Pull Request Explorer

Summary

Add inbound email attachment forwarding to agent webhook

Adds end‑to‑end attachment support for inbound emails, enforcing size limits, base64 encoding, and enriching webhook payloads, improving reliability and observability.

Health Assessment

• • The PR received a quick initial review and required several subsequent commits to address feedback, indicating active iteration but a smooth final merge within three days.
• • AI assistance accelerated code generation and documentation, while human review ensured quality and adherence to business requirements.

Summary

Automated daily production Novu Cloud release

Automated daily production Novu Cloud release

Health Assessment

• • The PR was merged immediately with no review, indicating a fast release cycle. The large number of lines added and removed suggests significant changes, but the lack of review may increase risk.

Summary

Update dashboard build memory limit

Reduces memory usage during dashboard build, optimizing resource consumption.

Health Assessment

• • Quick, single-file change merged immediately with no tests added.

Summary

Add Vercel configuration for rewrites and security headers

Adds Vercel config to enable routing rewrites and enforce security headers for the dashboard, improving deployment reliability and security.

Health Assessment

• • PR merged immediately with no review, indicating low complexity and high confidence in the change.

Summary

Release Novu Cloud version 2026-05-08

Automated daily production Novu Cloud release.

Health Assessment

• • Release merged quickly with minimal review, reflecting an automated release pipeline.

Summary

Fix integration mutation scoping by environment

Prevents cross‑organization mass assignment of integrations while preserving in‑org cross‑environment access, tightening security for integration management.

Health Assessment

• • Merged within 12 hours after a single review comment, indicating a straightforward bug fix with minimal rework.

Summary

Prevent mass-assignment of tenant IDs in bulk upsert

Ensures tenant scoping cannot be bypassed during bulk subscriber upsert, protecting cross-tenant data integrity.

Health Assessment

• • Rapid resolution with minimal rework; AI-assisted PR body streamlined communication.

Summary

Add permission guard to EE branding routes

Ensures only authorized users can modify organization branding and rename, tightening security for EE users.

Health Assessment

• • Quick fix with minimal changes, merged within 20 minutes.

Summary

Fix secret env variable overwrite bug

Prevents accidental loss of secret values when editing variables in the dashboard, ensuring data integrity and consistent API behavior.

Health Assessment

• • Rapid resolution with minimal iterations; AI‑assisted review helped identify edge cases quickly.

Summary

Restrict inbox events to keyless workflow

Hardens the inbox events endpoint to prevent unauthorized workflow triggers, limiting access to the keyless demo flow and reducing spam and abuse.

Health Assessment

• • Fast cycle time and minimal review iterations indicate efficient resolution of a critical security issue.

Summary

Centralize outbound HTTP client for SSRF safety

Adds a centralized SSRF‑safe outbound HTTP layer, migrating all server‑side callers to validate URLs, pin connections, and enforce security, reducing risk of SSRF attacks.

Health Assessment

• • Large‑scale security refactor completed swiftly with AI‑assisted review, but high complexity and many review rounds warrant careful monitoring.

Summary

Fix inbound mail queue persistence before SMTP ack

The inbound SMTP server now waits for queue persistence before acknowledging, preventing silent message loss. It also cleans up temp files safely to avoid disk exhaustion.

Health Assessment

• • Fast review and merge with minimal rework, addressing a critical bug that prevented message loss and potential DoS.

Summary

Reject cross-workflow template IDs on update

Prevents cross-workflow data corruption by validating template IDs during workflow updates, ensuring only templates belonging to the current workflow are used.

Health Assessment

• • Fast resolution with minimal rework; single commit and quick merge indicates low complexity and high confidence in fix.

Summary

Fix MongoDB session leak in BaseRepository

Prevents server‑side session leaks, improving database stability and performance.

Health Assessment

• • Fast turnaround, minimal code churn, no review required, low risk

Summary

Fix transaction session usage in DeleteTopicSubscriptions

Ensures atomic deletion of topic subscriptions and preferences, preventing data inconsistency and enforcing organization scoping.

Health Assessment

• • Fast turnaround with minimal changes and quick review, indicating low complexity and risk.

Summary

Fix unhandled ClickHouse write in exception filter

Prevents API crashes by ensuring analytics logging errors are caught and logged without blocking error responses.

Health Assessment

• • Quick fix with minimal rework, low review friction, small scope, resolved critical unhandled rejection issue.

Summary

Release Novu Cloud 2026-05-08

Automated daily production release of Novu Cloud, ensuring updated features and bug fixes are deployed to customers.

Health Assessment

• • Release was merged quickly with minimal review, indicating a streamlined release process.

Summary

Enhance .env value escaping for special characters and multi-line values

Improves .env file generation by properly escaping special characters and multi-line values, ensuring compatibility with dotenv parsers and preventing deployment issues.

Health Assessment

• • Quick fix with minimal changes, no tests added, merged immediately after review.

Summary

Fix email layout interpolation for env variables

Environment variables in email layouts are now correctly interpolated, fixing an issue where they were silently dropped.

Health Assessment

• • The PR was reviewed and merged quickly, indicating a straightforward fix.
• • The change is additive and does not introduce any breaking changes or schema modifications.

Summary

Add portless + mprocs local dev setup

Provides stable HTTPS .localhost URLs and an interactive per-service restart UI, reducing developer friction and improving local development reliability.

Health Assessment

• • Fast cycle time and minimal review iterations indicate smooth integration and low risk.

Summary

Release 2026-05-07: Production Deployment

Automated daily production Novu Cloud release, ensuring continuous delivery and reducing manual effort.

Health Assessment

• • Release executed in under 10 minutes with minimal review friction; AI assistance accelerated code changes.

Summary

Improve trace query performance in API service

Optimizes ClickHouse trace queries by bounding scans to the parent entity’s creation time, reducing I/O and improving API response times.

Health Assessment

• • The PR was reviewed and merged within minutes, indicating a straightforward performance tweak with minimal risk.

Summary

Fix Activity Feed nav highlight on conversations page

Ensures the Activity Feed navigation item remains highlighted when users navigate to conversation pages, improving navigation clarity and user experience.

Health Assessment

• • Quick, single-commit fix with immediate review and merge, indicating low complexity and minimal risk.

Summary

Add New Relic instrumentation to inbound mail pipeline

Adds explicit New Relic background transaction for inbound mail processing, enabling visibility of SMTP‑driven flows without exposing PII.

Health Assessment

• • Fast cycle time (7h) and minimal review comments indicate a smooth process; AI‑generated PR description helped clarify intent and reduce back‑and‑forth.

Summary

Add aggregator gate to PR pipeline

Consolidates CI checks into a single status to simplify branch protection and enable auto-merge.

Health Assessment

• • Merged within 45 minutes of opening, with a single review and no rework, indicating a smooth and efficient CI enhancement process.

Summary

Add tooltip to Bridge URL warning icon

Improves user experience by providing a hover tooltip that explains the Bridge URL requirement, reducing confusion for users.

Health Assessment

• • Quick turnaround with minimal rework; single review comment and two small commits indicate a smooth process.

Summary

Resolve high basic-ftp vulnerability

Patch vulnerable dependency to prevent DoS attacks, ensuring application stability.

Health Assessment

• • Quick fix with minimal changes, resolved in under 2 hours, no rework needed.

Summary

Add reaction events to Slack app manifests

Adds missing Slack bot event subscriptions so reaction webhooks are received, enabling onReaction handlers to fire.

Health Assessment

• • PR merged within minutes with only two small files changed, indicating a low‑risk, straightforward bug fix.

Summary

Release Novu Cloud 2026-05-07

Automated daily production Novu Cloud release

Health Assessment

• • Rapid release cycle with AI-assisted code changes; large scope but minimal review time indicates high confidence in automated testing and quality gates.

Summary

Add two-level provider picker for agents

Improves user experience by separating provider type selection from instance selection, reducing confusion and making integration creation clearer for customers.

Health Assessment

• • Fast review and single commit after feedback indicate a straightforward UI enhancement with minimal risk.

Summary

Bump @novu/framework and novu package versions

This PR updates internal package versions to keep dependencies current, preparing for the next release cycle.

Health Assessment

• • Rapid merge with minimal changes indicates a straightforward maintenance update.

Summary

Add metadata CRUD to agent context

Provides agents with full create, read, update, delete, and clear capabilities for metadata, enhancing flexibility and reducing runtime errors.

Health Assessment

• • Fast review (0.1h) and single commit after review indicate a smooth process; the change is sizable but well-tested, minimizing risk.

Summary

Improve agent framework DX and starter template

Enhances developer experience for building agents by simplifying handler signatures, adding documentation, and updating starter templates, reducing friction and improving consistency.

Health Assessment

• • Fast cycle time and minimal review comments indicate smooth integration; AI assistance likely accelerated the changes.

Summary

Limit webhook URL input width on agent details page

Adjusts UI to constrain webhook URL input width to 500px, improving layout on wide screens.

Health Assessment

• • Rapid review and merge indicate low complexity and minimal risk.

Summary

Resolve Biome lint errors in dashboard and services

Fixes linting errors to improve code quality and reduce build failures, ensuring smoother CI/CD and developer experience.

Health Assessment

• • The PR was merged within 2 hours with minimal review, indicating high developer efficiency.
• • AI-assisted PR body generation streamlined communication and reduced manual effort.

Summary

Add provider-specific titles and Slack copy button

Enhances agent setup UI by providing provider-aware titles and a reusable Slack copy button, improving onboarding clarity.

Health Assessment

• • Rapid merge (0.1h cycle time) indicates minimal review friction and low complexity.

Summary

Add single-command startup for agent projects

Simplifies onboarding by allowing a single command to launch the agent’s local server and tunnel, reducing setup friction for users.

Health Assessment

• • The PR was merged within 1.3 hours with minimal review comments, indicating a smooth process. AI tools were used to generate code and review comments, contributing to rapid iteration. The change is small to medium in scope and carries low risk.

Summary

Add Slack onboarding DM and follow‑up flow

Enables a new Slack onboarding experience by sending a welcome DM after OAuth and a follow‑up message after bridge connection, improving user engagement and reducing friction.

Health Assessment

• • Rapid cycle with minimal review iterations indicates high confidence in changes, but large code churn suggests significant impact.

Summary

Scope Azure OAuth reads/writes by environment

Prevents cross‑environment credential overwrites in the Azure Quick Setup OAuth flow by scoping integration lookups to the correct environment, enhancing security.

Health Assessment

• • Fast turnaround (17h cycle, 6min review), minimal code changes, and no new dependencies indicate a low‑risk, high‑confidence security fix.

Summary

Resolve high‑severity dependency vulnerabilities

This PR updates critical dependencies to patch high‑severity security vulnerabilities, ensuring the platform remains secure and compliant.

Health Assessment

• • Rapid review and merge (2.4 h cycle time) indicate low complexity and high confidence in the fixes.

Summary

Bump New Relic to fix MongoDB instrumentation

Upgrades New Relic to resolve MongoDB driver incompatibility and adds a flag to avoid duplicate OpenTelemetry provider registration with Sentry, ensuring reliable tracing across services.

Health Assessment

• • Quick dependency upgrade with minimal changes and a single review, indicating low risk and efficient process.

Summary

Bump fast-xml-parser to fix AWS XML parsing

Fixes a runtime regression in AWS SDK XML parsing that broke SNS, SES, and S3 responses by updating fast-xml-parser to 5.7.3, restoring successful message delivery.

Health Assessment

• • Rapid resolution of a runtime regression with minimal code changes; PR merged within an hour, indicating efficient review and low risk.

Summary

Release Novu Cloud 2026-05-05

Automated daily production Novu Cloud release.

Health Assessment

• • Fast automated release with minimal code changes and no review friction.

Summary

Bump helmet to v8 in core services

Upgrades helmet security middleware to v8, improving CSP handling and HSTS defaults with no code changes.

Health Assessment

• • Fast cycle time with a single commit and minimal changes indicates low risk and an efficient process.

Summary

Release Novu Cloud 2026-05-05

Automated daily production Novu Cloud release

Health Assessment

• • Release executed in under an hour with minimal review, indicating efficient automation. The large code changes suggest a comprehensive update, but the rapid cycle time reduces risk.

Summary

Add Slack quick setup endpoint and UI

Enables users to quickly provision Slack integrations via a new API endpoint and dashboard UI, reducing setup friction.

Health Assessment

• • The PR had a rapid initial review but required extensive iteration with AI‑assisted comments, indicating complex changes across backend and frontend.

Summary

Fix APM traces by pinning PM2

Pin PM2 to 6.0.14 across services to restore APM instrumentation and adjust logging levels, ensuring reliable observability.

Health Assessment

• • Resolved APM trace issue with minimal changes; quick turnaround.

Summary

Add inbound WhatsApp attachment support

Enables inbound WhatsApp media attachments by allowing fetch without size metadata and enforcing caps, improving agent integration.

Health Assessment

• • Fast cycle time and minimal review comments indicate a smooth, low-risk fix with AI-assisted review comments.

Summary

Fix agent signal DTO validation for workflow

Improves validation of trigger recipients, preventing empty IDs and ensuring topic data integrity, enhancing reliability of agent reply handling.

Health Assessment

• • Quick fix with minimal changes, AI-assisted code generation, fast review cycle.

Summary

Add per-agent email sender override

Enables per-agent email sender configuration, improving email deliverability and user control.

Health Assessment

• • Rapid approval with minimal rework indicates high confidence in changes.