Resolve the server and network in Destination::addServer() and
::promote() through ownedByCurrentTeam() before use, authorize the
update against the resource, and pass the validated IDs into
attach()/detach()/update(). Errors are routed through handleError()
to match the sibling removeServer() method.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move Sentinel push handling into a controller and dispatch server update jobs only when container state changes or the force interval elapses. Add opt-in PostgreSQL read/write replica configuration and tune periodic proxy network and storage checks to reduce unnecessary work.
Add feature coverage for replica config, Sentinel push deduplication, deployment log scrolling, and server update job optimizations.
Remove unused Vue, Echo, Pusher, and ioredis npm dependencies from the frontend build. Update realtime scripts and deployment log markup to work without bundling those assets through Vite.
Scope DeleteEnvironment::mount() and delete() lookups through
Environment::ownedByCurrentTeam() so an environment_id that belongs to
another team resolves to a 404 instead of loading the foreign record.
Mark $environment_id as #[Locked] so the public Livewire property can no
longer be reassigned from the client.
Add tests/Feature/DeleteEnvironmentTeamScopingTest.php covering mount,
delete, the #[Locked] guard, and the team-scoped helper for both the
cross-team and own-team cases.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Source component now resolves the supplied private key and Git
source IDs through team-scoped queries before persisting them, so a
selection can only ever reference a resource owned by the current
team. The source type is additionally restricted to the supported
GitHub/GitLab app classes.
The privateKeyId property is marked #[Locked] so it can only change
through the dedicated handler rather than a direct property update.
Adds feature tests covering team-scoped selection of private keys and
Git sources.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When a user deletes their current team, the session and cache still
reference the just-deleted team. `refreshSession()` then resolves that
stale team via `currentTeam()`, calls `Team::find()` (which returns
null because the row is gone) and dereferences `$team->id`, leaving the
session without a current team. The subsequent redirect to the team
page assigns the now-null `currentTeam()` to the non-nullable
`Team $team` property in `Team\Index::mount()`, throwing a TypeError
and producing an HTTP 500.
Guard `refreshSession()` against a deleted current team: fall back to
any team the user still belongs to, and if none remain, clear the
stale session reference instead of dereferencing null.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Clickhouse, Dragonfly, and Keydb still called syncData() inside the
DatabaseProxyStopped broadcast handler, clobbering in-progress edits to
name/description/credentials. Refresh only is_public/public_port/
public_port_timeout instead, matching the pattern used elsewhere.
Also null-guard HasDatabaseStatusInfo::getListeners() against an absent
Auth::user()/currentTeam(), add explicit return types on getListeners()
and render(), and convert inline comments in the SSL refresh test to a
PHPDoc block.
The earlier refreshStatus fix kept user-typed values intact but Livewire still
absorbed deferred wire:model values into the snapshot on every broadcast-
triggered roundtrip, clearing the unsaved-changes indicator and making the form
look auto-saved. Move all status-derived display (DB URLs, SSL toggle/mode,
cert expiry) out of each DB General form into a sibling StatusInfo Livewire
component, so the form never roundtrips on broadcasts.
Shared scaffolding lives in App\Traits\HasDatabaseStatusInfo plus an x-database-
status-info Blade component, leaving each per-DB StatusInfo class as a ~20-50
line declaration of label, SSL mode options, and SSL save hooks. Parents
dispatch databaseUpdated from save methods so the sibling refreshes after writes.
Tests cover the architecture (no DB form subscribes to status broadcasts) and
the sibling's refresh-on-status-change behavior.
Add official Hermes Agent logo (256x256 PNG from upstream repo).
Mount hermes-agent-src volume as read-only in webui container per
upstream recommendation (since v0.51.84).
Build the global destinations list from actual destination records so empty
servers do not render duplicate empty states. Allow creating Docker destinations
for a selected team server outside the global usable list, authorize swarm
creation correctly, and store discovered swarm network names from the selected
network. Add feature coverage for empty states, selected-server mounting, and
swarm destination creation.
Adds OpenObserve as a one-click service template. OpenObserve is a
cloud-native observability platform for logs, metrics, traces, RUM and
session replays, positioned as a self-hosted alternative to Elasticsearch,
Splunk and Datadog.
- Uses the official open-source image (public.ecr.aws/zinclabs/openobserve)
- Wires admin password through Coolify's SERVICE_PASSWORD_* magic env
- Persists /data via a named volume
- Exposes port 5080 via SERVICE_URL_OPENOBSERVE_5080
- Opts out of telemetry by default (overridable via ZO_TELEMETRY)
- Adds /healthz healthcheck and the OpenObserve logo
Supersedes #6328, addressing the prior review feedback (drop the
deprecated version key, drop hardcoded container_name and restart
policy, switch to the magic password env, and use a named volume).
Two-container template: hermes-agent gateway plus the hermes-webui chat
UI. The WebUI is public-facing (gets the generated FQDN and password via
Coolify magic vars); the agent stays internal, sharing named volumes.
Hermes uses embedded SQLite, so no external database is needed.
