Scope DeleteEnvironment::mount() and delete() lookups through
Environment::ownedByCurrentTeam() so an environment_id that belongs to
another team resolves to a 404 instead of loading the foreign record.
Mark $environment_id as #[Locked] so the public Livewire property can no
longer be reassigned from the client.
Add tests/Feature/DeleteEnvironmentTeamScopingTest.php covering mount,
delete, the #[Locked] guard, and the team-scoped helper for both the
cross-team and own-team cases.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Source component now resolves the supplied private key and Git
source IDs through team-scoped queries before persisting them, so a
selection can only ever reference a resource owned by the current
team. The source type is additionally restricted to the supported
GitHub/GitLab app classes.
The privateKeyId property is marked #[Locked] so it can only change
through the dedicated handler rather than a direct property update.
Adds feature tests covering team-scoped selection of private keys and
Git sources.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add official Hermes Agent logo (256x256 PNG from upstream repo).
Mount hermes-agent-src volume as read-only in webui container per
upstream recommendation (since v0.51.84).
Build the global destinations list from actual destination records so empty
servers do not render duplicate empty states. Allow creating Docker destinations
for a selected team server outside the global usable list, authorize swarm
creation correctly, and store discovered swarm network names from the selected
network. Add feature coverage for empty states, selected-server mounting, and
swarm destination creation.
Adds OpenObserve as a one-click service template. OpenObserve is a
cloud-native observability platform for logs, metrics, traces, RUM and
session replays, positioned as a self-hosted alternative to Elasticsearch,
Splunk and Datadog.
- Uses the official open-source image (public.ecr.aws/zinclabs/openobserve)
- Wires admin password through Coolify's SERVICE_PASSWORD_* magic env
- Persists /data via a named volume
- Exposes port 5080 via SERVICE_URL_OPENOBSERVE_5080
- Opts out of telemetry by default (overridable via ZO_TELEMETRY)
- Adds /healthz healthcheck and the OpenObserve logo
Supersedes #6328, addressing the prior review feedback (drop the
deprecated version key, drop hardcoded container_name and restart
policy, switch to the magic password env, and use a named volume).
Two-container template: hermes-agent gateway plus the hermes-webui chat
UI. The WebUI is public-facing (gets the generated FQDN and password via
Coolify magic vars); the agent stays internal, sharing named volumes.
Hermes uses embedded SQLite, so no external database is needed.
Call the preview environment variable relationship as a query when building the legacy configuration hash, and cover preview deployments with a regression test.
Dispatch configuration change events after saving application source and advanced settings, and refresh the configuration checker before showing redeploy diffs.
Store deployment configuration snapshots on application deployment queues and compare them against the current application state. Surface grouped pending changes in the configuration checker and use build-impact diffs to decide when an existing image can skip the build step.
Add centralized stop grace period resolution for application settings and use it across manual stops, preview stops, and deployments. Validate the Livewire advanced setting against shared min/max constants and cover persistence, fillable creation, and fallback behavior with tests.
