Create new release #312
Create new release #312
Conversation
* Bump k8s-wait-for to v2.0 for arm64 * Update certs
Timeout handling for gateway
* Fix VIN * add permissions pull request write --------- Co-authored-by: Roshan Piyush <piyush.roshan@gmail.com>
Persistent volume helm configuration
* added check for unsigned jwt
* Use typescript * Fix bugs * lint * Convert more to typescript * More typescript * User service req view * Update dockerfile * Implement service history
* Added functionality to send otp for phone number change request --------- Co-authored-by: Roshan Piyush <piyush.roshan@gmail.com>
* web service verify OTP impl * minor identity service changes --------- Co-authored-by: Roshan Piyush <piyush.roshan@gmail.com>
* E2E-UI * Mechanic UX fixes * Fix profile pages
* enhanced readme * enhanced setup.md * enhanced setup.md
* Fix health of gateway image * Update docker compose
The current name of the docker compose file is `docker-compose.yml`. The readme command examples indicated that the name was `docker compose.yml`. This commit updates all README cases of this error to reflect the actual name of the file, making the command functional again.
* Implement chatbot UI * added llm chatbot service (#242) * added llm chatbot service * Llm chatbot (#243) * removed unused imports * Integration * Lint * Minor fixes * Fix ssl issue * Fix docker * Fix entrypoint * increase timeout * Implement helm * Fix entrypoint * Store user state for chatbot * resolved segmentation fault error in chatbot (#245) * Add release workflow * Instructions * Fix tag publish * Strip tag prefix * String tag prefix for docker tags * Fix entrypoint.sh * Session based chat * Fix UI * Lint * Fix configmap * Update requirements * Fix dockerfile * Fix UX * Seperate prompts * Change to ChatOpenAI * Change to ChatOpenAI * Return messages * Save chat history * Cleanup * Cleanup * Preserve X-Forwarded-For * Add mongo dependency for chatbot * Use old turbo model * FSession logs not clearer debug * Add ssn * Fix gateway service health * Chatbot typescript * Upgrade packages * Dummy commit * Lint * lint * Reduce max mem * Update chatbot * Update chatbot * Potential fix for code scanning alert no. 21: Flask app is run in debug mode Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Chatbot mcp impl * spotless * Fix chatbot * Spotless * Fix usage * MCP server fix (#303) * Remove errors * Remove variables not needed * Add management scripts * Make executable * Fix config * Fix config * Add init for chatbot * Add retry for apikey * Add retry for apikey * Chatbot UX fix * update tool versions * Lint fix * Upgrade golangci-lint * Npm lint fix --------- Co-authored-by: Dhruv Singhal <dhruv.singhal@traceable.ai> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: keyurdoshi03 <keyur.doshi@harness.io>
* chat fix * prettier formatting
| logger.error("openai_api_key not provided") | ||
| return jsonify({"message": "openai_api_key not provided"}), 400 | ||
| openai_api_key: str = data["openai_api_key"] | ||
| logger.debug("OpenAI API Key %s", openai_api_key[:5]) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 3 hours ago
To fix the problem, remove or modify the logging statement so that it does not log any part of the sensitive openai_api_key. The best approach is to avoid logging the key entirely. If logging is needed for debugging, log only that a key was received, without including any part of its value. The change should be made in services/chatbot/src/chatbot/chat_api.py at line 36, replacing the current logging statement with a non-sensitive message. No new imports or methods are required.
| @@ -33,7 +33,7 @@ | ||
| logger.error("openai_api_key not provided") | ||
| return jsonify({"message": "openai_api_key not provided"}), 400 | ||
| openai_api_key: str = data["openai_api_key"] | ||
| logger.debug("OpenAI API Key %s", openai_api_key[:5]) | ||
| logger.debug("Received OpenAI API Key for session %s", session_id) | ||
| # Save the api key in session | ||
| await store_api_key(session_id, openai_api_key) | ||
| return jsonify({"message": "Initialized"}), 200 |
| openai_api_key = await get_api_key(session_id) | ||
| if openai_api_key: | ||
| logger.debug( | ||
| "OpenAI API Key for session %s: %s", session_id, openai_api_key[:5] |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 3 hours ago
To fix the problem, we should avoid logging any part of the OpenAI API key, even a partial prefix, as this is considered sensitive information. The log message on line 80 should be modified to remove the API key entirely. If it is necessary to log that an API key is present for a session, we can log only the session ID or a generic message indicating the presence of a key, without including any part of the key itself. The change is limited to the log statement on line 80 in services/chatbot/src/chatbot/chat_api.py. No new imports or methods are required.
| @@ -77,7 +77,7 @@ | ||
| openai_api_key = await get_api_key(session_id) | ||
| if openai_api_key: | ||
| logger.debug( | ||
| "OpenAI API Key for session %s: %s", session_id, openai_api_key[:5] | ||
| "OpenAI API Key is set for session %s", session_id | ||
| ) | ||
| chat_history = await get_chat_history(session_id) | ||
| # Limit chat history to last 20 messages |
| response_json = response.json() | ||
| logger.info(f"Response: {response_json}") | ||
| API_KEY = response_json.get("apiKey") | ||
| logger.info(f"MCP Server API Key: {API_KEY}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 3 hours ago
To fix the problem, we should remove or redact the logging of the API key. The log statement on line 58 should not output the actual API key value. If it is necessary to log that an API key was obtained, we can log a generic message such as "MCP Server API Key obtained" or, if some traceability is needed, log only a non-sensitive portion (e.g., the last 4 characters) of the key. The rest of the code should remain unchanged to preserve existing functionality. Only the log statement on line 58 in services/chatbot/src/mcpserver/server.py needs to be modified.
| @@ -55,7 +55,7 @@ | ||
| response_json = response.json() | ||
| logger.info(f"Response: {response_json}") | ||
| API_KEY = response_json.get("apiKey") | ||
| logger.info(f"MCP Server API Key: {API_KEY}") | ||
| logger.info("MCP Server API Key obtained successfully.") | ||
| return API_KEY | ||
| return API_KEY | ||
|
|
Description
Release with chatbot