Sync upstream v0.62.2 (merge conflicts)#21
Closed
trevorgowing wants to merge 753 commits into
Closed
Conversation
bitbucket tokens
…se#74359) * Surface upstream body in LLM provider error logs and messages When an LLM provider (Claude, OpenAI, OpenRouter) returns a non-2xx response, `core/rethrow-api-error!` used to ship just the canonical status-specific message ("Anthropic API key expired or invalid", "OpenAI API is not working but not saying why", etc.). The upstream body was decoded into `ex-data` but never logged and never shown to the admin, even when it contained the actionable detail. This commit: - Centralizes the body-preview logic in `core/body-preview`. It pulls `[:error :message]` out of structured JSON envelopes, falls back to `:error`/`:detail`/`:message`, then `pr-str`s the map, and slurps `InputStream` bodies. Truncates to 500 chars for the exception message; the full body is preserved in logs and `ex-data`. - `rethrow-api-error!` now appends the preview to the provider's canonical message (when present), emits a `log/warn` at the failure boundary with the full body, and logs the exception class + message on the no-body branch (network errors, timeouts, etc.). - Drops the per-provider `error-msg` interpolation: each provider's `*-errors` helper now only returns the canonical status-specific message; the body preview is added centrally so all three providers behave consistently and previews can't go missing on edge cases (plain-text bodies, HTML error pages, non-JSON envelopes). This is the master-side fix for the same gap addressed in PR metabase#74356 against `release-x.59.x`; the 59 fix touched the now-removed `metabot-v3/client.clj` indirection, this fix touches the direct provider call path it was replaced with. * Polish: drop pr-str leak, allow-list ex-data, structured warnf Three follow-ups in response to review of the 59 counterpart (PR metabase#74356): - `body-preview` no longer falls back to `pr-str` for maps that don't carry a recognised human-readable field (`[:error :message]`, `:error`, `:detail`, `:message`). Returns nil instead, so users don't see raw `{:request-id "..." :trace [...]}` blobs in toasts. The full body is still in the log and `ex-data`. - `ex-data` is now an explicit allow-list of `:status`, `:reason-phrase`, `:body`, and the provider tags. The raw clj-http response carries `:http-client` (a `Closeable`), `:trace-redirects`, `:orig-content-encoding`, and other internals we don't want flowing into Sentry payloads or downstream consumers. - `log/warn` with a trailing map `pr-str`s the map into the message rather than emitting structured MDC. Switched to `log/warnf` so the line is one greppable formatted blob with explicit field names. Test coverage extended for each case: unrecognised maps round-trip as nil, ex-data keys are pinned to the allow-list, and the no-body branch records the exception class. * Close remaining pr-str leak and tighten ex-data key-set assertions - body-preview: drop the :else pr-str fallback; handle JSON arrays by probing the first element symmetrically with maps. Arrays of internal diagnostic objects (and non-string scalars) now return nil instead of leaking pr-str blobs into user-facing toasts. - self_test: add assert-rethrow-no-internals! to the structured-maps branch and a sibling assert-rethrow-no-internals-no-body! for the no-:body branch, so any accidental extra ex-data key is caught symmetrically on both paths. * Trim docstrings and tighten tests for upstream-body error surfacing - Rename `anthropic-errors`/`openai-errors`/`openrouter-errors` → `*-error-msg` to reflect that each returns a single, status-specific message string (the body preview is appended by [[core/rethrow-api-error!]] now). - Trim docstrings on `max-body-preview-chars`, `extract-error-message`, `body-preview`, and `rethrow-api-error!` — drop asides about what survives in `ex-data` / logs; keep only the load-bearing facts. Compress the inline `log/warnf` comment to one line about the MDC distinction. - Slim `body-preview-test`: merge nil/blank/scalar cases with `every? nil?`, dedupe the "no recognised error field → nil" branch across maps and arrays, drop redundant sub-tests. - Slim `rethrow-api-error!-test`: introduce a small `caught` helper, drop the two `assert-rethrow-no-internals*!` helpers, and inline the exact-key-set pin with a one-line comment. - Fix `call-llm-tool-choice-test`'s synthetic exception to ride `:api-error true` so `::skip` survives the new ex-data allow-list — the fixture used to ride through the old passthrough `ex-data`. * Trim *-error-msg docstrings — drop rethrow-api-error! cross-reference * *-error-msg docstrings: 'separately' reads more naturally than 'out of scope' * Hint ^Throwable on rethrow-api-error! to silence eastwood reflection warnings `(some-> e .getClass .getName)` reflected on the un-hinted exception arg. * Assert upstream body lands on the warn line at the failure boundary Captures the warn log emitted by rethrow-api-error! and verifies provider, status, and the full quoted body are present. * Agent loop API-error log includes the throwable on the body branch Aligns with the two sibling log/errorf calls in the same catch — every branch now logs with the stacktrace, so when a provider failure surfaces the cause chain (rethrow-api-error! → clj-http) is preserved end-to-end. * Line break between throwable and message template in agent-loop errorf calls * Revert the line break — sibling errorf already had e on the same line * let-bind ex-data once in the agent-loop catch * Destructure ex-data fields in agent-loop catch * Log exception message in non-api-error agent-loop catch branch * Skip trailing colon in no-body rethrow when ex-message is blank Mirror of release-x.59.x metabase#74356's blank-msg fix — an exception like (RuntimeException.) with no message produced "openai API request failed: null" (MessageFormat substitutes nil as literal null). Fall back to the colon-less form when there's nothing to say after it. * Pin ex-data key set on every rethrow-api-error!-test sub-case Mirrors the sibling's defensive-pin pattern (release-x.59.x c15732e) — each test case now independently catches ex-data leaks instead of relying on the sibling case's pin to cover the same path. * Only accept string fields in extract-error-message A structured `:error` map without `:message`, or a vector/map under `:detail`/`:message`, was being coerced into the user-facing exception message via `str`. Guard with `string?` so non-string values fall through to `nil`; structured bodies still survive in ex-data and logs for debugging. * body-preview: fall through to later keys when an earlier one is non-string Mirror of sibling 8239fc6. The previous `or` over raw values plus a final `(string? s)` check returned nil even when a later key had a real string — e.g. `{:error {:message {:code 500}} :detail "real msg"}`. Filter per-lookup so non-strings fall through correctly. * extract-error-message: combine string+blank filter into one fn Per-lookup `(when (string? v) (not-empty v))` means blank strings also fall through to a later key (e.g. `{:error "" :detail "real"}` → "real"). Trim the docstring. * body-preview: warn + pr-str unrecognised body shapes instead of dropping For non-empty maps/arrays where extract-error-message can't find a clean string, fall back to pr-str of the body and emit a warn. Better some context in the user-facing message than none, and the warn gives operators a signal to add the new envelope shape to extract-error-message. Nil/empty bodies still return nil — nothing to surface there. * extract-error-message: trim whitespace so blank scalars fall through Mirror of sibling e585ae0. `(not-empty " ")` returns the whitespace string (only empty strings get rejected) — so `or` short-circuited with it and the outer trim collapsed it to nil too late to recover via fall-through. Trim inside the per-key filter instead, matching the empty-string fix from 3ab19e0. * Move implementation rationale from docstrings into inline comments Per the docstring-as-contract guidance: docstrings should describe what the function does for the caller; implementation rationale (why we filter per-lookup, why warnf, why the allow-list) belongs as a `;;` comment at the line in the body where it's relevant. - extract-error-message: drop the "so the raw envelope can't str-leak" rationale into a `;;` comment above the per-lookup filter. - body-preview: drop the "better some context than none" rationale into a `;;` comment above the pr-str fallback. - rethrow-api-error!: drop the "raw clj-http carries :http-client Closeable, …" into a `;;` comment above the select-keys allow-list. - *-error-msg adapter helpers: drop the "body appended separately" clause — that's caller behaviour, not what the helper does. * body-preview: bounded read for InputStream bodies Slurping the full stream just to truncate to 500 chars meant a multi-MB upstream body got pulled into memory unnecessarily. Switch to a bounded read of max-body-preview-chars + 1 — the +1 lets the existing truncation branch detect overflow without consuming more of the stream. * rethrow-api-error!: preserve :headers so retry path honors Retry-After The ex-data allow-list was [:status :reason-phrase :body] — dropping :headers silently broke metabase.metabot.self/parse-retry-after-header, which reads (:headers (ex-data e)) to honor upstream Retry-After on 429/529 responses. With :headers gone, those retries fell back to plain exponential backoff. Add :headers to the allow-list and pin the path with a test that goes through rethrow-api-error! into retry-delay-ms. * self-test: drop proxy in favour of .available() to clear Eastwood Eastwood flagged four reflection warnings in the "InputStream bodies are read up to the truncation window" test — `.getBytes` on an inferred-Object String and three `proxy-super read` calls inside the byte-counting ByteArrayInputStream proxy. Replace the proxy with a plain ByteArrayInputStream and infer bytes consumed from `.available()` (BAIS returns unread bytes remaining), and add a `^String` hint on the literal that feeds `.getBytes`. Same assertion, no proxy, no reflection. * decode-bounded-body: cap InputStream slurp before JSON decode body-preview's bounded InputStream branch was dead code in the real rethrow-api-error! flow: json/decode-body slurped the stream first and the cap never fired. Move the cap upstream — slurp the InputStream into a string of at most max-body-slurp-chars before handing it to decode-body, and fall back to the raw bounded string when JSON parsing fails (e.g. the cap truncated us mid-envelope). Tests now exercise the path through rethrow-api-error! per the review's request. * docstrings: relocate decode-bounded-body's implementation diary into the body `max-body-slurp-chars`: move the magnitude justification out of the docstring to an inline comment above the value. Docstring keeps the caller contract. `decode-bounded-body`: the docstring was describing *how* the function works (bound-slurp first, then decode, then fall back) rather than what it returns. Slim to the return contract and move the "how" to inline comments above the relevant let-binding. `body-preview` and `rethrow-api-error!`: pack sentences that were starting mid-line onto their own lines — same caller-contract content, format matches the one-sentence-per-line rule for wrapped docstrings. * body-preview: cap warn pr-str + letfn + narrower catch - extract-error-message: use letfn instead of let+fn (style nit, per @lbrdnk). - body-preview: extract truncate-to-preview-limit and apply it to the pr-str fallback's warn line, so a multi-MB body doesn't end up as a multi-MB log message (per @lbrdnk on the warnf line). - slurp-bounded / decode-bounded-body: narrow catch from Throwable to Exception so JVM-level errors (OOM, StackOverflow) aren't silently swallowed in the error-handling path (mirrors Copilot's note on the sibling v59 PR). * Fix CI: split rethrow-api-error!-test + hint char-array in slurp-bounded - slurp-bounded: add ^chars hint on the buffer so `(String. buf 0 ...)` resolves at compile time. Was triggering an Eastwood reflection warning in src/metabase/metabot/self/core.clj:529. - self_test: split the 161-line rethrow-api-error!-test into six focused deftests (passthrough / string-body / no-body / input-stream / retry-after / warn-log) so clj-kondo's long-test check stays happy and the failure messages localise to the right concern. * slurp-bounded: hint the String. ctor at the call site The earlier `^chars` hint on the let-binding propagated to the .read call but not through the loop/recur rebinding, so `(String. buf 0 limit)` still went through reflection — Eastwood complained, CI failed. Move the hint to the call site, and explicitly cast the int args so the matching (char[], int, int) constructor is picked unambiguously. * rethrow-api-error!: don't splice upstream body on 401/403 Provider auth-error bodies can carry sensitive detail (API keys, account/org/tenant identifiers). Suppress the body preview from the user-facing exception message for 401/403; the full body still hits the warn log for server-side debugging and is still preserved on ex-data for in-process inspection. * run-agent-loop: flatten nested catch ifs into a single cond * Port 59 refinements: chunked slurp-bounded and capped log pr-str Mirror two improvements landed on the sibling 59 PR (metabase#74356) back to master: - `slurp-bounded`: switch from pre-allocating a `(char-array max-body-slurp-chars)` (1MB even for a 100-byte body) to growing a `StringBuilder` in `body-slurp-chunk-chars` (8KB) reads. Worst-case allocation stays at ~`max-body-slurp-chars`, but a small error envelope now costs a small allocation. - New `max-body-log-chars` (2000) + `body-for-log` helper: cap the body `pr-str` in `log/warnf` lines so a near-cap slurped stream can't flood the logs. The full body still survives in `ex-data`. Also extracted a generic `truncate-to` helper that `truncate-to-preview-limit` and `body-for-log` both delegate to. * self-test: cover the body-for-log warn-line cap (roborev metabase#1797) Add a case to rethrow-api-error!-warn-log-test with an oversized (5000-char) body: assert the warn line's body segment is capped at max-body-log-chars with a trailing ellipsis, while the full untruncated body still survives on ex-data. * self-test: derive log-cap test bound from max-body-log-chars var (roborev metabase#1798) Read the cap via @#'self.core/max-body-log-chars and size the body / slice from it, so a retune of the var adapts the test instead of breaking the suffix match.
Closes [BOT-1585: Simplify e2e AI usage tests](https://linear.app/metabase/issue/BOT-1585/simplify-e2e-ai-usage-tests) ### Description Simplifies end-to-end AI usage tests by removing testing the labels in the charts. Testing the query creation with unit tests is sufficient. ### Checklist - [x] Tests have been added/updated to cover changes in this PR - [x] If adding new Loki tests: they pass [stress testing](https://github.com/metabase/metabase/actions/workflows/loki-stress-test-flake-fix.yml)
…74788) * check for read permissions when running transforms * test * fix
### Description adds last calculated date to data complexity ### How to verify Describe the steps to verify that the changes are working as expected. 1. New question -> Sample Dataset -> ... 2. ... ### Demo  ### Checklist - [x] Tests have been added/updated to cover changes in this PR - [x] If adding new Loki tests: they pass [stress testing](https://github.com/metabase/metabase/actions/workflows/loki-stress-test-flake-fix.yml)
…etabase#74724) * Unify Custom homepage and Landing page into a single Homepage radio * Code review cleanup: inline plugin access, add getHomepageMode tests, drop redundant beforeEach, inline single-use e2e helper * Update GeneralSettingsPage test for renamed Homepage heading
* Update configs * Update driver features * cljfmt * Format new changes * Merge latest master
Update generated docs (master) Co-authored-by: github-actions <github-actions@github.com>
* Sanitize workspace creation sql exception messages
just str/replace the secrets in the sql statements.
Execute batch returns sql in statements.
I'd really like to do something like this:
```clojure
(defmulti init-workspace-isolation!
"Initialize database isolation for a workspace. Creates an isolated schema/database,
user credentials, and grants appropriate permissions for the workspace to operate
within its own namespace.
Returns a map with:
- :schema - The name of the isolated schema/database created
- :database_details - Connection details (user, password, etc.) for the isolated user
Implementations should:
- Create an isolated schema or database for the workspace
- Create a user with credentials that can only access that schema
- Grant appropriate permissions (CREATE, INSERT, SELECT, etc.) on the isolated schema
This is an enterprise feature. Drivers must also return true for
(database-supports? driver :workspace database) to indicate support."
{:added "0.59.0" :arglists '([driver database workspace])}
dispatch-on-initialized-driver
:hierarchy #'hierarchy)
;; introduce a new actual public api and have the multimethod be the impl
;; and we can in one place solve this.
(defn init-workspace-isolation
[driver database workspace]
(try (init-workspace-isolation! driver database workspace)
(catch Exception e (scrub-exception e (secrets-of workspace)))))
```
But the current impl is fine as well and allows each driver to catch
particular driver exceptions.
* whoops. committed pseudocode
* bad parens in mysql
* kondo fix
* Add ChatGPT dark theme override * Allow to override agent overrides if host sends variables * add additional color overrides * add unit test for buildMcpAppsTheme * add override for cursor * remove padding from cursor body --------- Co-authored-by: Timofei <timofei@metabase.com>
* add csp for local images * add base url and baseUriDomains * address code reviews * adjust template tests
…wn UI resource URI (metabase#74719)
…tabase#74749) Anchor the horizontal Schedule row to the top with align-items: flex-start instead of center, and move the CronExpressionInput's "quartz cron syntax" hint from above to below the input so the cron input aligns with sibling controls in the flex container.
* Add overflow-wrap to tooltip content globally * e2e test adjustment
* Upgrade setup-bun action to v2.2.0 * Upgrade setup-uv action to v8.1.0 * Upgrade setup-chrome action to v2.1.2 * Upgrade setup-babashka action to v1.8.0
Don't allow brushing on charts where the x axis is an aggregate
* dont strip values from impersonation validation * add test * strip values for graalpy, but return original values * add tests that strip multi statement queries
Refine Metabase AI settings documentation Removed redundant information about the Metabase AI add-on visibility and the requirement for admin email matching. Clarified the process for enabling and disconnecting the Metabase AI Service.
) * Set the default of embedding service base to ai service * components * test * Apply suggestion from @crisptrutski Co-authored-by: Chris Truter <crisptrutski@users.noreply.github.com> * review remarks * review remarks * test and trim --------- Co-authored-by: Chris Truter <crisptrutski@users.noreply.github.com>
Closes metabase#71220 Closes QUE2-460
Fix replacement with field filter alias (metabase#75644) * fix field filter alias * trigger ci Co-authored-by: Riley Thompson <riley@metabase.com>
…sion helpers" (metabase#75714) Tidy query preprocessing, dataset streaming, and permission helpers (metabase#75551) * Tidy persisted-info handling in query preprocessing and SQL QP Resolve the persisted-cache source SQL from the metadata provider in the SQL QP, and clear any stale :persisted-info/native keys during preprocessing. * Add docstrings to query-permission helpers and simplify related tests * Normalize query maps before permission checks on card save and revert * Build dataset-streaming :info server-side and tidy pivot query setup * Fixed mbql and formatting Co-authored-by: Nathan Voxland <nathan@metabase.com>
…75724) Add JVM hardware info to diagnostic details (metabase#75561) Include the number of CPUs, max JVM memory, and total physical host memory in the bug-reporting diagnostic info, under the system-info section. The max JVM figure matches the "Maximum memory available to JVM" line printed at startup; the total host memory shows how much the machine actually has, making it easier to diagnose performance problems from a bug report. Co-authored-by: Rodrigo López Dato <rodrigo@metabase.com>
…etabase#75734) Fix Athena sync failing on partitioned Iceberg tables (metabase#75666) Syncing a partitioned Iceberg table left it with no fields at all. When the driver can't get field metadata over JDBC it runs `DESCRIBE` instead (metabase#43980, metabase#58441). `DESCRIBE` output ends with a partition section that re-lists the partition columns. For Hive tables they reappear with their real types and were already deduplicated; for Iceberg tables they reappear with the partition transform (e.g. `identity`) where the type should be. The parser treated those rows as real columns, couldn't map `identity` to a base type, and the insert for *all* of the table's fields failed on the null base type. Fix: - Stop parsing `DESCRIBE` output at the partition section — it never contains new columns. (Section markers verified against Hive's `TextDescTableFormatter`, where this format comes from; link in the code.) - Also drop any row that repeats an earlier column name, in case the marker text ever changes. - Unknown database types now fall back to `:type/*` instead of failing the sync, same as the JDBC path. Co-authored-by: Timothy S. Dean <timothy.dean@metabase.com>
…75739) Return nested fields from sandboxed queries (metabase#75358) * Return nested fields from sandboxed queries Closes QUE2-651 Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>
…fected card from dashboard" (metabase#75744) Fix filter not respected when downloading visualizer-affected card from dashboard (metabase#75720) Fix filtered dashboard card xlsx downloads Co-authored-by: Anderson <ands.alves.nunes@gmail.com>
…75759) Fall back on effective-type for time fields (metabase#75442) Closes QUE2-650 Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>
…me on append/replace" (metabase#75174) GDGT-2233: Match colliding upload columns by display name on append/replace (metabase#75090) Co-authored-by: Ngoc Khuat <qn.khuat@gmail.com>
…hema-less DBs (MongoDB, MySQL, …)" (metabase#75783) GDGT-2598: Schema Viewer shows the database name for schema-less DBs (MongoDB, MySQL, …) (metabase#75616) * GDGT-2598: Make SchemaPickerInput display DB name for schemaless DBs * Fix metadataUrl generation for Schema Viewer's info panel header * GDGT-2598: Cleanup * GDGT-2598: Address PR comments Co-authored-by: Stas Gavrylov <stas@metabase.com>
… metadata view" (metabase#75789) GDGT-2597 Order Schema Viewer fields to match the table metadata view (metabase#75716) GDGT-2597: Order Schema Viewer fields to match the table metadata view The `/api/ee/erd` endpoint fetched a table's fields with no `:order-by`, so columns came back in raw DB order. Sort them by `field-order-rule` ([position asc, lower(name) asc]) — the same ordering the `:fields` hydration applies — so the Schema Viewer's field list matches `/api/table/:id/query_metadata` instead of appearing unsorted. Reuse the shared `field-order-rule` constant (declaring the warehouse-schema module dependency) so the two surfaces can't drift. Co-authored-by: Stas Gavrylov <stas@metabase.com>
… prevented fat dynamic var GC" (metabase#75796) Fix: `core.async/timeout` combined with `core.async/go` prevented fat dynamic var GC (metabase#75769) * This has to be the strangest Clojure footgun I've seen in many years. * Kondo-ignore in the test file what the src file ignores Co-authored-by: Timothy S. Dean <timothy.dean@metabase.com>
…se#75800) [BOT-1685] Fix UX of Metabot inline SQL search (metabase#75772) * Scope inline SQL @-mention search to the selected database via table_db_id * Recreate the Metabot prompt tiptap editor on database change so @-mention scoping doesn't use a stale onlyDatabaseId Co-authored-by: Tyler Plude <tsplude@gmail.com>
docs: update session expiration page. (metabase#74936) * docs: update session expiration page. Restructures around how MAX_SESSION_AGE, MB_SESSION_TIMEOUT, and MB_SESSION_COOKIES interact * Updates based on PR feedback Co-authored-by: Alex Yarosh Co-authored-by: thackervishal <95879205+thackervishal@users.noreply.github.com>
…ges" (metabase#75526) Show clearer permission state on inaccessible metric pages (metabase#75068) * Show clearer permission state on inaccessible metric pages * Update read-only metric e2e test to assert the new permission screen * Detect metric view permission from the query result, not can_run_adhoc_query * Lighten MetricPageCard doc comment * Restore read-only metric test: read-only users can view, editing restricted * Extract setupForbiddenCardEndpoints test helper for forbidden card mocks Co-authored-by: Andrei Chernykh <andrei.chernykh@metabase.com>
…mins" (metabase#75825) GDGT-2617 Hide Security Center setup prompt from non-admins (metabase#75690) * Hide Security Center setup prompt from non-admins (GDGT-2617) The SecurityCenterPromoCard rendered for all users in the navbar promo slot, but links to the admin-only /admin/security-center route, so non-admins hit a permission error on click. Gate the card on getUserIsAdmin and skip its admin-only RTK Query requests for non-admins. * GDGT-2617: Refactor tests * GDGT-2617 small adjustment --------- Co-authored-by: Stas Gavrylov <stas@metabase.com> Co-authored-by: Egor Grushin <egor@metabase.com>
…ards" (metabase#75818) Improve app db connection pool usage with public dashboards (metabase#75770) Co-authored-by: Alexander Polyankin <alexander.polyankin@metabase.com>
…stale batched executions" (metabase#75833) Fix flaky with-query-execution! test helper delivering stale batched executions (metabase#75831) Co-authored-by: Alexander Polyankin <alexander.polyankin@metabase.com>
…in interactive embedding" (metabase#75856) Fix history.back 404 when Metabase is under a sub-path in interactive embedding (metabase#75700) Co-authored-by: Sébastien <sebastien@metabase.com>
…s are accepted" (metabase#75864) Fix Guest embed options staying disabled until SSO terms are accepted (metabase#75794) Co-authored-by: Sébastien <sebastien@metabase.com>
docs: erd (metabase#75647) * erd * Optimized 1 images, saved 134.0 KB (43.4% smaller) * link sprinkling * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: Alex Yarosh <alexandra@metabase.com> Co-authored-by: Jeff Bruemmer <jeff.bruemmer@gmail.com> Co-authored-by: Michael Eby <38187276+michaeleby1@users.noreply.github.com>
docs: collections in the library (metabase#75448) * collections in the library * Optimized 3 images, saved 123.3 KB (51.4% smaller) * Apply suggestions from code review * edits from jeff --------- Co-authored-by: Alex Yarosh <alexandra@metabase.com> Co-authored-by: Jeff Bruemmer <jeff.bruemmer@gmail.com>
…base#75886) * Add admin endpoints for OAuth clients and tokens (metabase#74933) * Add admin endpoints for OAuth clients and tokens This allows auditing of the outstanding OAuth clients and tokens created by users on an instance to enable MCP server access for external agents like Claude Code. * Add migrations for `decision` and `decided_at` columns; update API endpoints * Adding unit tests for the new endpoint and adjusting checks on other tests * Overhaul the approach: now a separate audit log table Note that the migration was dropped but since it only added columns, there's no real problem. * FE - Authorizations page * e2e tests * Design Feedback * Adding redirect-uri column, making the page wider * column tweaking * BE lint fixes * fix be tests * add fk index to oauth_client_event --------- Co-authored-by: Nick Fitzpatrick <nickfitz.582@gmail.com> * Move migration to 62 --------- Co-authored-by: Braden Shepherdson <braden@metabase.com> Co-authored-by: Nick Fitzpatrick <nickfitz.582@gmail.com>
…abase#75901) DOC-fix bug in keycloak page + minor improvements (metabase#75813) Co-authored-by: thackervishal <95879205+thackervishal@users.noreply.github.com>
deleted database handling for transforms (metabase#74829) * wip * wip: fe * tests * tests * serialize as tombstone * mark dead transforms as stale * fix tests * fix * fix migration * move check * fix FE when no dbs are available * fix e2e test * handle nil database in validation * fix for broken dependency surfacing * fix comment * lenient for serdes * fix: don't display while loading * refactor * handle migration comments * move migration to 60 * handle N+1 in batched-hydrate for source-readable? by providing a per-model cache * refactor * random ids Co-authored-by: Nicola Mometto <nicola.mometto@metabase.com>
Update generated docs (release-x.62.x) Co-authored-by: github-actions <github-actions@github.com>
Handle null timestamps for druid (metabase#75350) * fix druid nil timestamp * remove let block * use when-let Co-authored-by: Riley Thompson <riley@metabase.com>
metabase#75939) Add missing dimensions in underlying-records drill-thru (metabase#75048) Co-authored-by: metamben <103100869+metamben@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upstream Sync — v0.62.2
Merge conflicts were detected when merging upstream release
v0.62.2. Manual resolution is required before this PR can be merged intomaster.Files with conflicts
How to resolve
git fetch origin git checkout sync/upstream-2026-06-22 # Resolve the <<<<<<< markers in each conflicted file, then: git add -A git commit --amend --no-edit git push --force-with-lease origin sync/upstream-2026-06-22