* feat: implement SSRF protection with URL validation across plugins
* refactor SSRF protection to focus on cloud metadata endpoints and improve configuration options
* remove legacy whitelist functionality and streamline SSRF validation process
* enhance SSRF protection by adding configurable blocked schemes and validation checks
* enhance SSRF protection by integrating configurable options across services
* replace dns.lookup with dns.lookup from dns module for improved clarity
* refactor: enhance SSRF protection by merging request options and improving IP format normalization
* Fix: update comments for clarity and enhance IP normalization in SSRF protection
* enhance SSRF protection by validating URL and applying protection options in GraphqlQueryService
* enhance SSRF protection with detailed validation for redirects and URL schemes
* fix(grpcv2): use loadSync for filesystem proto loading to prevent server crash
protobufjs has an unfixed bug (protobufjs/protobuf.js#1098) where
async Root.load() calls resolveAll() outside its try-catch in the
finish() callback. When resolveAll() throws (e.g. unresolvable types),
the error becomes an uncaught exception that crashes the Node.js
process — the Promise never resolves/rejects.
Switch from protoLoader.load() to protoLoader.loadSync() for all
filesystem-based proto loading. With loadSync, resolveAll() errors
propagate as normal synchronous throws caught by existing try-catch
blocks. This is consistent with loadProtoFromRemoteUrl() which
already uses loadSync.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(grpcv2): add filesystem proto discovery with lightweight scanning
Add discoverServiceNames and discoverMethodsForServices to support
two-phase service discovery from filesystem proto files. Uses
protobufjs.parse() for lightweight name scanning (~30KB/file) and
only loads full gRPC definitions for selected services, preventing
OOM on large proto directories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(DynamicSelector): add multi-select and autoFetch for grpcv2 filesystem services
Add isMulti and autoFetch props to DynamicSelector. autoFetch triggers
service discovery on mount without requiring a manual button click,
and skips cache persistence to avoid false "Unsaved Changes" prompts.
Multi-select renders services as chips with custom styles.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(data-sources): handle non-array elements in resolveKeyValuePair
resolveKeyValuePair assumed all array option elements are sub-arrays
(like metadata key-value pairs). Options like selected_services contain
plain strings, causing arr.map crash during test connection. Guard with
Array.isArray check and fall back to resolveValue for scalar elements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): require service selection for filesystem mode in query manager
Filesystem mode without selected services would fall back to full
proto discovery (loading every file), defeating the purpose of the
two-phase discovery. Now shows an error asking the user to select
services in the datasource config instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): require selected services for filesystem test connection
Test connection in filesystem mode now validates that at least one
service is selected and uses a selected service for the connectivity
check instead of picking an arbitrary one from the proto directory.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): simplify filesystem test connection to validate proto parsing
Test connection for filesystem mode now just validates that proto files
can be parsed and services discovered — no service selection required.
Removes the meaningless waitForReady check which only tested TCP
connectivity without validating anything about the proto definitions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(grpcv2): remove filesystem branch from discoverServices
Filesystem mode never flows through discoverServices — it uses the
two-phase discoverServiceNames + discoverMethodsForServices path.
Remove the dead branch and add a comment documenting the filesystem
flow for clarity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs(grpcv2): add comment documenting test connection behavior per mode
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): add TCP connectivity check for filesystem mode test connection
Filesystem mode now falls through to checkFirstServiceConnection (waitForReady)
like reflection and URL modes, instead of returning early after proto parsing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* cleanup(DynamicForm): remove unused snake_case prop aliases for isMulti and autoFetch
No plugin manifest uses is_multi or auto_fetch — the gRPC v2 manifest
(the only consumer of these props) uses camelCase exclusively, and there
is no transformation layer in the pipeline.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(DynamicSelector): suppress noAccessError flash during loading
The no-access warning and red border briefly flashed on page reload
because validateSelectedValue ran with an empty array before the
fetch completed. Gate both on !isLoading so they only appear after
data is actually loaded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(DynamicSelector): skip cache validation for autoFetch on unrelated prop changes
When autoFetch is enabled, cache is never persisted to options (to avoid
"Unsaved Changes"). So every time selectedDataSource changes for
unrelated reasons (e.g. title edit), the cache-checking useEffect finds
no cache and calls validateSelectedValue([]), falsely triggering the
no-access warning. Skip this effect for autoFetch since it has its own
dedicated fetch/validation lifecycle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): remove QueryResult wrapping from plugin invokeMethod returns
grpcv2 plugin methods (discoverServiceNames, discoverMethodsForServices)
were returning QueryResult-wrapped responses which got double-wrapped by
DataSourcesService.invokeMethod, causing GRPCv2Component to crash with
"servicesData.services.map is not a function" when opening filesystem
proto queries.
Plugin invokeMethod now returns raw data (arrays) instead of QueryResult
objects. The server's invokeMethod always wraps with { status: 'ok', data }
consistently. DynamicSelector adds an Array.isArray guard for plugins
that return raw arrays vs { data: [...] }.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(DynamicSelector): skip access validation for autoFetch fields
autoFetch fields (e.g. gRPC services) are discovered from proto files,
not OAuth-scoped resources — "no access" warnings don't apply.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor(grpcv2): unify service discovery into single getServiceDefinitions entry point
Consolidate discoverServices, discoverServiceNames, and discoverMethodsForServices
into two clear methods: listServices (lightweight name scan for DS config) and
getServiceDefinitions (full method discovery for query editor, all modes).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix(grpcv2): prevent OOM on filesystem test connection and query fallback
Filesystem test connection no longer parses proto files — just counts
them with fast-glob and checks TCP connectivity via a raw gRPC client.
Query execution fallback after server restart now uses the lightweight
protobufjs.parse() scanner instead of the heavy protoLoader.loadSync()
path. Removes two dead functions (discoverServicesIndividually,
discoverServicesUsingFilesystem).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: update version to 3.20.95-lts across all components
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* chore: update bcrypt to version 6.0.0 in package.json
* chore: remove unused devDependencies from package.json
* Refactor code structure for improved readability and maintainability
* Refactor code structure for improved readability and maintainability
* chore: update bcrypt to version 6.0.0 in package.json
* chore: remove unused devDependencies from package.json
* Implement feature X to enhance user experience and optimize performance
* refactor: failsafe gRPC service discovery with file loads
* refactor: search only service names
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* MongoDB connection with srv support
* design changes and migration
* changes in design
* fix password field is coming disabled.
* change with save button
* changes in the save button and encrypt
* Changes for mongoDb SRV after Code Review
* migration script
* Changes in the UI
* fixed the db issue in connection
* changes comment removed
* SSl issue resolved
* Review changes made
* editing connection string affects only individual fields
* fixed dataSource Saving in imported apps
* fixed imported apps ds save
---------
Co-authored-by: Pratush <pratush@Pratushs-MacBook-Pro.local>
* Added option to send Sender's Name
* change made to Sender Name
* bump version to 3.20.46-lts in all relevant files
---------
Co-authored-by: Pratush <pratush@Pratushs-MacBook-Pro.local>
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* POstgresql query level timeout implementation
* for query without parameters query level timeout has been updated
* Query level timeout at Run Query endpoint
* label for timeout is updated
* Timeout is applied at run query level
* Method name has been modified
* ref updated
* Error message modified
* Abort controller is abstracted
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* Add cypress test cases for enterprise user groups and permissions
* update constants
* update user groups test cases
* update spec
* update groups cases
* update lock.json
* update custom group cases
* update docker file
* update first user onboarding and platform commands
* add case for UI promote and release permission
* working on google sheet service account flow
* service account flow logic added
* for service account flow skip the Oauth error flow
* added datamigration to backfill the authentication option for GoogleSheets
* added default credential chain flow
* Bump version to 3.20.5-lts across all components and add tag-and-push script for releases
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
* refactor: use service descriptor retrieval and pass callOptions
* refactor: remove redundant comments
* refactor: use sdk methods to get appropriate proto definition on reflection
* fix: changes not save immediately
* fix: improve loading state handling in GRPCv2 component
* feat: add filesystem support for loading proto files
* feat: implement fuzzy search and debounce functionality
- Updated `AbilityGuard` to utilize `TransactionLogger` for logging execution time and errors.
- Enhanced `ResponseInterceptor` to include transaction metadata in logs.
- Modified `QueryAuthGuard`, `ValidateQueryAppGuard`, and `ValidateQuerySourceGuard` to log completion times and transaction IDs.
- Introduced `TransactionLogger` service for structured logging with transaction context.
- Added transaction ID and route information to request context in `RequestContextMiddleware`.
- Updated `JwtStrategy` to log validation completion times.
- Refactored logging configuration in `AppModuleLoader` to support pretty printing in non-production environments.
- Removed console logs in favor of structured logging for better traceability.
