Skip to content

chore: sync fork with upstream obot v0.23.2#16

Merged
hbanerjee74 merged 8 commits into
mainfrom
chore/sync-v0.23.2
Jun 25, 2026
Merged

chore: sync fork with upstream obot v0.23.2#16
hbanerjee74 merged 8 commits into
mainfrom
chore/sync-v0.23.2

Conversation

@hbanerjee74

Copy link
Copy Markdown

Summary

Syncs the fork's main (based at upstream v0.23.0) up to upstream v0.23.2, pulling in the v0.23.1 and v0.23.2 patch releases.

What upstream brings in

Conflict resolutions (9 files)

File Resolution
oauthauthrequest.go, authorize.go Kept fork's ConsentMCPConfigRequired field + consent-config guard, unioned with upstream consent changes
license/provider.go Took upstream's 24h interval + update() error signature; preserved fork's success-logging else block
Complete.svelte Kept fork's countdown-redirect behavior on upstream's base
consent/[oauth_auth_request]/+page.svelte Kept fork's MCP config-required flow (superset of upstream)
admin/license/+page.svelte Kept fork's @lucide/svelte import — the fork migrated off lucide-svelte repo-wide; upstream's lucide-svelte would break the build
Dockerfile Adopted upstream's python/pip drop; preserved fork's nodejs-24 pin + docker package
docker-build-and-push.yml Kept fork's OBOT_IMAGE naming and omission of the Depot enterprise jobs
openapi_generated.go Regenerated (go generate) from merged source types

Verification (local)

  • make all — builds UI (build + build-node) and bin/obot
  • pnpm run check — 0 errors, 0 warnings
  • make test — all pass
  • golangci-lint run — 0 issues

Decisions made during sync

  • Auth-complete screen: reconciled the fork's feat: add MCP server instance OAuth URL route #13 screen with upstream's; kept the fork's richer countdown behavior per discussion.
  • Python/pip: adopted upstream's removal from the runtime image. Flag if any fork workflow relied on python in the main container.

🤖 Generated with Claude Code

njhale and others added 8 commits June 18, 2026 09:56
Bumps the npm_and_yarn group with 1 update in the /docs directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).


Updates `webpack-dev-server` from 5.2.4 to 5.2.5
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…bot-platform#6983)

In order to know which MCP server the MCP client is trying to connect
to, they should send a resource parameter with the authorize request.
Not all clients do this. This change introduces a way to alter the
metadata endpoints so that we can still determine which MCP server the
client is connecting to when they don't send a resource parameter.

Signed-off-by: Donnie Adams <donnie@obot.ai>
This screen finishes the MCP OAuth flow so that we can control what the
user sees when the OAuth process completes. This fixes issues when we
redirect back to apps on a user's computer.

This change also removes the old login complete screen in favor of a
consistent experience. That is, if a user uses `obot login`, then they
will see this new "authentication complete" screen with the "you can now
close this window" text.

Signed-off-by: Donnie Adams <donnie@obot.ai>
Previously, we would check for a valid license on startup and every hour
after that. This change checks on startup and once per day.

Additionally, an API endpoint is added to allow users to manually check
their license once every 5 minutes.

Signed-off-by: Donnie Adams <donnie@obot.ai>
Merge upstream tag v0.23.2 into the fork (was based at v0.23.0), bringing
in the v0.23.1 and v0.23.2 patch releases (auth-complete screen, drop
python/pip from image builds, MCP OAuth consent screen, license
once-per-day check, etc.).

Conflict resolutions:
- oauthauthrequest.go / authorize.go: kept fork's ConsentMCPConfigRequired
  field and its consent-config guard (union with upstream consent changes).
- license/provider.go: kept upstream's 24h poll interval + update() error
  signature; preserved fork's success-logging else block.
- Complete.svelte / consent +page.svelte: kept fork's richer behavior
  (countdown redirect, MCP config-required flow) on upstream's base.
- admin/license/+page.svelte: kept fork's @lucide/svelte import (the fork
  migrated off lucide-svelte repo-wide; upstream's lucide-svelte would break
  the build).
- Dockerfile: adopted upstream's python/pip drop; preserved fork's nodejs-24
  pin and docker package.
- docker-build-and-push.yml: kept fork's OBOT_IMAGE naming and omission of
  the Depot enterprise jobs.
- openapi_generated.go: regenerated from merged source types.

Verified locally: make all (build + build-node + binary), pnpm run check,
and make test all pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hbanerjee74 hbanerjee74 merged commit bc6fa4c into main Jun 25, 2026
3 checks passed
@hbanerjee74 hbanerjee74 deleted the chore/sync-v0.23.2 branch June 25, 2026 13:46
hbanerjee74 added a commit that referenced this pull request Jun 25, 2026
…on (#17)

* chore: bump image version metadata to upstream v0.23.2

The image build resolves its tag from .accelerate/upstream-sync.json
(scripts/build-vibedata-image.sh → <upstreamObotVersion>-vibedata), but
that metadata was left at v0.23.0 through the v0.23.2 content sync (#14)
and the tag sync (#16). As a result the build would still publish
obot-vibedata:v0.23.0-vibedata despite the code being at v0.23.2.

Update upstreamObotVersion to v0.23.2 and the SHAs to the v0.23.2 commit
(31f8dd8). Verified locally: scripts/build-vibedata-image.sh now resolves
ghcr.io/accelerate-data/obot-vibedata:v0.23.2-vibedata.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: make upstream-sync version resolution robust

The auto-sync workflow writes .accelerate/upstream-sync.json (which drives
the image tag), but resolved the version via
`git describe --tags --abbrev=0 upstream/main`. That latches onto the
nearest ancestor tag — currently the malformed pre-release `v.0.23.2-rc1` —
and, because upstream cuts patch releases on release branches, can miss the
latest stable tag entirely.

Resolve instead to the highest stable `vX.Y.Z` tag (excluding RC/malformed
tags). This yields v0.23.2 today and auto-advances on future releases, so an
automated sync writes a correct, clean image version.

Note: this only covers syncs run through the workflow; the last two syncs
were done as manual merges, which is why the metadata had drifted.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants