Pull Request Explorer

Summary

Fix no-access reply for unresolved managed agent subscribers

Provides a clear no-access message when a managed agent cannot resolve the sender, improving user experience and reducing error confusion.

Health Assessment

• • Merged within 2 hours of opening with only one review and a single follow-up commit, indicating a smooth review process.

Summary

Fix inline attachment fallback for self-hosted deployments

Restores attachment delivery when S3 is not configured by embedding binary content inline, ensuring self-hosted users receive attachments and preventing silent drops.

Health Assessment

• • PR required extensive rework after initial review, with multiple commits to address inline fallback logic and related DTO changes, indicating complex bug fix with significant code churn.

Summary

Fix timing-safe HMAC comparison for security

Mitigates timing side‑channel attacks by replacing unsafe HMAC comparisons with constant‑time checks, enhancing subscriber authentication security.

Health Assessment

• • Fast review and single commit rework; minimal scope and no behavior change; security hardening with low risk.

Summary

Fix duplicate Telegram webhook configuration

Prevents duplicate webhook registration that caused rate‑limit errors, ensuring a smoother Telegram integration for users.

Health Assessment

• • Quick, single‑file change with no rework; merged within minutes, indicating low complexity and minimal risk.

Summary

Fix Redis cluster hash tag issue for telegram links

Ensures atomic Redis operations in cluster by wrapping tokens in hash tags, preventing cross-slot errors and maintaining service reliability.

Health Assessment

• • Rapid resolution with minimal code changes and no breaking changes, indicating a low-risk, high-confidence fix.

Summary

Use opaque Redis tokens for Telegram QR links

Replaces JWTs in Telegram mobile setup URLs with short, secure 32‑character tokens stored in Redis, shrinking QR codes and removing sensitive identifiers from URLs while maintaining the same API contract.

Health Assessment

• • The PR was merged within 1.8 hours, with AI‑generated review comments prompting three quick commits to address issues, indicating a tight but iterative review cycle. The large code change and multiple review rounds suggest moderate to high risk, yet the rapid resolution reflects effective collaboration.

Summary

Resolve high-severity tmp vulnerability

Fixes a critical path-traversal vulnerability in the tmp package by pinning to a safe version, ensuring secure dependency management.

Health Assessment

• • Quick fix with minimal changes, resolved a critical vulnerability in under 6 hours.

Summary

Bind TesterArmy deploy jobs to environment secrets

Ensures TesterArmy regression jobs can access environment-specific secrets, fixing webhook trigger failures.

Health Assessment

• • Quick fix merged within 18 minutes, minimal changes, low complexity.

Summary

Restructure agents module into ingress/runtime/egress architecture

Reorganizes the agents service into a clean ingress/runtime/egress architecture, improving maintainability and scalability while preserving existing API contracts. This refactor enables easier feature addition and reduces technical debt.

Health Assessment

• • Rapid iteration with AI assistance led to a swift merge; no major review friction observed.

Summary

Add workflow name to New Relic attributes

Adds workflow name to New Relic custom attributes, enabling better trace filtering and grouping by workflow, improving observability.

Health Assessment

• • Fast review cycle, minimal changes, AI-assisted, low risk.

Summary

Remove organization existence check from workflow worker

Eliminates redundant pre‑processing check, allowing jobs to proceed directly to execution, simplifying worker logic and reducing unnecessary database lookups.

Health Assessment

• • Quick merge with minimal changes; no review delays or rework; low risk.

Summary

Fix onboarding and invite accept flow for Connect

Improves Connect onboarding by removing localStorage dependency, using URL parameters, and enhancing invite acceptance flow, ensuring smoother user experience.

Health Assessment

• • PR merged quickly with minimal changes, indicating a straightforward refactor and feature addition with low complexity.

Summary

Improve managed-agent MCP setup gate UX

Enhances user experience during managed-agent OAuth setup by showing typing indicators and platform‑aware completion messages, reducing perceived latency and improving engagement.

Health Assessment

• • Fast review and merge with minimal rework, indicating a straightforward UX improvement.

Summary

Fix agent connector dropdown to show full list

Ensures users see all connector options when creating an agent, improving usability and reducing confusion.

Health Assessment

• • Quick fix with minimal changes, merged within a day, indicating low complexity and high confidence.

Summary

Reuse Claude creds when migrating demo agent

This change lets users reuse existing Anthropic integrations instead of creating duplicate demo credentials, simplifying migration and reducing credential clutter.

Health Assessment

• • Quick review and merge with minimal back‑and‑forth; AI review helped streamline the process.

Summary

Add TesterArmy regression triggers to deploy workflow

Automates post‑deploy regression tests for staging and production, ensuring rapid detection of deployment issues and improving release reliability.

Health Assessment

• • Merged in under 20 minutes with no review rounds, showing a simple CI enhancement. AI assistance helped generate the workflow changes efficiently.

Summary

Release Novu Cloud 2026-05-29

Automated daily production Novu Cloud release.

Health Assessment

• • Release merged immediately with no review, large code changes may increase risk; automated process suggests confidence in stability.

Summary

Scope connect session to agents onboarding only

Fixes inbox preview mismatch by scoping the connect subscriber provider to the agents setup route, ensuring test notifications are correctly routed.

Health Assessment

• • Quick, single‑file change with no downstream impact; merged within an hour of opening.

Summary

Update Connect staging domain and runtime picker copy

This PR updates the Novu Connect CLI to point to the correct staging domain and improves the runtime picker UI copy for clearer user experience.

Health Assessment

• • Merged within 12 minutes, no review comments, quick fix.

Summary

Remove server‑side feature flag guards from agent APIs

Allows agent‑related API endpoints to be accessible regardless of feature flag state, centralizing rollout control to the dashboard UI and preventing 403/404 errors when flags are off.

Health Assessment

• • Quick fix with AI‑generated description, minimal code changes, fast review and merge, low risk.

Summary

Move dashboard auth to cookie-based model

Simplifies authentication by using shared domain cookies, reducing cross-origin redirects and improving user experience.

Health Assessment

• • Merged within 12 minutes with minimal changes and no new tests, indicating a straightforward refactor with low risk.

Summary

Enable Docker layer caching in deploy workflow

Improves CI build speed by caching Docker layers via Blacksmith, reducing build times for subsequent deployments.

Health Assessment

• • Rapid review and merge with minimal changes, indicating low complexity and risk.

Summary

Sequential MCP tool approval and observer pause delivery fixes

This PR fixes the tool approval flow to deliver approvals one at a time and prevents duplicate approval cards by pausing the observer after the first requires-action webhook, improving user experience and reducing redundant prompts.

Health Assessment

• • Fast turnaround with minimal review comments indicates a straightforward bug fix; large line changes but no major refactor or new feature introduction.

Summary

Add delete-from-provider option to agent modal

Provides a checkbox to delete agents from the provider side, ensuring resources are fully cleaned up and preventing orphaned agents.

Health Assessment

• • Merged after a single review with minimal changes, indicating a straightforward, low-risk enhancement.

Summary

Fix onboarding flash on dashboard refresh

Prevents transient onboarding UI from appearing when returning users refresh the Connect dashboard, improving user experience.

Health Assessment

• • Quick fix with minimal rework; AI‑assisted review comments streamlined the process.

Summary

Prefer real Anthropic credential over demo

Ensures Add agent modal defaults to real Anthropic integration, improving onboarding accuracy.

Health Assessment

• • Quick fix with minimal changes, resolved within 2 hours, indicating efficient review and low complexity.

Summary

Add Slack OAuth confirmation step

Adds a confirmation screen before opening Slack OAuth in the connect CLI, improving user flow and aligning with existing consent gates.

Health Assessment

• • Rapid merge with minimal review, large code changes across backend and frontend, but low friction indicates confidence.

Summary

Add scroll buttons to onboarding channel selector

Adds visible scroll affordances for provider cards and fixes auth shims to prevent blank renders after sign‑in, improving usability and reliability.

Health Assessment

• • Fast cycle time (1.8h) and minimal review comments indicate a smooth, low‑friction process; AI‑generated review helped accelerate the merge.

Summary

Add subscriber-scoped MCP tool trust approval

Adds per-subscriber MCP tool trust, auto-confirming trusted tools and providing approval cards, while tightening OAuth flows.

Health Assessment

• • Rapid iteration with multiple commits after a single review indicates a tight feedback loop but high complexity; quick merge suggests confidence yet potential for undiscovered issues.

Summary

Replace MCP toggles with Add/Remove buttons

Improves user clarity by replacing confusing toggle switches with explicit Add/Remove actions, enabling bulk updates and reducing errors.

Health Assessment

• • Rapid review and merge (2.3h cycle time) indicate high confidence; the change adds a new UI pattern and bulk API endpoint with minimal risk.

Summary

Fix Connect CLI auth resume after org provisioning

Ensures logged‑in users without an organization can resume the CLI auth flow after org selection and clears the onboarding overlay to prevent users from getting stuck on a loading screen.

Health Assessment

• • The PR was merged within 0.1 hours, indicating a quick review and minimal friction. The changes are small, affecting only four TypeScript/React files with a total of 30 added lines. No new tests were added, and the fixes target edge‑case bugs in the authentication redirect flow.

Summary

Add system prompt editing to agent details

Introduces an editable system prompt field in the agent details view, allowing teams to update prompts in development while protecting production environments.

Health Assessment

• • Fast cycle time with a single review round indicates a straightforward UI enhancement with minimal risk.

Summary

Resolve critical LiquidJS vulnerabilities

Patch transitive LiquidJS dependency to a patched version, eliminating remote code execution and other security risks for the Novu platform.

Health Assessment

• • Quick fix with minimal code changes, merged within 4 hours, indicating low complexity and high confidence.

Summary

Stabilize combined workflow runs filter e2e test

Fixes a flaky end‑to‑end test for workflow run filtering, eliminating a race condition and improving test reliability for the API service.

Health Assessment

• • Quick, single-file change resolved a flaky test, reducing QA cycle time and increasing confidence in the workflow runs feature.

Summary

Fix CLI auth redirect flow

Persists CLI auth session before org picker redirect, ensuring users can resume /cli/auth after choosing an organization.

Health Assessment

• • Fast cycle time of 0.1 hours indicates efficient review and merge process.
• • The fix is well-guarded and touches only the CLI auth redirect path, reducing risk.

Summary

Add platform tooltip bullet for agents

Adds a new tooltip bullet to highlight platform support for customer‑facing agents, improving discoverability when switching between Connect and Platform.

Health Assessment

• • PR merged in 1.2 hours with no review comments, indicating a straightforward copy change with minimal risk.

Summary

Add pre‑dispatch gate for managed agent OAuth

Ensures managed agents only dispatch after OAuth setup, preventing failures and improving user experience by posting setup cards and replaying parked turns.

Health Assessment

• • Fast cycle time and minimal review rounds indicate a smooth process, but the large code change size suggests moderate risk for downstream impact.

Summary

Resume CLI auth after sign‑in and org setup

Ensures CLI device sessions persist across sign‑in, org provisioning, and Connect redirects, preventing users from landing in onboarding and restoring the CLI flow.

Health Assessment

• • PR merged in under an hour with minimal review cycles; AI-generated release notes and comments suggest efficient collaboration; large code additions but focused on a single regression path.

Summary

Replace CLI loopback auth with device sessions

Switches CLI authentication from local loopback to API‑backed device sessions, eliminating HTTPS‑to‑loopback failures and improving security.

Health Assessment

• • Rapid AI‑assisted review enabled a quick merge; the PR spans multiple components (API, dashboard, CLI) with a large code change but minimal back‑and‑forth discussion.

Summary

Release Novu Cloud version 2026-05-28

Automated daily production release, updating backend services, documentation, and CI pipeline to keep Novu Cloud stable and current.

Health Assessment

• • Rapid release with minimal review, high line changes, likely automated release process.

Summary

Add onboarding experiment for API and dashboard

Enables new onboarding wizard for API and dashboard, improving user setup flow. Provides CLI and UI components to streamline initial configuration.

Health Assessment

• • The PR underwent rapid iteration with multiple commits and a quick review cycle, indicating high developer activity but also potential risk due to large scope. The extensive changes across backend and frontend suggest significant integration effort and a higher likelihood of defects if not thoroughly tested.

Summary

Refactor onboarding provisioning logic

Streamlines user onboarding by removing redundant provisioning calls, improving navigation speed and reducing unnecessary API calls.

Health Assessment

• • PR completed in minutes with minimal changes, indicating low complexity and efficient review.

Summary

Add organization‑scoped feature flag for API key visibility in list environments

Enables optional cross‑environment API key visibility via a feature flag, preserving default security while giving trusted orgs control.

Health Assessment

• • Fast review and merge with minimal iterations; AI assistance helped produce concise changes.

Summary

Restore Create Organization in Connect side-nav

Enables Connect users to create new workspaces directly from the dashboard, restoring missing functionality.

Health Assessment

• • Quick fix with minimal changes, merged within minutes, indicating low complexity and high confidence.

Summary

Remove outdated logos and add new assets

Updates dashboard branding assets for consistent visual identity and refines shell rollout logic to prevent unintended activation.

Health Assessment

• • Merged within 20 hours with a single review round, indicating a smooth process, but the large number of lines and files changed suggests a substantial asset overhaul that could impact future maintenance.

Summary

Fix duplicate inbound message for managed agents

Prevents duplicate user messages in managed agent sessions, improving data accuracy and user experience.

Health Assessment

• • Quick fix with minimal changes, merged within 36 minutes, no review required.

Summary

Set managed agent default permission to always_ask

Adjusts the default permission policy for managed agents from always_allow to always_ask, ensuring agents prompt users before actions, enhancing security and user control.

Health Assessment

• • Rapid review and merge with minimal changes; AI-generated release notes provided context.

Summary

UI polish for dashboard to match design

This PR refines dashboard UI components, aligning them with the design system and restoring inbox access for users.

Health Assessment

• • Rapid review and merge with minimal changes indicates low complexity and high confidence in UI polish.

Summary

Move add-agent loading state to dialog footer

Improves user experience by keeping dialog layout stable during agent creation, reducing confusion and layout shifts.

Health Assessment

• • Fast cycle time of 1.6 hours indicates efficient review and implementation. Minimal scope and no complex changes reduce risk.

Summary

Refactor onboarding provisioning logic and components

Improves onboarding flow clarity and maintainability, enabling smoother user setup and consistent experience across platform and connect flows.

Health Assessment

• • Quick review and merge, minimal rework, indicating a straightforward refactor with clear scope.