v4.1.0#9841
Open
andrasbacsai wants to merge 59 commits intov4.xfrom
Open
Conversation
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) --- updated-dependencies: - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Dockerfile buildpack was passing --network {custom_network_name} to
docker build, but BuildKit only supports host, none, and default.
Every other buildpack already uses --network host with --add-host
flags. Aligned the Dockerfile path to match.
Fixes #9804
…-to-bottom Add wheel, touch, and keyboard event handlers to log containers in deployment and get-logs views. Auto-follow disables when user scrolls up; re-enables when user scrolls back to bottom (within 10px threshold).
Proxies (Cloudflare, nginx) drop idle WebSocket connections before the application notices, leaving clients typing into dead sockets. - Add server-side ping/pong heartbeat (30s) in terminal-server.js; terminate unresponsive clients instead of letting connections go stale - Move client keepAlive interval start to the connect event so it restarts correctly after reconnects - Remove hidden-tab keepalive short-circuit — server pings now own liveness; suppressing client pings while hidden masked proxy drops - Fix clearAllTimers to use clearTimeout for one-shot timers - On visibility resume, probe with a 5s timeout instead of the default 35s so half-open sockets are detected quickly - Bump coolify-realtime to 1.0.14 across all compose files
…servation - Kill PTY and notify client after 30 min of inactivity (IDLE_TIMEOUT_MS) - Buffer client messages during async auth/IP fetch to prevent race-condition message loss on fast reconnects - Replay last sent command after transient reconnect so PTY respawns without user interaction - Preserve scrollback on disconnect/reconnect; write visible timestamp markers instead of wiping term state - Handle idle-timeout sentinel on client with user-facing error message
…coolify-realtime (#9690)
…hook events Introduce a dedicated `audit` log channel (daily rotation, configurable retention via LOG_AUDIT_DAYS) and a small `auditLog()` / `auditLogWebhookFailure()` helper used to record state-changing API operations and webhook events. Instrumented: - API mutation endpoints (create / update / delete / start / stop / restart) across applications, services, databases (incl. backups, env vars, storage), servers, projects + environments, scheduled tasks, private keys, GitHub apps, cloud provider tokens, Hetzner server provisioning, instance enable/disable. - Webhook signature verification outcomes for GitHub, GitLab, Bitbucket, Gitea and Stripe, plus the Sentinel push endpoint. - Authentication and authorization outcomes via the global exception handler and the `ApiAbility` middleware (unauthenticated, ability-denied, policy-denied). The helper is wrapped in try/catch so logging failures never affect the request path. Successful operations log at `info`; suspicious/denied requests log at `warning`. Operators wanting a failures-only feed can set `LOG_AUDIT_LEVEL=warning`. Includes a feature test suite covering the helper, the webhook providers and the new auth/authorization log paths. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
… retry loop Move reachability notification triggering out of isReachableChanged into a dedicated ServerReachabilityChanged event dispatched by ServerConnectionCheckJob. Remove the blocking 3-attempt sleep loop from isReachableChanged — unreachable_count threshold alone now gates the Unreachable notification. Add feature and unit tests covering all notification dispatch paths.
Add `connection_timeout` field to server settings, allowing per-server override of the global SSH connection timeout constant. - Migration adds `connection_timeout` integer column (default 10s) - `ServerSetting` model exposes and casts the new field - `SshMultiplexingHelper::getConnectionTimeout()` resolves per-server value with fallback to `constants.ssh.connection_timeout` - All SSH/SCP command builders use the new resolver instead of the global config directly - Livewire `Show` component binds `connectionTimeout` with validation (1–300 seconds) and syncs to/from the model - UI input added to server settings form with helper text - Feature tests cover default, persistence, resolver, and fallback
Add connection_timeout to create_server docs, update_server allowed fields, validation (integer 1-300), and advanced settings update path.
Replace hardcoded HMR host with VITE_HOST/VITE_PORT env vars. Set allowedHosts to true and derive origin/HMR config from env, falling back to defaults when vars are absent.
Tests cover PATCH update success, out-of-range, above-max, and non-integer validation for the connection_timeout field.
Large host files mounted via Docker volumes caused the storages page to become unusable — full file content was stored in the encrypted mediumText column and serialised into the Livewire payload, crashing the browser. - Add MAX_CONTENT_SIZE (5 MiB), BINARY_PLACEHOLDER, and TOO_LARGE_PLACEHOLDER constants to LocalFileVolume - Check remote file size via stat/wc before cat in loadStorageOnServer and saveStorageOnServer; store placeholder instead of content when limit exceeded - Expose is_too_large computed attribute (appended for Livewire serialisation) - Guard submit, instantSave, and syncData in FileStorage Livewire component - Truncate oversized content in Storage::refreshStorages to prevent payload bloat - Show distinct warning banner in file-storage blade; mark textarea readonly and hide Save/Convert buttons for too-large files - Add unit tests covering constants, computed flags, and toArray serialisation Fixes #4701
Add DetectsSkipDeployCommits trait with two strategies: shouldSkipDeploy (all commits must contain the marker) for push events, and shouldSkipDeployAny (any single marker triggers skip) for PR/MR titles and latest-commit signals. Apply trait to Bitbucket, Gitea, GitHub, GitLab webhook controllers and ProcessGithubPullRequestWebhook job. PRs pass pullRequestTitle through to the job constructor for evaluation.
Add Model Context Protocol server exposing Coolify infrastructure data to AI assistants. Includes tools for listing/fetching servers, projects, applications, databases, and services, scoped to authenticated team tokens. - Add CoolifyServer with 10 read-only tools (list/get for all resource types) - Add BuildsResponse and ResolvesTeam traits for shared tool logic - Add EnsureMcpEnabled middleware guarding /mcp routes - Add enable/disable MCP API endpoints (root-only) - Add is_mcp_server_enabled toggle in instance settings and advanced UI - Add migration for is_mcp_server_enabled column - Add feature tests for MCP endpoints and toggle API - Scrub sensitive keys (passwords, tokens, raw IDs) from all responses
Condense verbose 1666-line AI reference into 752-line structured YAML/Markdown spec. Move from .ai/design-system.md to repo-root DESIGN.md for broader visibility.
…licitly set Change `commit` param from `string 'HEAD'` default to `?string null`, then resolve priority: explicit param > app `git_commit_sha` > `'HEAD'` fallback. Add feature tests covering all four resolution paths.
…ors on cloud On cloud, DeploymentException and TimeoutExceededException are expected failure modes that pollute the Horizon failed jobs UI. Listen to JobFailed events and scrub the entry via JobRepository::deleteFailed so operators are not alerted for noise failures. Self-hosted instances are unaffected.
Replace hard validation error with self-healing token logic. Tokens that are null, empty, or fail decryption are now regenerated automatically rather than crashing sentinel startup or metrics reads. Token format changed from encrypted JSON payload to a plain 64-char random string (Str::random), eliminating double-encryption issues and simplifying the validation regex to cover the new character set. New `ensureValidSentinelToken()` method on ServerSetting centralises the get-or-regenerate contract; both StartSentinel and HasMetrics now delegate to it. HasMetrics logs a warning when regeneration occurs so operators know a sentinel container restart is required. `isValidSentinelToken()` now accepts `?string` (null → false). Adds feature tests covering: null/empty/undecryptable stored values, idempotent return of valid tokens, RuntimeException only when regeneration itself produces an invalid token, no double-encryption of newly generated tokens, and cast round-trip consistency.
…e validation error (#9543)
Replace random string with encrypted JSON payload containing server_uuid, binding token to its server for validation. Remove double-encrypt test no longer relevant to new token format.
…ests Replace 8× repeated per-type if-blocks in `queryDatabaseByUuidWithinTeam` and `queryResourcesByUuid` with a single loop over the new `STANDALONE_DATABASE_MODELS` constant. Add unit tests to guard the registry against drift (keys mirror `DATABASE_TYPES`, every entry is a valid Eloquent model with `team()`), and feature tests covering team-ownership, wrong-team, and unknown-UUID cases for `queryDatabaseByUuidWithinTeam`.
…ases() Add missing DB types to StandaloneDocker::databases() concat chain and cover all 8 standalone database types with feature tests.
Add explicit CORS allowlist covering localhost variants, APP_URL env var, and the configured vite host/port pair. Replaces implicit open CORS with regex-based origin matching.
…en ineligible Move copyLogs from PHP Livewire method to Alpine.js to avoid unnecessary server round-trips. Extract collectVisibleLogs() helper shared by both copy and download actions. Hide refund section entirely when not eligible instead of rendering a permanently disabled button.
…rvice/app listing - `/mcp/enable` and `/mcp/disable` now use POST (state-mutating ops) - `ListServices` queries DB directly instead of loading all projects into memory - `ListApplications` validates tag arg rejects empty string (not just falsy)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Issues