<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
---------
Co-authored-by: Igor Ilic <igorilic03@gmail.com>
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
---------
Signed-off-by: Diego B Theuerkauf <diego.theuerkauf@tuebingen.mpg.de>
Co-authored-by: Boris <boris@topoteretes.com>
Co-authored-by: vasilije <vas.markovic@gmail.com>
Co-authored-by: Vasilije <8619304+Vasilije1990@users.noreply.github.com>
Co-authored-by: Hande <159312713+hande-k@users.noreply.github.com>
Co-authored-by: Matea Pesic <80577904+matea16@users.noreply.github.com>
Co-authored-by: hajdul88 <52442977+hajdul88@users.noreply.github.com>
Co-authored-by: Daniel Molnar <soobrosa@gmail.com>
Co-authored-by: Diego Baptista Theuerkauf <34717973+diegoabt@users.noreply.github.com>
Co-authored-by: Dmitrii Galkin <36552323+dm1tryG@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: lxobr <122801072+lxobr@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions@users.noreply.github.com>
Co-authored-by: Boris Arzentar <borisarzentar@gmail.com>
Co-authored-by: neo <neo.dowithless@gmail.com>
The critical vulnerability involved exposing the debugpy debugger server
on 0.0.0.0:5678 (all network interfaces) when certain environment
variables were set, which allowed unauthenticated remote code execution.
This was fixed by changing the debugpy --listen argument from
0.0.0.0:5678 to 127.0.0.1:5678, ensuring the debug server is bound only
to localhost and is not externally accessible. All other code and logic
were left unchanged.
<details>
<summary>More Details</summary>
| Type | Identifier | Message | Severity | Link |
|------|------------|---------|----------|------|
| <pre>Application</pre> | <pre>CWE-489, CWE-284</pre> | When both
ENVIRONMENT=dev/local and DEBUG=true are set, the script launches
`debugpy` bound to 0.0.0.0:5678 and waits for a client to attach.
`debugpy` shells allow full, arbitrary code execution inside the running
container/process. If the container or host network is exposed—even
inadvertently—an attacker can connect to this port and gain RCE. Because
only environment variables gate this behavior, a mis-configuration,
leaked compose file, or SSRF that sets these variables could
unintentionally expose the debugger in production.<br>Impact: Remote
Code Execution, full compromise of the application and underlying
data.<br>Severity is elevated as the issue provides unauthenticated
code-level access to the live service. | <pre>critical</pre> |
[Link](https://console.pensar.dev/cognee/projects/cognee/a3838758-8ac3-4f46-8d34-035abb845e91)
|
</details>
Co-authored-by: pensarapp[bot] <182705637+pensarapp[bot]@users.noreply.github.com>
<!-- .github/pull_request_template.md -->
## Description
Merge changes on main to dev
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
---------
Co-authored-by: Igor Ilic <30923996+dexters1@users.noreply.github.com>
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced an automated deployment workflow to build and push
container images.
- Updated dependency management to include additional database support.
- **Refactor**
- Enhanced asynchronous operations and logging in the server for
improved performance.
- Optimized extraction and retrieval processes for code-related data.
- **Chores**
- Streamlined build configurations and startup scripts for greater
reliability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: hajdul88 <52442977+hajdul88@users.noreply.github.com>
Co-authored-by: Igor Ilic <igorilic03@gmail.com>
<!-- .github/pull_request_template.md -->
## Description
<!-- Provide a clear description of the changes in this PR -->
In it's current form, the entrypoint.sh script will run but fail with
exit code 3 on the first docker compose up. Technically, running docker
compose up a second time will not throw the same error and the
application works fine. The new changes will improve the first time user
experience and improve on some other aspects.
Summary of Changes:
1- entrypoint.sh to not fail with exit code 3 on first docker up.
2- Improved error and signal handling with set -e.
3- Improved database migration, verification and error handling. Avoids
schema version mismatch and ensures db schema is always in sync with
application code.
4- Added exec before Gunicorn commands to ensure proper signal handling.
## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Improved error handling for smoother database migrations and startup.
- Updated process management to ensure reliable application launch.
- Optimized worker configuration and introduced a startup delay to
guarantee database readiness.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: soekja <soekja@users.noreply.github.com>
Co-authored-by: soekja <soekja@users.noreply.github.com>
Co-authored-by: Vasilije <8619304+Vasilije1990@users.noreply.github.com>
* fix: remove groups from UserRead model
* fix: add missing system dependencies for postgres
* fix: change vector db provider environment variable name
* fix: WeaviateAdapter retrieve bug
* fix: correctly return data point objects from retrieve method
* fix: align graph object properties
* feat: add node example
* fix: don't return anything on health endpoint
* feat: add alembic migrations
* feat: align search types with the data we store and migrate search to tasks
