From ede6c881c7eeb0c07d8eae812802fc1bb6222fcf Mon Sep 17 00:00:00 2001 From: Igor Ilic <30923996+dexters1@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:04:34 +0200 Subject: [PATCH 1/4] fix: Resolve env template variable (#1208) ## Description ## DCO Affirmation I affirm that all code in every commit of this pull request conforms to the terms of the Topoteretes Developer Certificate of Origin. --- .env.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env.template b/.env.template index f789fde4b..4f1158e4b 100644 --- a/.env.template +++ b/.env.template @@ -79,8 +79,8 @@ VECTOR_DB_KEY= # 📂 ROOT DIRECTORY IF USING COGNEE LIB INSIDE A DOCKER ################################################################################ # Set up the Cognee system directory. Cognee will store system files and databases here. -DATA_ROOT_DIRECTORY='/cognee_data/data' -SYSTEM_ROOT_DIRECTORY='/cognee_data/system' +# DATA_ROOT_DIRECTORY='/Users//Desktop/cognee/.cognee_data/' +# SYSTEM_ROOT_DIRECTORY='/Users//Desktop/cognee/.cognee_system/' ################################################################################ From df0c0b3f7f19193eeb238bfb045ed74870793e62 Mon Sep 17 00:00:00 2001 From: Pavel Zorin Date: Sun, 10 Aug 2025 07:27:02 +0200 Subject: [PATCH 2/4] Chore: fix Commutity Greetings workflow permissions (#1227) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description Fix “Resource not accessible by integration” error in greetings workflow This PR updates the community | Greetings GitHub Actions workflow to ensure it can successfully post greeting comments on newly opened issues and pull requests — including PRs from forks — without hitting the “Resource not accessible by integration” error. ## Changes - Switched PR trigger from `pull_request` to `pull_request_target` to run in the context of the base repository and grant write-scoped `GITHUB_TOKEN` for commenting on forked PRs. - Added explicit `permissions` block with: - `issues: write` - `pull-requests: write` - Limited triggers to `types: [opened]` for both issues and PRs to avoid unnecessary runs. - Preserved existing greeting messages for issues and pull requests. ## Reason for change The workflow was failing because the default `GITHUB_TOKEN` in `pull_request` events is read-only for forks, preventing the bot from posting comments. `pull_request_target` with explicit permissions solves this while maintaining security. ## DCO Affirmation I affirm that all code in every commit of this pull request conforms to the terms of the Topoteretes Developer Certificate of Origin. --- .github/workflows/community_greetings.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/community_greetings.yml b/.github/workflows/community_greetings.yml index a43f7f549..6e343865e 100644 --- a/.github/workflows/community_greetings.yml +++ b/.github/workflows/community_greetings.yml @@ -1,6 +1,14 @@ name: community | Greetings -on: [pull_request, issues] +on: + issues: + types: [opened] + pull_request_target: + types: [opened] + +permissions: + issues: write + pull-requests: write jobs: greeting: From 089fe34ec93b2f9a40e50b048021e61e0eb6b2dd Mon Sep 17 00:00:00 2001 From: Emmanuel Ferdman Date: Sun, 10 Aug 2025 11:17:17 +0300 Subject: [PATCH 3/4] fix: raise error on version mapping failure (#1228) ## Description Fixed `ValueError` that was not being properly raised when `version_code` could not be mapped to proper Kuzu version. ## DCO Affirmation I affirm that all code in every commit of this pull request conforms to the terms of the Topoteretes Developer Certificate of Origin. Signed-off-by: Emmanuel Ferdman --- cognee/infrastructure/databases/graph/kuzu/kuzu_migrate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cognee/infrastructure/databases/graph/kuzu/kuzu_migrate.py b/cognee/infrastructure/databases/graph/kuzu/kuzu_migrate.py index 3f930d91f..f36b2ec66 100644 --- a/cognee/infrastructure/databases/graph/kuzu/kuzu_migrate.py +++ b/cognee/infrastructure/databases/graph/kuzu/kuzu_migrate.py @@ -74,7 +74,7 @@ def read_kuzu_storage_version(kuzu_db_path: str) -> int: if kuzu_version_mapping.get(version_code): return kuzu_version_mapping[version_code] else: - ValueError("Could not map version_code to proper Kuzu version.") + raise ValueError("Could not map version_code to proper Kuzu version.") def ensure_env(version: str, export_dir) -> str: From ed2bea4ff2e6ecb17ba1f61b5791937629f17043 Mon Sep 17 00:00:00 2001 From: Vasilije <8619304+Vasilije1990@users.noreply.github.com> Date: Sun, 10 Aug 2025 12:29:51 +0200 Subject: [PATCH 4/4] Potential fix for code scanning alert no. 147: Clear-text logging of sensitive information (#1229) Potential fix for [https://github.com/topoteretes/cognee/security/code-scanning/147](https://github.com/topoteretes/cognee/security/code-scanning/147) To fix the problem, we should avoid logging any part of the API key. Instead, we can log a generic message indicating that an API key is configured, without revealing any part of the key. This maintains the functionality of confirming that the key is present, while eliminating the risk of exposing sensitive information. The change should be made in `cognee-mcp/src/test_client.py`, specifically on line 60, replacing the log statement with a safer alternative. No new imports or methods are required. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- cognee-mcp/src/test_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cognee-mcp/src/test_client.py b/cognee-mcp/src/test_client.py index 0fa282a09..23160d8b2 100755 --- a/cognee-mcp/src/test_client.py +++ b/cognee-mcp/src/test_client.py @@ -57,7 +57,7 @@ class CogneeTestClient: print(" Some tests may fail without proper LLM API configuration.") print(" Set OPENAI_API_KEY environment variable for full functionality.") else: - print(f"✅ API key configured (key ending in: ...{api_key[-4:]})") + print("✅ API key configured.") # Create temporary test files self.test_data_dir = tempfile.mkdtemp(prefix="cognee_test_")