Ccv/catalog#113
Conversation
- Included the Intake Wizard route in the frontend application, allowing users to access the new feature via the `/intake` path. - Updated the Header component to include a navigation button for the Intake Wizard. - Implemented the Intake API in the services, defining interfaces and methods for platform retrieval, search functionality, and submission of design specifications. - Enhanced the backend by integrating the Intake router, ensuring the new functionality is accessible through the API.
- Updated the SubmitRequest model to include title, description, and additional context for improved intake submissions. - Enhanced the submit_intake function to generate GitHub issues with minimal required fields and include search results for better context. - Introduced a new chat feature in the Header component, allowing users to access the Registry Chat easily. - Simplified the IntakeWizard component by removing unnecessary steps and integrating direct navigation from the chat to the intake process. - Refactored the API service to accommodate the new submission structure, ensuring seamless communication with the backend.
- Replaced the SmartToy icon with ChatBubbleOutline for better representation of the chat feature. - Refactored the chat access point in the Header component from an IconButton to a Button with a tooltip, improving usability and accessibility. - Adjusted styling for the chat button to enhance visibility and user experience when navigating to the chat interface.
- Updated Taskfile to source secrets from az.secret for Docker commands, ensuring secure access to sensitive information. - Added GitHub App authentication parameters in the configuration, allowing for improved security and flexibility in GitHub interactions. - Refactored GitHub issue creation logic to utilize the new GitHub App authentication method, enhancing integration reliability. - Updated the intake router to use the new GitHub intake repository setting, streamlining issue submissions for the intake process. - Introduced a token manager for GitHub App JWT and installation token lifecycle management, improving authentication handling.
- Added optional visibility field to CodeCollection model, allowing collections to be marked as 'public' or 'hidden'. - Updated codecollections.yaml to include image_source and image_registry fields for better image tracking. - Introduced a new scheduled task for syncing image tags from OCI registries, enhancing image catalog management. - Refactored various database queries to respect visibility settings, ensuring hidden collections are excluded from public-facing endpoints while still being accessible for internal processes. - Enhanced logging to reflect visibility status during collection creation and updates.
|
Closing in favor of #114. This branch had drifted ~3 months from GitHub's merge-conflict warnings were therefore mostly noise: only the catalog commit ( #114 contains only the catalog commit, cherry-picked onto current |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 24ad77a. Configure here.
| and v.version_type == "tag" | ||
| and (stable_tag is None or v.version_name > stable_tag) | ||
| ): | ||
| stable_tag = v.image_tag |
There was a problem hiding this comment.
Stable tag comparison mixes version_name with image_tag
High Severity
In _entry_pointers, the stable-tag comparison on line 74 compares v.version_name (e.g. "v1.2.0") against stable_tag, which holds an image_tag value (e.g. "v1.0.0-abc1234-def5678") set on line 76. After the first tag match, subsequent comparisons are between mismatched types — a short ref name vs. a full OCI tag with commit-sha suffixes. This can cause incorrect "stable" resolution, e.g. a pre-release like "v2.0.0-rc1" beating "v2.0.0" because 'r' > 'a' in the sha suffix. The comparison needs to track the winning version_name separately from the winning image_tag.
Reviewed by Cursor Bugbot for commit 24ad77a. Configure here.
| f"*Created via the CodeCollection Registry intake wizard at {datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M UTC')}.*", | ||
| ]) | ||
|
|
||
| return "\n".join(parts) |
There was a problem hiding this comment.
Unused _build_issue_body function is dead code
Low Severity
The _build_issue_body helper (which formats a DesignSpecDraft into a GitHub issue body) is defined but never called anywhere in the codebase. The submit endpoint uses _build_minimal_issue_body instead. This is ~75 lines of dead code that adds maintenance burden without being reachable from any code path.
Reviewed by Cursor Bugbot for commit 24ad77a. Configure here.
1 participant
Note
Medium Risk
Adds new DB columns/migrations, a scheduled background sync that polls OCI registries, and new public APIs/UX flows; issues could surface as incorrect catalog resolution or unintentionally hiding/showing collections if visibility filtering is misapplied. GitHub App auth introduces new credential paths that could break issue creation if misconfigured.
Overview
Adds a PAPI-facing image catalog: new
codecollection_versionsfields (image_tag,image_digest,commit_hash, etc.), a pluggableImageSourcesystem (oci+static), a new Celery beat task (sync_image_tags_task) scheduled every 5 minutes, and read-only catalog endpoints under/api/v1/catalogto list/resolve image refs.Introduces collection
visibility(public/hidden) persisted fromcodecollections.yaml, plus centralizedpublic_only()filtering applied across public registry endpoints (collections, codebundles, tasks, stats, and version APIs) while the catalog intentionally bypasses the filter.Adds an Intake Wizard flow: new backend
/api/v1/intakeendpoints that query MCP for existing coverage and create GitHub issues in a configurable repo, plus a new frontend/intakepage and navigation updates; chat now routes “Request CodeBundle” to the wizard instead of opening an inline issue-creation dialog.Updates GitHub integration to support GitHub App authentication (App JWT → installation token) with PAT fallback, used by both the backend issue-creation route and the MCP server tool, and tweaks local Taskfile docker commands to source
az.secretbefore compose actions.Reviewed by Cursor Bugbot for commit 24ad77a. Bugbot is set up for automated code reviews on this repo. Configure here.