Pull Request Explorer

Summary

Authorize single-job read endpoints by job/flow visibility

Fixes a confidentiality flaw that let workspace members read any job data by UUID; adds proper authorization checks, caching, flow inheritance, and a share‑read link for controlled access.

Health Assessment

• • Rapid AI‑assisted development and a single review cycle enabled a 6‑hour turnaround, but the large code change and critical security fix warrant careful monitoring.

Summary

Use nsjail runtime packages in Docker images

Shrinks Docker images and reduces CVE scan noise by replacing dev packages with runtime-only libraries.

Health Assessment

• • Fast merge with minimal changes and no review friction.

Summary

Release version 1.714.1

This PR updates version numbers and dependencies for the 1.714.1 release, incorporating bug fixes and preparing the codebase for production.

Health Assessment

• • Release PR completed quickly with minimal review, indicating a straightforward version bump and dependency updates.

Summary

Harmonize diff button placement across editors

Aligns diff button UI for script and raw app editors, improving consistency and user experience.

Health Assessment

• • Fast review cycle and single iteration suggest low complexity and minimal risk.

Summary

Prevent Zoom challenge handler signing oracle

Stops attackers from forging Zoom webhook signatures via the challenge endpoint, protecting webhook integrity and preventing unauthorized actions.

Health Assessment

• • Single commit, no review needed, merged within 30 minutes.

Summary

Raise python download fd limit to prevent errors

This change increases the file descriptor limit for the Python download nsjail from 64 to 10,000, preventing failures when uv compiles bytecode on high‑core workers. It ensures reliable worker startup and avoids installation errors.

Health Assessment

• • Quick fix with minimal changes, merged within minutes, indicating low complexity and high confidence.

Summary

Fix preview routing for native TypeScript scripts

Ensures that TypeScript scripts annotated with //native preview correctly target native workers, aligning preview behavior with deployment and preventing preview failures.

Health Assessment

• • Quick AI-assisted fix with minimal code changes and rapid review, indicating low complexity and high confidence in stability.

Summary

Release version 1.714.0

This PR publishes a new release, updating dependencies and configuration across backend, frontend, and client libraries.

Health Assessment

• • Release PR merged quickly with minimal review, indicating a streamlined release process.

Summary

Refresh slim Docker images runtime packages

Updates slim Docker images to use the latest Python runtime and security packages, reducing scanner findings and ensuring compatibility with backend defaults.

Health Assessment

• • Quick review and single commit indicate a smooth, low-risk update.

Summary

Fix git-sync promotion deploys dropping triggers

Ensures triggers and schedules are correctly deployed in promotion mode, preventing deployment failures and data loss for users.

Health Assessment

• • The PR was merged within an hour of opening, with a single review comment and no rework, indicating a straightforward, low-risk bug fix.

Summary

Fix UUID usage in WorkspaceItemDrillPicker

Ensures component works on non-HTTPS deployments by replacing crypto.randomUUID with a fallback, preventing runtime errors. This improves reliability for users on plain-HTTP sites.

Health Assessment

• • Quick fix with minimal changes, AI-assisted, no blockers.

Summary

Fix encryption key push non‑interactive behavior

Ensures CI and automated workflows can push encryption key changes without blocking prompts, preserving secret integrity and enabling safe migrations.

Health Assessment

• • The PR was reviewed and merged within 0.6 hours with a single comment, indicating a straightforward, low‑risk change.

Summary

Fix Windows build regression in backend

Restores Windows compilation by moving the ctrl_break handler out of tokio::select! branches, ensuring cross‑platform build success. This prevents build failures that could block deployments for Windows developers.

Health Assessment

• • Quick fix with minimal changes, resolved immediately after review, indicating low complexity and high confidence.

Summary

Fix username conflict resolution for runnable dependencies

This fix resolves a database constraint error that prevented admins from resolving username conflicts when apps have runnable dependencies, ensuring smoother instance management and preventing HTTP 500 errors.

Health Assessment

• • Fast cycle time of 6.6 hours, single review comment, minimal code changes, low risk of regression.

Summary

Handle Windows CTRL_BREAK_EVENT for graceful shutdown

Adds Windows-specific signal handling to ensure Nomad workers shut down gracefully, preventing abrupt job termination.

Health Assessment

• • Fast review and merge, minimal changes, low risk

Summary

oauth: add salesforce provider

Registers Salesforce OAuth provider enabling Windmill to connect to Salesforce resources, adding production and sandbox support.

Health Assessment

• • PR required over 3 days for review but involved only a single commit and minimal changes, indicating low technical risk but a slow review process.

Summary

Refine ask-user-question chat display and keyboard navigation

Improves UI and keyboard interactions for AI ask-user-question tool in copilot chat, aligning with design system and enhancing user experience.

Health Assessment

• • Rapid AI-assisted iteration with minimal review friction, merged within 5 hours.

Summary

Add datatable tools to global AI chat

Enables AI chat to query and modify workspace datatables directly, boosting developer productivity and reducing manual steps.

Health Assessment

• • Fast 3‑hour cycle with a single review and minimal rework, indicating a well‑controlled change. The large code addition is focused and well‑tested, mitigating risk.

Summary

Add compile-bytecode flag to uv pip install

Pre-compiles Python bytecode during dependency installation, eliminating runtime recompilation and speeding up imports in nsjail environments.

Health Assessment

• • The PR was reviewed and merged within 1.6 hours, with a single comment and no rework, indicating a smooth, low-risk change that improves performance.

Summary

Add global AI chat test tools

Enhances AI chat testing by adding global tools for script discovery and path‑aware flow testing, improving reliability and reducing errors in AI‑driven workflows.

Health Assessment

Summary

Add unsaved changes banner to drawer editors

Provides users with persistent notification of unsaved changes in drawer editors, enabling easier review and discard of edits, improving user experience and reducing accidental data loss.

Health Assessment

• • The PR had a long cycle time due to waiting for main merges, but only a single review comment was required, indicating straightforward changes once the review was addressed.

Summary

Constrain flow-group colors to NoteColor palette

Ensures AI-generated flow groups use only predefined color palette, improving UI consistency and preventing rendering issues.

Health Assessment

• • Long review time (~5 days) but minimal code changes suggest low risk; process may benefit from faster review turnaround.

Summary

Release version 1.713.1 with bug fix

Patch release fixes API bug when removing granular ACLs on multi-version scripts, updating specs and client packages for consistency.

Health Assessment

• • Quick automated release with minimal review, using cubic for review and description generation.

Summary

Fix ACL removal for multi-version scripts

This fix prevents database errors when removing granular ACL entries from scripts that have multiple deployed versions. It ensures reliable permission management for users.

Health Assessment

• • Fast cycle time and minimal rework indicate a straightforward bug fix with quick approval.

Summary

Release version 1.713.0

Publishes a new release, updating dependencies and configuration files to support the latest features and bug fixes.

Health Assessment

• • Release PR merged quickly with minimal review, but the large number of config changes indicates moderate risk of downstream impact.

Summary

Re-pin hub scripts to CVE‑patched versions

Updates cached hub script versions to eliminate known CVEs and adds an environment override for the hub URL in cache mode, improving security and deployment flexibility.

Health Assessment

• • Quick security fix with minimal changes, merged within minutes without review.

Summary

use libgnutls30 in slim images

Ensures slim Docker images use the latest Debian security build of libgnutls30, preventing silent package upgrades and improving security compliance.

Health Assessment

• • The PR had a long cycle time due to a large gap between the initial review and subsequent commits, but the overall scope was minimal and the changes were straightforward.

Summary

Add preserve step tags for custom worker flows

Enables steps and sub‑flows to run on their own worker tags under a custom‑tagged flow, improving routing flexibility and reducing misrouting.

Health Assessment

• • The PR required multiple iterations after the initial review, indicating complex changes to routing logic and UI, but the final merge was achieved within a day.

Summary

Fix privilege escalation in user token lifecycle

Prevents scoped user API tokens from converting into broader credentials, enforcing least-privilege restrictions on delegated tokens.

Health Assessment

• • The PR had multiple commits and reviews, indicating some complexity and iteration in the fix.

Summary

Sanitize user markdown to prevent XSS

This patch removes stored XSS risk by sanitizing markdown input, protecting users and admins from malicious scripts that could compromise sessions.

Health Assessment

• • Merged within 6 minutes of opening, indicating a straightforward fix with no review delays.

Summary

Update bunnative docs and remove legacy nativets

Clarifies native script requirements, removes obsolete language, ensuring consistent deployment and reducing drift.

Health Assessment

• • Quick review and single iteration indicate smooth process; large deletion reflects cleanup of legacy code.

Summary

Make public apps opt into cross-origin isolation via wm_coep

Adds optional cross-origin isolation headers to public app pages, enabling safe embedding in iframes while preserving direct access for classic apps.

Health Assessment

• • Quick fix with AI assistance, minimal review iterations, and no regression risk.

Summary

Add global chat eval coverage

Adds comprehensive AI evaluation coverage for global chat resources, variables, and schedules, improving test reliability and removing deprecated model aliases.

Health Assessment

• • The PR was reviewed and merged within 21 hours with no rework, indicating a smooth process.
• • The moderate line count and single file change type suggest low risk.

Summary

Preserve user drafts during CLI sync push

Ensures that CLI deployments do not delete teammates' in-progress drafts, maintaining collaboration integrity.

Health Assessment

• • Quick fix with minimal rework, low review friction, small scope.

Summary

Fix SSRF validation for AI token URLs

Adds SSRF validation to prevent blind SSRF attacks via AI OAuth token URLs, ensuring internal hosts cannot be accessed without explicit opt‑in.

Health Assessment

• • Quick fix with minimal changes, reviewed and merged within minutes, indicating low complexity and high confidence.

Summary

Add GPT-5.5 eval model

Adds GPT-5.5 as an OpenAI-backed model for ai_evals, enabling benchmark runner to test the latest model across flow, script, app, and global modes.

Health Assessment

• • Fast cycle time of 3 hours and a single comment review indicate low complexity and high confidence in the change.

Summary

Batch encryption-key rotation into single git-sync job

Ensures all secret variables are re-encrypted and synced in a single job, improving consistency and reducing sync overhead.

Health Assessment

• • The PR resolved a critical sync issue with minimal review friction, completing in under 33 hours with a single review cycle.

Summary

Fix AI proxy redirect SSRF

Disables redirect following in the AI proxy client to prevent SSRF attacks, closing a high‑severity security vulnerability.

Health Assessment

• • The PR was merged within 6.3 hours with a single, small change, indicating low review friction and minimal scope. The AI‑assisted code change addresses a critical SSRF vulnerability, providing high business impact with a medium risk level due to the security nature of the fix.

Summary

Authorize and harden log file endpoints

Improves security by preventing unauthorized access to job logs and blocking symlink-based path traversal, protecting sensitive data.

Health Assessment

• • Fast cycle time and minimal changes indicate a straightforward security fix with low risk.

Summary

Bump sync script to publish fork branches

The PR updates the git-sync hub script to a newer version that correctly pushes forked branches to remote repositories. This resolves a production bug where forked branches were not published.

Health Assessment

• • Quick fix with minimal changes, resolved a production issue with fork branch publishing.

Summary

Add sandbox URL support for OAuth providers

Enables admins to configure separate sandbox environments for OAuth providers, improving testing and development workflows without affecting production data.

Health Assessment

• • Fast cycle time with a single review and minimal rework indicates an efficient and well-managed PR process.

Summary

Release version 1.712.0

This PR publishes a new release, bumping the version and updating dependencies across backend, frontend, and client libraries, ensuring all components are aligned for the next deployment.

Health Assessment

• • The release was reviewed immediately with no issues flagged by AI, and merged within 45 hours, indicating a smooth, low‑risk process.

Summary

Add DeepSeek FIM support

Adds native DeepSeek FIM support to Windmill’s code completion, enabling faster and more reliable autocomplete via DeepSeek’s beta completions endpoint.

Health Assessment

• • Fast cycle time and single review with minimal rework indicate a smooth integration of the new DeepSeek FIM capability.

Summary

Prevent duplicate asset node IDs in flow graph

Fixes a crash in the flow graph caused by duplicate asset references, ensuring reliable rendering for users.

Health Assessment

• • Rapid review and merge with minimal changes; no blockers or complex rework.

Summary

Fix git-sync fork branch publishing

Ensures forked workspaces correctly publish a branch to the remote, fixing integration test failures and restoring expected behavior. This change restores CLI push logic for branch-only sync, preventing empty fork branches and maintaining main branch integrity.

Health Assessment

• • Fast cycle time and single review round indicate a straightforward bug fix with minimal risk. The small scope and clear test coverage support a low-risk merge.

Summary

Refactor AI provider proxy logic

Improves maintainability and performance of AI provider integration, reducing latency and simplifying code.

Health Assessment

• • Fast cycle time and minimal review iterations indicate efficient process, though large code churn suggests significant refactoring.

Summary

Implement duration‑weighted fairness admission

Adjusts queue fairness algorithm to use true job durations, reducing victim job latency and balancing worker‑second usage.

Health Assessment

• • Review took almost 50 hours, but no rework was needed; the PR was merged quickly after review.

Summary

Prevent MultiSelect crash on undefined value

This fix prevents a crash that caused approval pages to render blank when a MultiSelect component received an undefined value. It restores reliable user experience for approval workflows.

Health Assessment

• • Merged within 8 minutes with only 18 lines of change, indicating a straightforward bug fix with minimal review friction.

Summary

Inject active editor into global chat

Adds active editor context to global AI chat, improving reference resolution and reducing token usage for users.

Health Assessment

• • PR merged in under an hour with a single review comment, indicating a straightforward change with minimal friction.

Summary

Warn when custom instance DB shared across workspaces

Adds a warning to alert users when selecting a shared custom instance database, preventing accidental data sharing across workspaces. This improves data isolation and reduces confusion for workspace administrators.

Health Assessment

• • Quick turnaround with minimal review comments indicates a straightforward change.