-59: The adapter type normalization can throw when items lack
adapter_type or it's not a string; update the adapterTypes creation (the code
that builds adapterTypes from data and obj.adapter_type) to defensively filter
and normalize only string values—e.g., skip null/undefined/non-string
adapter_type entries, convert remaining strings to lowercase, and dedupe via Set
so malformed API items don't cause runtime errors during retry recovery.
---
Duplicate comments:
In `@frontend/src/components/onboard/OnBoard.jsx`:
- Around line 42-44: The UI currently infers interrupted free-trial from
adaptersList length via the showFrictionlessRetry constant; replace this
heuristic with an explicit backend-provided flag (e.g., freeTrialStatus or
isProvisioning) passed into OnBoard.jsx (props or derived from API/state) and
use that flag to determine whether to show the retry UI and call the retry
endpoint; update references to showFrictionlessRetry to read the new flag (and
remove the adaptersList length check) and ensure any retry API call is only
invoked when the backend flag indicates an interrupted provisioning/free-trial.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f01bcaaf-88af-4334-bd25-4cc7376fcc23
📒 Files selected for processing (2)
frontend/src/components/onboard/OnBoard.jsxfrontend/src/components/onboard/onBoard.css
✅ Files skipped from review due to trivial changes (1)
- frontend/src/components/onboard/onBoard.css
86331f1 to
d44bb75
Compare
pk-zipstack
approved these changes
May 21, 2026
athul-rs
approved these changes
May 21, 2026
Contributor
Test ResultsSummary
Runner Tests - Full Report
SDK1 Tests - Full Report
|
|
harini-venkataraman
pushed a commit
that referenced
this pull request
May 21, 2026
The atomic wrap from #1954 uncommits the new org row when frictionless_onboarding HTTP-calls the LLMW portal mid-transaction. The portal runs on a separate DB session and under READ COMMITTED cannot see the uncommitted row, so the call returns 400 and the caller silently persists an adapter with an empty unstract_key. Every new signup since 2026-05-19 09:47 UTC ships a broken free-trial X2Text adapter (401 on first OCR). Hotfix only — Phase 2 (UN-3476) restructures the function so the atomic guarantee is reapplied around just the pure-DB writes, with HTTP and non-DB side effects moved outside the transaction. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
harini-venkataraman
added a commit
that referenced
this pull request
Jun 29, 2026
) * [MISC] Decommission prompt-service, old tools, and SDK1 prompt module (Phase 5) Remove prompt-service source, Dockerfiles, and docker-compose entries. Remove tools/classifier, tools/structure, tools/text_extractor directories. Remove SDK1 prompt.py module and its tests. Clean up PROMPT_HOST/PROMPT_PORT from backend settings, sample envs, docker configs, and CI workflows. Remove prompt-service from uv-lock scripts and production build workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * [MISC] Remove prompt-service from tox.ini env_list The prompt-service directory was deleted in the prior commit but tox.ini still referenced it, which would break CI test runs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * UN-2888 [FIX] Add hook for setting default triad for invited users (#1877) * [FIX] Add hook for setting default adapters for invited users Add setup_default_adapters_for_user() hook to AuthenticationService and call it from set_user_organization() when an invited user joins an existing organization. This allows the cloud plugin to set up default triad adapters (LLM, embedding, vector DB, x2text) for invited users, fixing silent failures in API deployment creation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update backend/account_v2/authentication_controller.py Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Signed-off-by: Praveen Kumar <praveen@zipstack.com> * [FIX] Improve log message for setup_default_adapters_for_user Address review comment: log user email and explain that default adapters will not be set when the method is not implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * [MISC] Rename Default Triad to Default LLM Profile in UI Update display label from "Default Triad" to "Default LLM Profile" in the page heading and side navigation menu. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Signed-off-by: Praveen Kumar <praveen@zipstack.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Deepak K <89829542+Deepak-Kesavan@users.noreply.github.com> * UN-3465 [FIX] Wrap set_user_organization in transaction.atomic (#1954) * [FIX] Wrap set_user_organization in transaction.atomic The new-org branch creates the org row, then calls frictionless onboarding and the initial platform key. Failures mid-flow leave an orphan org with no adapters or key, and subsequent logins skip onboarding entirely (gated on new_organization). Atomic ensures the org rolls back on any failure so retries get a clean fresh-org path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [MISC] Worktree skill — use --no-track to prevent accidental main pushes Without --no-track, a later `git push -u origin <branch>` can be reported by the server as also fast-forwarding main, landing commits on main. * [FIX] Use logger.exception in authorization_callback Preserves the traceback when the OAuth callback hits the safety-net catch. Behaviour unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Athul <89829560+athul-rs@users.noreply.github.com> Co-authored-by: vishnuszipstack <117254672+vishnuszipstack@users.noreply.github.com> * UN-3386 [FEAT] Add Prompt Studio HITL change indicator plugin slot (#1930) * UN-3386 [FEAT] Add Prompt Studio HITL change indicator plugin slot Wires up the host-side hooks for the prompt-change-indicator plugin (implementation lives in unstract-cloud): a dynamic-import slot in the prompt card Header for the indicator button, and a route at :orgName/review/readonly/:documentId for the read-only audit view. Both gates fall through gracefully when the plugin is absent (OSS). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * UN-3386 [FIX] Warn when ReadOnlyReviewPage loads without ReviewLayout Addresses review feedback: the readonly route nests inside ReviewLayout (manual-review plugin), so a deployment that ships prompt-change-indicator without manual-review would silently fail to register the route. Log a console.warn in that case to make the misconfiguration discoverable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * UN-3386 [FIX] Surface real plugin import errors in route loader Bare catch in the prompt-change-indicator dynamic import was swallowing syntax/runtime errors in the plugin file alongside the expected "plugin missing in OSS" case. Detect the missing-module messages explicitly and console.error anything else so a broken cloud plugin no longer disables the readonly route silently. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add a dedicated OpenAI-compatible LLM adapter (#1895) * Add OpenAI-compatible LLM adapter * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Address review feedback for custom OpenAI adapter * Fix import formatting after rebase * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Address follow-up review comments for OpenAI-compatible adapter * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Refine OpenAI compatible adapter schema naming * Reject empty model string in OpenAICompatibleLLMParameters validate_model previously produced "custom_openai/" for an empty model, surfacing as a confusing LiteLLM error at call time. Match the existing GeminiLLMParameters.validate_model pattern: strip whitespace, raise ValueError on empty input. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Revert SCHEMA_PATH plumbing; rename schema to custom_openai.json Addresses Ritwik's review feedback. The new BaseAdapter.SCHEMA_PATH class variable and the conditional branch in get_json_schema() are unnecessary: OpenAICompatibleLLMAdapter.get_provider() returns "custom_openai", and the default path resolution already builds …/llm1/static/{get_provider()}.json. Renaming the schema file lets the default lookup find it and keeps the base class untouched, which is the convention every other adapter follows. - Rename openai_compatible.json -> custom_openai.json - Drop SCHEMA_PATH class var and the if-None branch from BaseAdapter - Drop SCHEMA_PATH override (and unused os/ClassVar imports) from OpenAICompatibleLLMAdapter - Update test_openai_compatible_schema_is_loadable to read schema via get_json_schema() instead of touching SCHEMA_PATH directly --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Hari John Kuriakose <hari@zipstack.com> Co-authored-by: Chandrasekharan M <chandrasekharan@zipstack.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Athul <athul@zipstack.com> Co-authored-by: Athul <89829560+athul-rs@users.noreply.github.com> Co-authored-by: vishnuszipstack <117254672+vishnuszipstack@users.noreply.github.com> * ReverseMerge: V0.163.4 hotfix (#1980) * [HOTFIX] Use importlib.util.find_spec for pluggable worker discovery (#1918) * [FIX] Use importlib.util.find_spec for pluggable worker discovery _verify_pluggable_worker_exists() previously checked for the literal file `pluggable_worker/<name>/worker.py` on disk, which breaks when the plugin has been compiled to a .so (Nuitka, Cython, or any C extension) — the module is perfectly importable but the pre-check rejects it because only the .py extension is considered. Replace the filesystem check with importlib.util.find_spec(), which is Python's standard way to ask "is this module resolvable by the import system?". It honors every registered finder — source .py, compiled .so, bytecode .pyc, namespace packages, zipimports — so the function now matches what its docstring claims: verifying the module can be loaded, not that a specific file extension is present. Behavior is preserved for existing deployments: - Images with no `pluggable_worker/<name>/` subpackage → find_spec raises ModuleNotFoundError (ImportError subclass) → returns False. - Images with source .py → find_spec resolves the .py → returns True. - Images with compiled .so → find_spec resolves the .so → returns True. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [FIX] Handle ValueError from find_spec in pluggable worker verification Greptile-flagged edge case: importlib.util.find_spec() can raise ValueError (not just ImportError) when sys.modules has a partially initialised module entry with __spec__ = None from a prior failed import. Broaden the except to catch both. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [FIX] Resolve api-deployment worker directory from enum import path worker.py:452 did worker_type.value.replace("-", "_") to derive the on-disk dir name. All WorkerType enum values already use underscores, so the replace was a no-op; for API_DEPLOYMENT whose dir is "api-deployment" (hyphen), it resolved to "api_deployment" and the os.path.exists() check failed. Boot then logged a spurious "❌ Worker directory not found: /app/api_deployment" at ERROR level. The task registration path (builder + celery autodiscover via to_import_path) is unaffected, so this was purely log noise — but noise at ERROR level that masks real failures in log scans. Fix: derive the directory from the authoritative to_import_path() which already handles the hyphen case (api_deployment -> api-deployment). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [HOTFIX] Add IAM Role / Instance Profile auth mode to AWS Bedrock adapter (#1944) * [FEAT] Allow Bedrock to fall through to boto3's default credential chain Match the S3/MinIO connector pattern: when AWS access keys are left blank on the Bedrock LLM and embedding adapter forms, drop them from the kwargs dict so boto3's default credential chain handles authentication. This unlocks IAM role / instance profile / IRSA / AWS Profile scenarios on hosts that already have ambient AWS credentials (e.g. EKS workers with IRSA, EC2 with an instance profile). - llm1/static/bedrock.json: clarify access-key descriptions to mention IRSA and instance profile (already non-required at v0.163.2 base). - embedding1/static/bedrock.json: drop aws_access_key_id and aws_secret_access_key from top-level required; same description fix; expose aws_profile_name for parity with the LLM form. - base1.py: AWSBedrockLLMParameters and AWSBedrockEmbeddingParameters now strip empty access-key values from the validated kwargs before returning, so empty strings don't override boto3's default chain. AWSBedrockEmbeddingParameters fields gain explicit None defaults and an aws_profile_name field. Backward-compatible: existing adapters with access keys filled in continue to work unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [FEAT] Add Authentication Type selector to Bedrock adapter form Add an explicit `auth_type` selector with two options, making the auth choice clear to users: - "Access Keys" (default): existing flow, keys required - "IAM Role / Instance Profile (on-prem AWS only)": no fields; relies on boto3's default credential chain (IRSA on EKS, task role on ECS, instance profile on EC2). Description on the selector explicitly notes this option is only for AWS-hosted Unstract deployments. The form-only auth_type field is stripped before LiteLLM validation in both AWSBedrockLLMParameters.validate() and AWSBedrockEmbeddingParameters. validate(). Empty access keys continue to be stripped so boto3 falls through to the default chain even when the access_keys arm is selected without values (matches the S3/MinIO connector pattern). Backward-compatible: legacy adapters without auth_type behave as "Access Keys" mode (the default), and existing keys are forwarded unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [REVIEW] Address Bedrock auth_type review feedback Fixes the P0/P1 issues raised by greptile-apps and jaseemjaskp on PR #1944. Behaviour fixes: - Stale-key leak in IAM Role mode: switching an existing adapter from Access Keys to IAM Role would carry truthy stored access keys through the strip-empty-only loop, so boto3 silently authenticated with the old long-lived credentials instead of falling through to the host's IRSA / instance-profile identity. Both LLM and embedding paths were affected. - Silent acceptance of unknown auth_type: a typo (e.g. "access_key") or a malformed payload from a non-UI client passed through the dict comprehension untouched, with no enum guard. - Cross-field validation gap: explicit Access Keys mode with blank or whitespace-only values silently fell through to the default credential chain instead of surfacing the misconfiguration. Implementation: - Add a module-level _resolve_bedrock_aws_credentials helper used by both AWSBedrockLLMParameters.validate() and AWSBedrock EmbeddingParameters.validate(), so the auth-type contract is expressed once. - Validates auth_type against an allowlist (None | "access_keys" | "iam_role"); raises ValueError on anything else. - iam_role: unconditionally drops aws_access_key_id and aws_secret_access_key. - access_keys (explicit): requires non-blank values; raises ValueError if either is empty or whitespace-only. - Legacy (auth_type absent): retains the lenient strip behaviour so pre-PR adapter configurations continue to deserialise unchanged. - Restore aws_region_name as required (no `= None` default) on AWSBedrockEmbeddingParameters; only credentials may legitimately be absent. - Drop the orphan aws_profile_name field from embedding1/static/bedrock.json: it was added for parity with the LLM form but lives outside the auth_type oneOf and contradicts the selector's "no further input" semantics. The LLM form already had aws_profile_name pre-PR and is left alone for backwards compatibility. Tests: - New tests/test_bedrock_adapter.py covers 15 cases across LLM and embedding adapters: legacy-no-auth-type, explicit access_keys with valid/blank/whitespace keys, iam_role with stale/no keys, unknown auth_type rejection, cross-field validation, and preservation of unrelated params (model_id, aws_profile_name, region, thinking). Skipped (P2 nice-to-have): - Comment-scope clarification, MinIO reference rewording, validate-mutates-caller'\''s-dict, and the LLM form description nit about aws_profile_name visibility. These don'\''t change behaviour and can be addressed in a follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [HOTFIX] Bump litellm to 1.83.10 from PyPI to clear CVE-2026-42208 (#1976) Hotfix for cloud v0.159.3 (OSS v0.163.4). Customer scanner flagged litellm 1.82.3 for CVE-2026-42208 (SQL injection in litellm proxy auth path, affects 1.81.16-1.83.6). We do not use litellm.proxy, but vulnerability scanners flag the installed package regardless of which code path is reachable. Bump to 1.83.10 — the exact version recommended by the upstream advisory (v1.83.10-stable) and the smallest jump that clears the CVE range while keeping python-dotenv==1.0.1 compatible (1.83.14 would force bumping python-dotenv across 7+ pyproject.toml files). Only tiktoken needed to move 0.9 -> 0.12 to satisfy litellm's pin. Switch source back to PyPI now that the PyPI quarantine is over, reversing the temporary fork in #1873. Cohere embed timeout patch: verified that litellm/llms/cohere/embed/handler.py is byte-identical between v1.82.3, v1.83.10-stable, and v1.83.14-stable (the timeout-not-forwarded bug fixed in #1848 is still present upstream — BerriAI/litellm#14635 remains OPEN). Version guard bumped 1.82.3 -> 1.83.10; 6/6 patch tests pass on the new version, confirming the monkey-patch still binds correctly. Other cleanup from #1873: - Drop git apt-install from worker-unified and tool Dockerfiles (no git-sourced deps remain in any uv.lock) - Bump tool versions: structure 0.0.100 -> 0.0.101, classifier 0.0.79 -> 0.0.80, text_extractor 0.0.75 -> 0.0.76 Note on root uv.lock churn: the v0.163.4 root uv.lock had a pre-existing corruption (banks v2.4.1 entry pointing at banks-2.2.0 wheel) that blocked incremental resolution. Regenerated from scratch. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * [FIX] Align cohere patch docstring with version-guard semantics Reviewer flagged that the docstring claimed the patch is "confirmed in every release between 1.82.3 and 1.83.14-stable", but the guard at _PATCHED_LITELLM_VERSION activates only on the exact pinned version. A future maintainer reading the old text could reasonably expect bumping to e.g. 1.83.11 to keep the fix active; in reality it silently turns off. Rewritten to reference _PATCHED_LITELLM_VERSION as the single source of truth and to drop the rot-prone "as of 2026-05-20" calendar date. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Chandrasekharan M <117059509+chandrasekharan-zipstack@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * UN-3476 [FIX] Revert atomic wrap on set_user_organization (#1977) The atomic wrap from #1954 uncommits the new org row when frictionless_onboarding HTTP-calls the LLMW portal mid-transaction. The portal runs on a separate DB session and under READ COMMITTED cannot see the uncommitted row, so the call returns 400 and the caller silently persists an adapter with an empty unstract_key. Every new signup since 2026-05-19 09:47 UTC ships a broken free-trial X2Text adapter (401 on first OCR). Hotfix only — Phase 2 (UN-3476) restructures the function so the atomic guarantee is reapplied around just the pure-DB writes, with HTTP and non-DB side effects moved outside the transaction. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Restore text_extractor tool removed in Phase 5 decommission The Phase 5 decommission commit removed classifier, structure, text_extractor, and prompt-service. However, text_extractor is still in active use by customers. This surgically restores only the text_extractor tool while keeping the other decommissions in place. - Restore tools/text_extractor/ directory (14 files from origin/main) - Add tool-text_extractor back to docker-compose.build.yaml - Add tool-text-extractor back to docker-tools-build-push.yaml workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Restore classifier tool removed in Phase 5 decommission Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove unit-prompt-service group from test rig manifest The prompt-service directory was deleted in the decommission PR, but the test rig groups.yaml still referenced it, causing CI to fail with "workdir does not exist" during validate and integration steps. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove deleted prompt-service and structure tool refs from bump script prompt-service/ and tools/structure/ are deleted by this PR, so remove their variables, reset_file calls, and the entire update_structure_tool_version function from bump_sdk_v0_version.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix stale references from decommissioned components - Fix tool-text_extractor image name to tool-text-extractor in docker-compose.build.yaml to match CI, registry, and cloud naming - Remove stale tool-structure from run-platform.sh ignore list - Drop prompt-service from is_retryable_error docstring in retry_utils.py Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Trigger CI re-run Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Signed-off-by: Praveen Kumar <praveen@zipstack.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Praveen Kumar <praveen@zipstack.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Deepak K <89829542+Deepak-Kesavan@users.noreply.github.com> Co-authored-by: Chandrasekharan M <117059509+chandrasekharan-zipstack@users.noreply.github.com> Co-authored-by: Athul <89829560+athul-rs@users.noreply.github.com> Co-authored-by: vishnuszipstack <117254672+vishnuszipstack@users.noreply.github.com> Co-authored-by: jimmy <ziming_zhu2002@163.com> Co-authored-by: Hari John Kuriakose <hari@zipstack.com> Co-authored-by: Chandrasekharan M <chandrasekharan@zipstack.com> Co-authored-by: Athul <athul@zipstack.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Revert of the
@transaction.atomicwrap onAuthenticationController.set_user_organizationintroduced in PR #1954 (8b29fea02). Two-line diff: drop the decorator and its import.Why
PR #1954 caused a regression. Since
2026-05-19 09:47 UTC, every new signup on globe.unstract.com received a broken free-trial X2Text adapter (401 "Access denied due to invalid subscription key" on first OCR).Mechanism:
set_user_organizationinserts the org row, then makes an HTTP call to the LLM Whisperer portal (/onboarding-setup/) to provision the X2Text adapter's subscription key.unstract_key-> every subsequent OCR call gets 401.Removing the atomic wrap restores the pre-#1954 behaviour: the org INSERT commits before the portal call runs, so the portal can see it.
Why only the X2Text adapter breaks
The other three frictionless adapters (LLM, Vector DB, Embedding) are pure-local INSERTs from pre-baked env config, executed in the same DB session that holds the uncommitted org row - they read their own writes. Only X2Text crosses a process boundary to a service with an independent DB session, so only X2Text trips on the uncommitted-row visibility.
Scope
Revert only. The silent-swallow in
create_subscription_and_retrieve_key(which turns the portal 400 into an empty key written to the adapter row) is pre-existing brittleness and intentionally not addressed here - separate follow-up.Stranded orgs from the regression window (2002, 2003, 2004, 2006, 2007, 2008, 2009) are recoverable via the existing
setup_frictionless_onboardingmgmt command.Can this PR break any existing features?
No. It restores the exact pre-#1954 behaviour of
set_user_organization. The original orphan-org-on-portal-failure edge case PR #1954 was trying to address comes back, but that was tolerated for years pre-#1954 and is much rarer than the regression it caused.Database Migrations
None.
Env Config
None.
Related Issues or PRs
Notes on Testing
Checklist
I have read and understood the Contribution Guidelines.