- Use explicit has() checks for timeout and enabled fields to properly handle falsy values
- Add validation to prevent empty update requests
- Optimize delete endpoint to use direct query deletion instead of fetch-then-delete
- Update factory to use Team::factory() for proper test isolation
- Add authorization checks ($this->authorize) for all read/write operations
- Use customApiValidator() instead of Validator::make() to match codebase patterns
- Add extra field rejection to prevent mass assignment
- Use Application::ownedByCurrentTeamAPI() for consistent query patterns
- Remove non-existent standalone_postgresql_id from hidden fields
- Add execution listing endpoints for both applications and services
- Add ScheduledTaskExecution OpenAPI schema
- Use $request->only() instead of $request->all() for safe updates
- Add ScheduledTaskFactory and feature tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the trackSshRetryEvent() method and its invocation from the SSH retry
flow. This simplifies the retry mechanism and reduces external dependencies for
retry handling.
- Refactor server IP duplicate detection to use `first()` instead of `get()->count()`
- Add team-scoped validation to distinguish between same-team and cross-team IP conflicts
- Update error messages to clarify ownership: "already exists in your team" vs "in use by another team"
- Apply consistent validation logic across API, boarding, and server management flows
- Add comprehensive test suite for IP uniqueness enforcement across teams
Remove the trackSshRetryEvent() method and its invocation from the SSH retry
flow. This simplifies the retry mechanism and reduces external dependencies for
retry handling.
- Refactor server IP duplicate detection to use `first()` instead of `get()->count()`
- Add team-scoped validation to distinguish between same-team and cross-team IP conflicts
- Update error messages to clarify ownership: "already exists in your team" vs "in use by another team"
- Apply consistent validation logic across API, boarding, and server management flows
- Add comprehensive test suite for IP uniqueness enforcement across teams
Set up end-to-end browser testing using Pest Browser Plugin + Playwright.
New v4 test suite uses SQLite :memory: database with pre-generated schema dump
(database/schema/testing-schema.sql) instead of running migrations, enabling
faster test startup.
- Add pestphp/pest-plugin-browser dependency
- Create GenerateTestingSchema command to export PostgreSQL schema to SQLite
- Add .env.testing configuration for isolated test environment
- Implement v4 test directory structure (Feature, Browser, Unit tests)
- Update Pest skill documentation with browser testing patterns, API reference,
debugging techniques, and common pitfalls
- Configure phpunit.xml and tests/Pest.php for v4 suite
- Update package.json and docker-compose.dev.yml for testing dependencies
- Implemented Openclaw service in Service.php to manage environment variables and passwords.
- Added Openclaw SVG icon for branding.
- Created openclaw.yaml for Docker Compose configuration, including necessary environment variables and volume mappings.
- Updated service-templates-latest.json and service-templates.json to include Openclaw service details and metadata.
Prevent double-escaping of COMPOSER_AUTH and other JSON environment variables
by detecting valid JSON objects/arrays in realValue() and skipping quote
escaping entirely. This fixes broken JSON values passed to runtime services
while maintaining proper escaping for non-JSON values.
- Add JSON detection before escaping logic in EnvironmentVariable::realValue()
- JSON objects/arrays pass through unmodified, avoiding quote corruption
- Add comprehensive test coverage for JSON vs non-JSON escaping behavior
- added dockerfile_location as it is needed for Dockerfile deployments to work properly
- added is_spa as it makes sense together with is_static
- added is_auto_deploy_enabled and is_force_https_enabled
- rename fqdn to urls as that is what it actually is
- improve URL validation to allow urls without a TLD
- improve error messages to make it clear that URLs are needed
- improve code by combining some actions
- add force_domain_override functionality and docs
- delete service on creation if there is URL conflicts as otherwise we will have stale services (we need to create the service because we need to parse it and more)
- remove `docker_compose_raw` from post and patch endpoints, as the compose file is sourced from git and should not be manually settable via the api
- improve the documentation for `docker_compose_domains` (URLs)
- enhanced array validation for `docker_compose_domains` by validating each array field and verifying which fields are allowed
- set a custom array validation error message, as the default message is not really clear
- show an error if the user attempts to set `domains` when the build pack is `dockercompose`
- validate that the `domains` in `docker_compose_domains` are proper URLs and include a valid scheme (`http` or `https`)
- if service type and docker_compose_raw is filled show an error
- if service type is not valid show an error with all valid service types
- remove enum from service type docs as it always gets outdated
Replace hardcoded 'debian' with ${ID} from /etc/os-release to use
the correct Docker repository for Ubuntu, Debian, and Raspbian servers.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace insecure !== operator with hash_equals() for constant-time
string comparison when validating GitLab webhook tokens.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- raw sql should not be used whenever possible
- using sql to order on the relationship environment_variables() causes custom sorting to break or be additionally complicated
Remove the redundant $original_server property and use $mainServer throughout
ApplicationDeploymentJob. Both properties held the same value (the deployment
target server), causing unnecessary duplication.
Also fixes two bugs in generate_compose_file() where $this->server was used
instead of $this->mainServer for isSwarm() and isLogDrainEnabled() checks.
When using a build server, $this->server could point to the build server,
causing incorrect configuration for the deployment target.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The instantSave method for the 'Make it publicly available' checkbox was
calling submitDatabase(), which saved all form fields. This caused
unintended saves when only toggling the public visibility. The
syncDatabaseData() call already handles saving the public toggle state.
The proxy container was incorrectly named using the service UUID instead
of the database UUID, causing proxy logs to query the wrong container.
Each ServiceDatabase should have its own uniquely named proxy container.
- Introduced a new sidebar component for service database navigation.
- Updated routes for database import and backup functionalities.
- Refactored the database import view to improve clarity and maintainability.
- Consolidated service application and database views into a more cohesive structure.
- Removed deprecated service application view and integrated its functionalities into the service index.
- Enhanced user experience with modal confirmations for critical actions.
- Improved code readability and organization across various components.
Replace in-memory filtering with database-level query in
Server::destinationsByServer(). Previously loaded all team servers
into memory before filtering by ID. Now uses findOrFail() to query
directly at the database level.
Add email observability platform Sessy to the service catalog with auto-generated HTTP Basic Auth credentials and SQLite storage.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Wraps inline chart initialization scripts in IIFEs to create local scope for variables. This prevents "Identifier has already been declared" errors when Livewire's SPA navigation re-executes scripts, allowing smooth navigation between metrics pages without page refresh.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
The trim operation was happening after validation, which meant
whitespace was counted toward the max:255 validation rule. Now
input is normalized before validation, matching the pattern used
in Application and Service components.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Andras Bacsai <andrasbacsai@users.noreply.github.com>
Add visual feedback when downloading all logs in both container and deployment log views. Users now see an animated spinner and "Downloading..." text, preventing multiple concurrent downloads and improving UX during long operations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Remove unused $server property and Server import from Advanced.php
- Add proper import for UpdateStripeCustomerEmailJob in User.php
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add optional docker_cleanup query parameter to the stop endpoints for
Services, Applications, and Databases. This allows API users to control
whether docker cleanup (pruning networks, volumes, etc.) is performed
when stopping resources.
The parameter defaults to true for backward compatibility.
API Usage:
- Stop without docker cleanup: GET /api/v1/{resource}/{uuid}/stop?docker_cleanup=false
- Stop with docker cleanup (default): GET /api/v1/{resource}/{uuid}/stop
Fixes#7758🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Andras Bacsai <andrasbacsai@users.noreply.github.com>
- Add trim() to FQDN in instantSave() method to prevent whitespace from being saved
- Add trim() to FQDN in submit() method before validation and DNS checks
- Prevents invalid HostSNI rules caused by leading/trailing whitespace
- Fixes issue where accidental whitespace from copy-paste causes deployment failures
Fixes#7797
Co-authored-by: Andras Bacsai <andrasbacsai@users.noreply.github.com>
- Adjusted indentation and formatting for better code clarity.
- Simplified conditional statements and removed unnecessary null checks.
- Enhanced user interface elements for Docker Compose and Dockerfile configurations.
- Improved handling of deployment commands and network settings.
- Updated helper texts for better user guidance.
Users can now choose between downloading only the currently displayed
logs or fetching and downloading all available logs from the container.
Changes:
- Add downloadAllLogs() method that fetches all logs without limit
- Replace download button with dropdown menu
- Options: "Download displayed logs" and "Download all logs"
Addresses #7803
The log viewer was artificially limiting display to 2000 lines
regardless of user's requested amount. Users could request 10k, 40k,
or 50k lines but only 2000 were ever shown.
Changes:
- Remove the hardcoded $maxDisplayLines = 2000 limit in the view
- Add MAX_LOG_LINES constant (50,000) in GetLogs component
- Enforce maximum limit in backend to prevent extremely large requests
- Update input field with max attribute and tooltip
Fixes#7803
- Include sessionTeamId in currentTeam() cache key to prevent stale
team data when users switch teams
- Update refreshSession() to use new cache key format
- Remove redundant routeIs('settings.index') check since settings.*
already matches it
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
