2025-06-23 10:22:27 -04:00
|
|
|
const path = require('path');
|
|
|
|
|
const { logger } = require('@librechat/data-schemas');
|
2025-09-10 20:40:58 -04:00
|
|
|
const { ensureRequiredCollectionsExist } = require('@librechat/api');
|
2025-08-02 16:02:56 -04:00
|
|
|
const { AccessRoleIds, ResourceType, PrincipalType } = require('librechat-data-provider');
|
2025-08-14 17:20:00 -04:00
|
|
|
|
|
|
|
|
require('module-alias')({ base: path.resolve(__dirname, '..', 'api') });
|
2025-06-23 10:22:27 -04:00
|
|
|
const connect = require('./connect');
|
|
|
|
|
|
|
|
|
|
const { grantPermission } = require('~/server/services/PermissionService');
|
|
|
|
|
const { findRoleByIdentifier } = require('~/models');
|
🐘 feat: FerretDB Compatibility (#11769)
* feat: replace unsupported MongoDB aggregation operators for FerretDB compatibility
Replace $lookup, $unwind, $sample, $replaceRoot, and $addFields aggregation
stages which are unsupported on FerretDB v2.x (postgres-documentdb backend).
- Prompt.js: Replace $lookup/$unwind/$project pipelines with find().select().lean()
+ attachProductionPrompts() batch helper. Replace $group/$replaceRoot/$sample
in getRandomPromptGroups with distinct() + Fisher-Yates shuffle.
- Agent/Prompt migration scripts: Replace $lookup anti-join pattern with
distinct() + $nin two-step queries for finding un-migrated resources.
All replacement patterns verified against FerretDB v2.7.0.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: use $pullAll for simple array removals, fix memberIds type mismatches
Replace $pull with $pullAll for exact-value scalar array removals. Both
operators work on MongoDB and FerretDB, but $pullAll is more explicit for
exact matching (no condition expressions).
Fix critical type mismatch bugs where ObjectId values were used against
String[] memberIds arrays in Group queries:
- config/delete-user.js: use string uid instead of ObjectId user._id
- e2e/setup/cleanupUser.ts: convert userId.toString() before query
Harden PermissionService.bulkUpdateResourcePermissions abort handling to
prevent crash when abortTransaction is called after commitTransaction.
All changes verified against FerretDB v2.7.0 and MongoDB Memory Server.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: harden transaction support probe for FerretDB compatibility
Commit the transaction before aborting in supportsTransactions probe, and
wrap abortTransaction in try-catch to prevent crashes when abort is called
after a successful commit (observed behavior on FerretDB).
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat: add FerretDB compatibility test suite, retry utilities, and CI config
Add comprehensive FerretDB integration test suite covering:
- $pullAll scalar array operations
- $pull with subdocument conditions
- $lookup replacement (find + manual join)
- $sample replacement (distinct + Fisher-Yates)
- $bit and $bitsAllSet operations
- Migration anti-join pattern
- Multi-tenancy (useDb, scaling, write amplification)
- Sharding proof-of-concept
- Production operations (backup/restore, schema migration, deadlock retry)
Add production retryWithBackoff utility for deadlock recovery during
concurrent index creation on FerretDB/DocumentDB backends.
Add UserController.spec.js tests for deleteUserController (runs in CI).
Configure jest and eslint to isolate FerretDB tests from CI pipelines:
- packages/data-schemas/jest.config.mjs: ignore misc/ directory
- eslint.config.mjs: ignore packages/data-schemas/misc/
Include Docker Compose config for local FerretDB v2.7 + postgres-documentdb,
dedicated jest/tsconfig for the test files, and multi-tenancy findings doc.
Co-authored-by: Cursor <cursoragent@cursor.com>
* style: brace formatting in aclEntry.ts modifyPermissionBits
Co-authored-by: Cursor <cursoragent@cursor.com>
* refactor: reorganize retry utilities and update imports
- Moved retryWithBackoff utility to a new file `retry.ts` for better structure.
- Updated imports in `orgOperations.ferretdb.spec.ts` to reflect the new location of retry utilities.
- Removed old import statement for retryWithBackoff from index.ts to streamline exports.
* test: add $pullAll coverage for ConversationTag and PermissionService
Add integration tests for deleteConversationTag verifying $pullAll
removes tags from conversations correctly, and for
syncUserEntraGroupMemberships verifying $pullAll removes user from
non-matching Entra groups while preserving local group membership.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-13 02:14:34 -05:00
|
|
|
const { Agent, AclEntry } = require('~/db/models');
|
2025-06-23 10:22:27 -04:00
|
|
|
|
2026-02-13 03:04:15 -05:00
|
|
|
const GLOBAL_PROJECT_NAME = 'instance';
|
|
|
|
|
|
|
|
|
|
/** Queries the raw `projects` collection (which may still exist in the DB even though the model is removed) */
|
|
|
|
|
async function getGlobalProjectAgentIds(db) {
|
|
|
|
|
const project = await db
|
|
|
|
|
.collection('projects')
|
|
|
|
|
.findOne({ name: GLOBAL_PROJECT_NAME }, { projection: { agentIds: 1 } });
|
|
|
|
|
return new Set(project?.agentIds || []);
|
|
|
|
|
}
|
|
|
|
|
|
2025-06-23 10:22:27 -04:00
|
|
|
async function migrateAgentPermissionsEnhanced({ dryRun = true, batchSize = 100 } = {}) {
|
|
|
|
|
await connect();
|
|
|
|
|
|
|
|
|
|
logger.info('Starting Enhanced Agent Permissions Migration', { dryRun, batchSize });
|
|
|
|
|
|
2025-08-25 03:01:50 -04:00
|
|
|
const mongoose = require('mongoose');
|
|
|
|
|
/** @type {import('mongoose').mongo.Db | undefined} */
|
|
|
|
|
const db = mongoose.connection.db;
|
|
|
|
|
if (db) {
|
2025-09-10 20:40:58 -04:00
|
|
|
await ensureRequiredCollectionsExist(db);
|
2025-08-25 03:01:50 -04:00
|
|
|
}
|
|
|
|
|
|
2025-08-14 17:20:00 -04:00
|
|
|
const ownerRole = await findRoleByIdentifier(AccessRoleIds.AGENT_OWNER);
|
|
|
|
|
const viewerRole = await findRoleByIdentifier(AccessRoleIds.AGENT_VIEWER);
|
|
|
|
|
const editorRole = await findRoleByIdentifier(AccessRoleIds.AGENT_EDITOR);
|
2025-06-23 10:22:27 -04:00
|
|
|
|
|
|
|
|
if (!ownerRole || !viewerRole || !editorRole) {
|
|
|
|
|
throw new Error('Required roles not found. Run role seeding first.');
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-13 03:04:15 -05:00
|
|
|
const globalAgentIds = db ? await getGlobalProjectAgentIds(db) : new Set();
|
2025-06-23 10:22:27 -04:00
|
|
|
|
|
|
|
|
logger.info(`Found ${globalAgentIds.size} agents in global project`);
|
|
|
|
|
|
🐘 feat: FerretDB Compatibility (#11769)
* feat: replace unsupported MongoDB aggregation operators for FerretDB compatibility
Replace $lookup, $unwind, $sample, $replaceRoot, and $addFields aggregation
stages which are unsupported on FerretDB v2.x (postgres-documentdb backend).
- Prompt.js: Replace $lookup/$unwind/$project pipelines with find().select().lean()
+ attachProductionPrompts() batch helper. Replace $group/$replaceRoot/$sample
in getRandomPromptGroups with distinct() + Fisher-Yates shuffle.
- Agent/Prompt migration scripts: Replace $lookup anti-join pattern with
distinct() + $nin two-step queries for finding un-migrated resources.
All replacement patterns verified against FerretDB v2.7.0.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: use $pullAll for simple array removals, fix memberIds type mismatches
Replace $pull with $pullAll for exact-value scalar array removals. Both
operators work on MongoDB and FerretDB, but $pullAll is more explicit for
exact matching (no condition expressions).
Fix critical type mismatch bugs where ObjectId values were used against
String[] memberIds arrays in Group queries:
- config/delete-user.js: use string uid instead of ObjectId user._id
- e2e/setup/cleanupUser.ts: convert userId.toString() before query
Harden PermissionService.bulkUpdateResourcePermissions abort handling to
prevent crash when abortTransaction is called after commitTransaction.
All changes verified against FerretDB v2.7.0 and MongoDB Memory Server.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: harden transaction support probe for FerretDB compatibility
Commit the transaction before aborting in supportsTransactions probe, and
wrap abortTransaction in try-catch to prevent crashes when abort is called
after a successful commit (observed behavior on FerretDB).
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat: add FerretDB compatibility test suite, retry utilities, and CI config
Add comprehensive FerretDB integration test suite covering:
- $pullAll scalar array operations
- $pull with subdocument conditions
- $lookup replacement (find + manual join)
- $sample replacement (distinct + Fisher-Yates)
- $bit and $bitsAllSet operations
- Migration anti-join pattern
- Multi-tenancy (useDb, scaling, write amplification)
- Sharding proof-of-concept
- Production operations (backup/restore, schema migration, deadlock retry)
Add production retryWithBackoff utility for deadlock recovery during
concurrent index creation on FerretDB/DocumentDB backends.
Add UserController.spec.js tests for deleteUserController (runs in CI).
Configure jest and eslint to isolate FerretDB tests from CI pipelines:
- packages/data-schemas/jest.config.mjs: ignore misc/ directory
- eslint.config.mjs: ignore packages/data-schemas/misc/
Include Docker Compose config for local FerretDB v2.7 + postgres-documentdb,
dedicated jest/tsconfig for the test files, and multi-tenancy findings doc.
Co-authored-by: Cursor <cursoragent@cursor.com>
* style: brace formatting in aclEntry.ts modifyPermissionBits
Co-authored-by: Cursor <cursoragent@cursor.com>
* refactor: reorganize retry utilities and update imports
- Moved retryWithBackoff utility to a new file `retry.ts` for better structure.
- Updated imports in `orgOperations.ferretdb.spec.ts` to reflect the new location of retry utilities.
- Removed old import statement for retryWithBackoff from index.ts to streamline exports.
* test: add $pullAll coverage for ConversationTag and PermissionService
Add integration tests for deleteConversationTag verifying $pullAll
removes tags from conversations correctly, and for
syncUserEntraGroupMemberships verifying $pullAll removes user from
non-matching Entra groups while preserving local group membership.
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-13 02:14:34 -05:00
|
|
|
const migratedAgentIds = await AclEntry.distinct('resourceId', {
|
|
|
|
|
resourceType: ResourceType.AGENT,
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const agentsToMigrate = await Agent.find({
|
|
|
|
|
_id: { $nin: migratedAgentIds },
|
|
|
|
|
author: { $exists: true, $ne: null },
|
|
|
|
|
})
|
|
|
|
|
.select('_id id name author isCollaborative')
|
|
|
|
|
.lean();
|
2025-06-23 10:22:27 -04:00
|
|
|
|
|
|
|
|
const categories = {
|
2026-02-13 03:04:15 -05:00
|
|
|
globalEditAccess: [],
|
|
|
|
|
globalViewAccess: [],
|
|
|
|
|
privateAgents: [],
|
2025-06-23 10:22:27 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
agentsToMigrate.forEach((agent) => {
|
|
|
|
|
const isGlobal = globalAgentIds.has(agent.id);
|
|
|
|
|
const isCollab = agent.isCollaborative;
|
|
|
|
|
|
|
|
|
|
if (isGlobal && isCollab) {
|
|
|
|
|
categories.globalEditAccess.push(agent);
|
|
|
|
|
} else if (isGlobal && !isCollab) {
|
|
|
|
|
categories.globalViewAccess.push(agent);
|
|
|
|
|
} else {
|
|
|
|
|
categories.privateAgents.push(agent);
|
|
|
|
|
|
|
|
|
|
if (isCollab) {
|
|
|
|
|
logger.warn(
|
|
|
|
|
`Agent "${agent.name}" (${agent.id}) has isCollaborative=true but is not in global project`,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2025-08-25 03:01:50 -04:00
|
|
|
logger.info(
|
|
|
|
|
'Agent categorization:\n' +
|
|
|
|
|
JSON.stringify(
|
|
|
|
|
{
|
|
|
|
|
globalEditAccess: categories.globalEditAccess.length,
|
|
|
|
|
globalViewAccess: categories.globalViewAccess.length,
|
|
|
|
|
privateAgents: categories.privateAgents.length,
|
|
|
|
|
total: agentsToMigrate.length,
|
|
|
|
|
},
|
|
|
|
|
null,
|
|
|
|
|
2,
|
|
|
|
|
),
|
|
|
|
|
);
|
2025-06-23 10:22:27 -04:00
|
|
|
|
|
|
|
|
if (dryRun) {
|
|
|
|
|
return {
|
|
|
|
|
migrated: 0,
|
|
|
|
|
errors: 0,
|
|
|
|
|
dryRun: true,
|
|
|
|
|
summary: {
|
|
|
|
|
globalEditAccess: categories.globalEditAccess.length,
|
|
|
|
|
globalViewAccess: categories.globalViewAccess.length,
|
|
|
|
|
privateAgents: categories.privateAgents.length,
|
|
|
|
|
total: agentsToMigrate.length,
|
|
|
|
|
},
|
|
|
|
|
details: {
|
|
|
|
|
globalEditAccess: categories.globalEditAccess.map((a) => ({
|
|
|
|
|
name: a.name,
|
|
|
|
|
id: a.id,
|
|
|
|
|
permissions: 'Owner + Public EDIT',
|
|
|
|
|
})),
|
|
|
|
|
globalViewAccess: categories.globalViewAccess.map((a) => ({
|
|
|
|
|
name: a.name,
|
|
|
|
|
id: a.id,
|
|
|
|
|
permissions: 'Owner + Public VIEW',
|
|
|
|
|
})),
|
|
|
|
|
privateAgents: categories.privateAgents.map((a) => ({
|
|
|
|
|
name: a.name,
|
|
|
|
|
id: a.id,
|
|
|
|
|
permissions: 'Owner only',
|
|
|
|
|
})),
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const results = {
|
|
|
|
|
migrated: 0,
|
|
|
|
|
errors: 0,
|
|
|
|
|
publicViewGrants: 0,
|
|
|
|
|
publicEditGrants: 0,
|
|
|
|
|
ownerGrants: 0,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (let i = 0; i < agentsToMigrate.length; i += batchSize) {
|
|
|
|
|
const batch = agentsToMigrate.slice(i, i + batchSize);
|
|
|
|
|
|
|
|
|
|
logger.info(
|
|
|
|
|
`Processing batch ${Math.floor(i / batchSize) + 1}/${Math.ceil(agentsToMigrate.length / batchSize)}`,
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
for (const agent of batch) {
|
|
|
|
|
try {
|
|
|
|
|
const isGlobal = globalAgentIds.has(agent.id);
|
|
|
|
|
const isCollab = agent.isCollaborative;
|
|
|
|
|
|
|
|
|
|
await grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-06-23 10:22:27 -04:00
|
|
|
principalId: agent.author,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.AGENT,
|
2025-06-23 10:22:27 -04:00
|
|
|
resourceId: agent._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.AGENT_OWNER,
|
2025-06-23 10:22:27 -04:00
|
|
|
grantedBy: agent.author,
|
|
|
|
|
});
|
|
|
|
|
results.ownerGrants++;
|
|
|
|
|
|
|
|
|
|
let publicRoleId = null;
|
|
|
|
|
let description = 'Private';
|
|
|
|
|
|
|
|
|
|
if (isGlobal) {
|
|
|
|
|
if (isCollab) {
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
publicRoleId = AccessRoleIds.AGENT_EDITOR;
|
2025-06-23 10:22:27 -04:00
|
|
|
description = 'Global Edit';
|
|
|
|
|
results.publicEditGrants++;
|
|
|
|
|
} else {
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
publicRoleId = AccessRoleIds.AGENT_VIEWER;
|
2025-06-23 10:22:27 -04:00
|
|
|
description = 'Global View';
|
|
|
|
|
results.publicViewGrants++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.PUBLIC,
|
2025-06-23 10:22:27 -04:00
|
|
|
principalId: null,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.AGENT,
|
2025-06-23 10:22:27 -04:00
|
|
|
resourceId: agent._id,
|
|
|
|
|
accessRoleId: publicRoleId,
|
|
|
|
|
grantedBy: agent.author,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
results.migrated++;
|
|
|
|
|
logger.debug(`Migrated agent "${agent.name}" [${description}]`, {
|
|
|
|
|
agentId: agent.id,
|
|
|
|
|
author: agent.author,
|
|
|
|
|
isGlobal,
|
|
|
|
|
isCollab,
|
|
|
|
|
publicRole: publicRoleId,
|
|
|
|
|
});
|
|
|
|
|
} catch (error) {
|
|
|
|
|
results.errors++;
|
|
|
|
|
logger.error(`Failed to migrate agent "${agent.name}"`, {
|
|
|
|
|
agentId: agent.id,
|
|
|
|
|
author: agent.author,
|
|
|
|
|
error: error.message,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await new Promise((resolve) => setTimeout(resolve, 100));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logger.info('Enhanced migration completed', results);
|
|
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (require.main === module) {
|
|
|
|
|
const dryRun = process.argv.includes('--dry-run');
|
|
|
|
|
const batchSize =
|
|
|
|
|
parseInt(process.argv.find((arg) => arg.startsWith('--batch-size='))?.split('=')[1]) || 100;
|
|
|
|
|
|
|
|
|
|
migrateAgentPermissionsEnhanced({ dryRun, batchSize })
|
|
|
|
|
.then((result) => {
|
|
|
|
|
if (dryRun) {
|
|
|
|
|
console.log('\n=== DRY RUN RESULTS ===');
|
|
|
|
|
console.log(`Total agents to migrate: ${result.summary.total}`);
|
|
|
|
|
console.log(`- Global Edit Access: ${result.summary.globalEditAccess} agents`);
|
|
|
|
|
console.log(`- Global View Access: ${result.summary.globalViewAccess} agents`);
|
|
|
|
|
console.log(`- Private Agents: ${result.summary.privateAgents} agents`);
|
|
|
|
|
|
|
|
|
|
if (result.details.globalEditAccess.length > 0) {
|
|
|
|
|
console.log('\nGlobal Edit Access agents:');
|
|
|
|
|
result.details.globalEditAccess.forEach((agent, i) => {
|
|
|
|
|
console.log(` ${i + 1}. "${agent.name}" (${agent.id})`);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (result.details.globalViewAccess.length > 0) {
|
|
|
|
|
console.log('\nGlobal View Access agents:');
|
|
|
|
|
result.details.globalViewAccess.forEach((agent, i) => {
|
|
|
|
|
console.log(` ${i + 1}. "${agent.name}" (${agent.id})`);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (result.details.privateAgents.length > 0) {
|
|
|
|
|
console.log('\nPrivate agents:');
|
|
|
|
|
result.details.privateAgents.forEach((agent, i) => {
|
|
|
|
|
console.log(` ${i + 1}. "${agent.name}" (${agent.id})`);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
console.log('\nMigration Results:', JSON.stringify(result, null, 2));
|
|
|
|
|
}
|
|
|
|
|
process.exit(0);
|
|
|
|
|
})
|
|
|
|
|
.catch((error) => {
|
|
|
|
|
console.error('Enhanced migration failed:', error);
|
|
|
|
|
process.exit(1);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = { migrateAgentPermissionsEnhanced };
|