* fix(api): rate-limit magic-code verification and bound per-token attempts
The magic-link sign-in / sign-up endpoints accept a 6-digit numeric code
(900k-value space, 600s TTL) but never increment a failure counter on a
wrong-code verify and extend django.views.View rather than DRF APIView,
so DRF's AuthenticationThrottle never runs against them. The space-side
generate endpoint also lacked throttle_classes. Combined, this allowed
an unauthenticated attacker who knew a victim's email to brute-force
the code within the TTL window and log in as the victim.
- Add MAX_VERIFY_ATTEMPTS=5 in MagicCodeProvider.set_user_data: failed
comparisons now persist verify_attempts in Redis under the remaining
TTL and, on hitting the limit, delete the key and raise
EMAIL_CODE_ATTEMPT_EXHAUSTED. This is the load-bearing fix - it caps
total attempts per issued token regardless of request rate.
- Add authentication_throttle_allows() so plain Django Views can apply
AuthenticationThrottle without converting to APIView (would change
CSRF + request-parsing semantics for the redirect-flow endpoints).
- Apply the throttle to MagicSignIn/UpEndpoint and the space variants;
add throttle_classes to MagicGenerateSpaceEndpoint to match its app
sibling.
Refs GHSA-9pvm-fcf6-9234.
* fix(api): make verify-attempt increment atomic, expose throttle rate via env
Address PR review feedback:
- Replace the JSON read-modify-write of verify_attempts with a Lua
EVAL script that INCRs a dedicated counter key and EXPIREs it only
on the first increment. The previous round-trip was racy: parallel
wrong-code requests could read the same value and both write the
same incremented count, letting an attacker exceed MAX_VERIFY_ATTEMPTS
under concurrency. Counter is now reset on each new token issuance
and cleared on successful verify / exhaustion.
- Make AuthenticationThrottle.rate configurable via the
AUTHENTICATION_RATE_LIMIT env var (default 10/minute, down from 30
to tighten the budget on unauth auth-adjacent endpoints). Document
it in deployments/aio and deployments/cli variables.env.
* test(api): cover magic-code attempt cap, counter reset, and auth throttle
Add the contract tests called out in the PR test plan:
- TestMagicSignInVerifyAttempts:
- test_exhausted_after_max_wrong_attempts: after MAX_VERIFY_ATTEMPTS
wrong codes the next verify redirects with EMAIL_CODE_ATTEMPT_
EXHAUSTED_SIGN_IN and both Redis keys are deleted; a follow-up
verify reports EXPIRED.
- test_counter_increments_on_each_wrong_attempt: the dedicated
verify_attempts counter advances by exactly one per wrong POST,
matching the atomic Lua INCR.
- test_counter_resets_on_token_regeneration: regenerating the
magic-link clears the counter so the user isn't pre-locked-out by
a prior session's wrong attempts.
- TestMagicSignUpVerifyAttempts.test_signup_exhausted_after_max_wrong_attempts:
the sign-up endpoint returns EMAIL_CODE_ATTEMPT_EXHAUSTED_SIGN_UP on
the exhausting attempt.
- TestAuthenticationThrottle: exercises authentication_throttle_allows
on the plain-View redirect-flow endpoints by patching the rate down
and asserting RATE_LIMIT_EXCEEDED is appended to the redirect URL
once the per-IP budget is exceeded, for both magic-sign-in and
magic-sign-up.
Each new class clears Django cache (DRF throttle storage) and the
per-email Redis keys around every test so runs are independent.
* fix(api): clamp remaining_ttl to >=1 for verify-attempt counter EXPIRE
ri.ttl() returns 0 when the token has less than one second remaining
(Redis floors to whole seconds). The previous clamp only caught
None and < 0, so a sub-second TTL would pass through and the Lua
script's EXPIRE counter 0 would immediately delete the key — letting
an attacker bypass MAX_VERIFY_ATTEMPTS during the final second of the
token's life. Switch the comparison to <= 0.
Narrow real-world impact (sub-second window, throttle still bounds
the rate) but the cap should hold regardless of timing.
* fix: bump npm deps to resolve Dependabot advisories
Resolve 8 open Dependabot alerts (all npm, in pnpm-lock.yaml) by bumping
the affected packages in pnpm-workspace.yaml and regenerating the lockfile:
- axios 1.15.2 -> 1.16.0 (catalog): CVE-2026-44494/44492/44490/44489
- tmp -> 0.2.6 (override): CVE-2026-44705 path traversal
- ws 8.x -> 8.20.1 (catalog + scoped override): CVE-2026-45736
- qs 6.14.2 -> 6.15.2 (override): CVE-2026-8723 DoS
- brace-expansion 5.0.5 -> 5.0.6 (override): CVE-2026-45149 DoS
brace-expansion and qs were pinned to their vulnerable versions in the
overrides block, so the pins had to be bumped directly. ws is scoped to
the 8.x major (ws@7.5.10 is below the vulnerable >=8.0.0 floor). All bumps
are semver-compatible patch/minor upgrades; no source changes required.
* fix: use named axios `create` import after 1.16.0 bump
axios 1.16.0 newly exposes `create` as a named export, so oxlint's
import/no-named-as-default-member rule now flags `axios.create(...)`.
That added one warning to @plane/services (7 > its --max-warnings=6
baseline) and to apps/web and apps/live, failing check:lint — surfaced
on this PR because the lockfile change busts Turbo's lint cache.
Switch the three `axios.create(...)` call sites to a named `{ create }`
import. `create` is a real value+type export in axios 1.16.0 (verified
via tsc). isCancel/CancelToken are left as `axios.*`: CancelToken is
only a type export (cannot be a value import under verbatimModuleSyntax)
and both were already counted within the existing baselines.
Verified locally: full `pnpm check:lint` (16/16) and `check:types`
(15/15) pass.
The web/admin/space Docker image builds fail at the Vite/PostCSS step with
"Cannot find module '@tailwindcss/postcss'". These apps load the shared
@plane/tailwind-config/postcss.config.js, which references the @tailwindcss/postcss
plugin by name, but the plugin was only declared as a dependency of
packages/tailwind-config.
The Docker build installs via turbo prune + 'pnpm fetch' + 'pnpm install --offline',
which lays out node_modules so PostCSS resolves the plugin relative to the app
directory (apps/<app>), where it is not reachable. A plain 'pnpm install' resolves
it from tailwind-config's context instead, which is why local builds passed and
masked the issue.
Declare @tailwindcss/postcss as a direct devDependency of the three apps that run
Vite/PostCSS so it is symlinked into each app's node_modules and resolves under the
isolated linker regardless of install flow.
Verified by reproducing the exact Docker flow (prune -> fetch -> --frozen-lockfile
offline install -> build) for admin, space and web: all install in sync and build
successfully with full Tailwind CSS output.
* fix(api): return HTTP response from dispatch() exception handler
BaseAPIView.dispatch() and BaseViewSet.dispatch() built the proper
error Response via handle_exception() but returned the raw exception
object instead, causing Django to raise
"TypeError: 'Exception' object is not a valid HTTP response".
Fix all six occurrences across the api, app, license and space view
bases, and add a regression test covering every affected base class.
Fixes#9157
* chore(api): add copyright header to tests/unit/views/__init__.py
The empty package init file was missing the AGPL copyright header,
failing the Copy Right Check CI (addlicense -check on all tracked
.py files).
Centralize every external dependency version in the pnpm catalog
(pnpm-workspace.yaml) and reference them via `catalog:` across all
apps and packages. Packages that previously used differing versions
were unified to the highest (notably @react-pdf/renderer ^3.4.5 ->
^4.3.0 in apps/web).
* fix(api): harden webhook & link-unfurl SSRF (advisory clusters A/B/C)
Resolves three overlapping SSRF advisory clusters around webhook delivery
and work-item link unfurling:
- Cluster A (private-IP validation + PATCH bypass): the webhook PATCH
handler passed context={request: request} (the request object as the
dict key) so the loopback/disallowed-domain guard silently no-op'd —
now context={"request": request}. Hardened IP classification
(is_blocked_ip) to also block multicast, unspecified, CGNAT
(100.64.0.0/10), and IPv4 embedded in IPv6 transition addresses
(IPv4-mapped, NAT64, 6to4, Teredo), robust across Python versions.
- Cluster B (DNS-rebinding TOCTOU): validators resolved DNS, then
requests resolved it again at connect time. New pinned-IP client
(plane/utils/url_security.py) resolves+validates once and connects to
the validated IP literal so urllib3 performs no second lookup, while
preserving Host header, TLS SNI and certificate verification against
the real hostname.
- Cluster C (redirect SSRF): webhook delivery never follows redirects;
the link crawler follows them manually, re-resolving + re-validating +
re-pinning every hop.
Also: pin requests==2.33.0 in base.txt (imported directly; the pinning
adapter needs the >=2.32 get_connection_with_tls_context hook), and log
webhook URL-validation rejections to WebhookLog instead of swallowing
them.
Tests: new test_url_security.py (pinning, rebinding, redirect
re-validation, IP edge cases, TLS SNI) + updated link-task tests.
Full unit suite: 178 passed.
* fix(api): block OAuth avatar SSRF + add per-advisory SSRF regression tests
Verified every SSRF-class advisory against the current code. The webhook /
link / favicon reports — including the published CVE-2026-30242 and
CVE-2026-39843 and the newer "still bypassable" reports (DNS rebinding
GHSA-3856/-fgcv/-9292/-whh3/-4mjx/-6p39/-fv24/-8wvv, IP-classification gaps
GHSA-75fg, redirect GHSA-6v37/-jw6g/-mq87) — are resolved by the pinned-IP
client + hardened classifier in this branch.
The one SSRF family still unresolved was the OAuth avatar path:
download_and_upload_avatar() fetched the provider-supplied avatar_url with a
raw requests.get (no IP validation, default redirect following), so an
attacker-controlled avatar could reach internal addresses and be exfiltrated
via the static-asset endpoint (GHSA-cv9p-325g-wmv5, and the avatar hop of the
Gitea SSRF GHSA-hx79-5pj5-qh42). It now uses pinned_fetch_following_redirects,
which validates + pins every hop and blocks internal targets.
Adds test_ssrf_advisories.py: a per-advisory regression map covering webhook
IP validation, the PATCH context-key guard, webhook DNS rebinding, webhook
redirect, favicon redirect + rebinding, and OAuth avatar SSRF.
docker compose test: 199 unit tests pass.
* fix(api): address PR review feedback on the SSRF pinned client
- url_security: preserve URL-embedded credentials (user:pass@host) as Basic
Auth instead of silently dropping them when rewriting to the IP literal
(Copilot); bracket IPv6-literal hostnames in the Host header (Copilot);
add stream=True support that keeps the session open until the response is
closed, and release intermediate redirect hops.
- ip_address / work_item_link_task: treat UnicodeError (IDNA failures) from
getaddrinfo as a resolution failure, not an uncaught exception (CodeRabbit).
- authentication/adapter/base: stream the avatar download so the size cap
actually bounds memory, upload the size-bounded buffer (not response.content),
and always close the response (CodeRabbit, major).
- tests: cover auth preservation, IPv6 Host bracketing, IDNA handling, and
streamed session lifetime; drop an unused import.
docker compose test: 204 unit tests pass.
- Define API_KEY_RATE_LIMIT in plane/settings/common.py and read it via
django.conf.settings in ApiKeyRateThrottle instead of os.environ.
- Remove ServiceTokenRateThrottle and the service-token branch in
BaseAPIView.get_throttles; all API key requests now go through
ApiKeyRateThrottle.
* fix(web): add Safari fallback for requestIdleCallback
* fix(web): use globalThis in idle-task fallbacks
Switch idle-task fallback paths from window.* to globalThis.* so the
fallback no longer crashes in environments where window is undefined.
Also thread IdleRequestOptions through requestIdleFallback so the
caller's timeout hint is honored when falling back.
Addresses CodeRabbit review feedback on #9137.
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: bump turbo to 2.9.14, migrate pnpm config to workspace yaml
- Bump turbo from 2.9.4 to 2.9.14 in root package.json and the
four production Dockerfiles (web, live, admin, space).
- Move pnpm.overrides, onlyBuiltDependencies, and
ignoredBuiltDependencies from package.json into pnpm-workspace.yaml.
pnpm v10+ no longer reads the pnpm field in package.json, so the
full overrides block and most of onlyBuiltDependencies were being
silently ignored.
- Add @plane/utils as a workspace dependency to the live server.
* chore: drop unused allowBuilds block, bump lodash-es to 4.18.1
- Remove the `allowBuilds` block from pnpm-workspace.yaml. It is not
a recognized pnpm v10/v11 key and its values were inconsistent with
the actual `onlyBuiltDependencies` / `ignoredBuiltDependencies`
configuration.
- Bump `lodash-es` catalog entry from 4.18.0 to 4.18.1. With overrides
now applied workspace-wide, 4.18.0 (marked deprecated as a "bad
release") was being enforced everywhere.
* fix: use pnpm v11 allowBuilds in place of removed legacy keys
`onlyBuiltDependencies` and `ignoredBuiltDependencies` were removed
in pnpm v11. They were being silently ignored on this branch, which
caused `ERR_PNPM_IGNORED_BUILDS` to fail CI under `--frozen-lockfile`.
Replace them with the v11-native `allowBuilds:` block, mapping the
previous allowlist to `true` and the previous denylist (sharp) to
`false`. Locally verified that the build scripts for @parcel/watcher,
@swc/core, esbuild, and msgpackr-extract now run on install.
* fix: harden API token handling against rate-limit tampering and plaintext logging
- Make `allowed_rate_limit` read-only on APITokenSerializer so users can no
longer raise their own API token rate limit via PATCH (GHSA-xfgr-2x3f-g2cf).
- Stop persisting API keys in plaintext in APITokenLogMiddleware: store a
SHA-256 hash as the token identifier and redact sensitive request headers
(X-Api-Key, Authorization, Cookie) before logging (GHSA-r5p8-cj3q-38cc).
* refactor: remove MongoDB log sink and add per-log-type retention
Logs are now written to and cleared from PostgreSQL only; MongoDB is no
longer used as a log sink or archive.
- Drop the MongoDB write/archival paths from the API request logger, the
webhook log writer, and the cleanup tasks; Postgres is the sole sink.
- Cleanup tasks now hard-delete expired rows in batches via `all_objects`
(rows are removed immediately, not soft-deleted).
- Add env-backed, per-log-type retention settings: API activity logs
(API_ACTIVITY_LOG_RETENTION_DAYS, default 14), webhook logs
(WEBHOOK_LOG_RETENTION_DAYS, default 14), email logs
(EMAIL_LOG_RETENTION_DAYS, default 7). HARD_DELETE_AFTER_DAYS no longer
drives any log cleanup.
- Delete settings/mongo.py, remove MONGO_DB_* settings and the plane.mongo
loggers, and drop the pymongo dependency.
* chore: gitignore local advisories.md notes file
* fix: use keyed HMAC-SHA256 for API token log identifier
Address CodeQL "weak hashing of sensitive data" by hashing the API key with
a SECRET_KEY-keyed HMAC instead of a bare SHA-256. The identifier is a
non-reversible tokenization of a high-entropy key (not password storage);
keying it also prevents precomputing the digest from a known key value.
* chore: address review feedback on log cleanup and request logging
- process_logs accepts extra kwargs so jobs enqueued by an older release
(with a mongo_log arg) don't fail during a rolling deploy.
- Log-cleanup batch delete failures are logged and skipped rather than
aborting the run, so a single bad batch can't block the rest.
- Extend logger middleware test to assert Authorization and Cookie headers
are redacted; add a test that a failing cleanup batch is swallowed.
* fix: fall back to default when a log retention env value is invalid
Negative (or unparseable) retention values would compute a future cutoff and
delete every log row. The retention settings now fall back to their defaults
in that case via a shared `_retention_days` helper.
- Replace flat pr-description.md / release-notes.md with per-skill folders
- Add new branch-name and translate skills
- Update release-notes skill to match the GitHub Releases format (v1.2.0)
* chore(api): add docker compose test runner
Adds docker-compose-test.yml at the repo root that boots an isolated
postgres / valkey / rabbitmq / minio stack with health checks and tmpfs
data dirs, then runs pytest against it and exits. Includes a usage doc
under apps/api/tests/RUNNING_TESTS.md and a pointer in AGENTS.md.
Prereq: ./setup.sh (generates apps/api/.env).
Usage:
docker compose -f docker-compose-test.yml up --build \
--abort-on-container-exit --exit-code-from api-tests
docker compose -f docker-compose-test.yml down -v
* fix(api): correct bugs surfaced by the pytest suite
Five small bugs caught by enabling the pytest contract suite end-to-end.
Each is independently justifiable:
- api/serializers/cycle.py + api/views/cycle.py: CycleCreateSerializer.validate
required project_id in the request body, but the view only ever passes
it through the URL kwarg. Cycle create/update via the public API was
returning 400 "Project ID is required". Read project_id from
serializer context (passed by the view) in addition to body/instance.
- app/views/api.py: ApiTokenEndpoint.get(pk) and patch(pk) did not filter
out is_service=True tokens, so a user could read and modify service
tokens through the user token endpoint. The list mode and delete
already filter is_service=False; aligned the other two.
- bgtasks/work_item_link_task.py: validate_url_ip checked hostname before
scheme, so file:///etc/passwd raised "No hostname found" instead of
the documented "Only HTTP and HTTPS" error. Swapped the order so the
scheme guard matches the docstring intent.
- utils/path_validator.py: get_allowed_hosts used `WEB_URL or APP_BASE_URL`
so when both are configured to different hosts (the standard local
setup: WEB_URL=:8000, APP_BASE_URL=:3000), only one was added to the
allow-list. Redirects to APP_BASE_URL then had their next_path stripped
because the host wasn't allowed. Include every configured base URL.
* chore(api): align pytest tests with current behavior, clear warnings
Test-side fixes paired with the product fixes in the previous commit, plus
deprecation cleanup that drops the test run from 104 warnings to 0.
Tests:
- tests/contract/api/test_cycles.py: project fixture sets cycle_view=True;
the Project model defaults the flag to False, so cycle create/update
always tripped "Cycles are not enabled for this project".
- tests/contract/app/test_authentication.py: next_path uses "/workspaces"
(validate_next_path rejects values without a leading slash and returns
empty, which dropped the path from the redirect URL).
- tests/unit/bg_tasks/test_copy_s3_objects.py: mocked sync_with_external_service
now returns description_json; the task unconditionally writes the value
back to the Issue, and Issue.description_json is NOT NULL on UPDATE.
- tests/unit/utils/test_url.py: three length-limit tests placed the URL at
char 970+ on a single line, which contains_url truncates away as ReDoS
defense (500-char per-line cap). Restructured to keep test intent intact
while staying inside the per-line window.
Warning cleanup (104 → 0):
- settings/common.py: removed USE_L10N=True (deprecated in Django 4.0,
removed in 5.0; default is True).
- celery.py, settings/local.py, settings/production.py: pythonjsonlogger
moved jsonlogger → json; update the import / formatter path.
The webhook dispatcher validated webhook.url before posting but called
requests.post() without allow_redirects=False, so a webhook destination
could return a 3xx redirect to an internal address (cloud metadata,
internal services) and have the worker fetch it and persist the
response body to webhook_logs, readable back via the webhook-logs API.
Pass allow_redirects=False so the original validate_url() guard is
authoritative. Matches the pattern already used by safe_get() in
work_item_link_task.py and the behavior of GitHub/Stripe/Slack webhooks.
The community AIO Dockerfile declared the VOLUME instruction with
single quotes: VOLUME ['/app/data', '/app/logs']. Docker's JSON (exec)
form requires double quotes; with single quotes the line is parsed as
the shell form and the bracket/comma tokens become literal volume
paths ('[/app/data,' and '/app/logs]').
Docker tolerated these non-absolute anonymous volume paths at container
create time until Engine 29.5.0, which now rejects them with
"invalid mount config for type volume: invalid mount path: '[/app/data,'
mount path must be absolute", breaking `docker compose up --force-recreate`
and any container recreation for the AIO community image.
Switching to the valid JSON array form fixes the parsing.
* test(api): add regression tests for create-project endpoint
Cover three scenarios:
- project_lead set to the creator's own user_id
- project_lead set to a different workspace member
- project_lead omitted (baseline)
The first two currently fail on preview because of a UUID coercion
bug in ProjectMember.objects.create — see follow-up commit.
* fix(api): pass project_lead_id (not User instance) when creating ProjectMember
The create-project endpoint built a ProjectMember row with
member_id=serializer.instance.project_lead, which resolves to a User
instance via Django's related descriptor instead of a UUID. Django's
UUIDField coercion then fails with AttributeError: 'User' object has
no attribute 'replace', which the generic exception handler converts
to a 400 "Please provide valid detail" — but only after the Project
row was already persisted, leaving an orphaned project without
default states.
Fix:
- Use project_lead_id (FK ID, no descriptor lookup) on both the guard
comparison and the ProjectMember creation.
- Wrap the post-save flow in transaction.atomic() so any future
exception triggers a clean rollback.
- Defer model_activity.delay() with transaction.on_commit() so the
activity log only fires after a successful commit.
- Capture the exception with log_exception() in the generic catch so
future regressions surface in api logs.
Note: a related data integrity issue exists where
ProjectCreateSerializer doesn't create a ProjectIdentifier row
(unlike its frontend counterpart). Out of scope here, will follow
up in a separate PR.
* fix(api): return 500 on unexpected errors and harden project create
Address review feedback from @sriramveeraghanta on PR #8966:
- The catch-all `except Exception` now returns 500 instead of 400.
Reusing the generic 400 response on a server-side crash was the
anti-pattern that hid the original ghost-create bug for nine months;
a 500 lets clients distinguish between "bad input" and "server fault".
- The `IntegrityError` branch no longer falls through silently when the
message is unrecognised. It re-raises so the catch-all `except` logs
the exception and returns a 500.
- `transaction.on_commit()` now schedules `model_activity.delay` via
`functools.partial` instead of a lambda, avoiding late-binding closure
semantics.
- `ProjectCreateSerializer.validate()` now rejects `project_lead`
values that are not active workspace members, surfacing the error
under the `project_lead` field key (rather than as `non_field_errors`)
so API clients can react programmatically.
* test(api): harden assertions and cover rollback / workspace-membership
Address review feedback from @sriramveeraghanta on PR #8966:
- The three existing tests now look up the created project via
`Project.objects.get(id=response.data["id"])` instead of
`.first()`. The assertion now fails for the right reason if the
wrong project is returned by the endpoint.
- New `test_create_project_with_lead_not_in_workspace_returns_400`
guards the workspace-membership validation added to
`ProjectCreateSerializer.validate()`. Expects a 400 with a
field-shaped error and zero rows persisted.
- New `test_model_activity_not_called_on_rollback` locks in the
`transaction.on_commit()` semantics: when an exception is raised
inside the atomic block (forced via mocking `State.objects.bulk_create`),
the response is 500, no Project / ProjectMember / State rows are
persisted, and the deferred `model_activity.delay` task is never
dispatched. This prevents a future refactor from silently
regressing the rollback contract.
* fix(api): mark on_commit dispatch as robust against broker failures
Address coderabbit re-review feedback on PR #8966.
Without robust=True, an exception raised by model_activity.delay
(e.g., a Celery broker outage) propagates out of the on_commit
callback and is caught by the outer `except Exception` handler,
which returns a 500 despite the project, ProjectMember rows and
default States having already been committed. The client sees a
500 and assumes the create failed — the same class of mismatch
between actual state and reported status that the original bug
exhibited, just at the post-commit phase.
Set robust=True so Django logs the dispatch failure internally
via the standard transaction logger and the response stays 201,
reflecting the persisted state.
Switch from `functools.partial` to a nested function
(`_dispatch_model_activity`) for the on_commit callable. Django's
robust on_commit logging path reads `func.__qualname__` to format
the error message; `partial` objects lack that dunder by default,
and the `functools.update_wrapper` workaround turns out to be
brittle when the wrapped callable is replaced by a Mock (which
the new regression test relies on). A nested function exposes
`__qualname__` natively, and the locals it closes over are
bound at definition time and never rebound before the callback
fires, so the late-binding-closure motivation for `partial` over
`lambda` does not apply here.
A new test, test_response_still_201_when_broker_dispatch_fails,
mirrors test_model_activity_not_called_on_rollback to lock in the
post-commit branch. It uses `@pytest.mark.django_db(transaction=True)`
so the surrounding test transaction is actually committed and the
`on_commit` callback fires (the default wrapper suppresses it via
rollback).
* fix(api): handle unrecognised IntegrityError consistently
Address coderabbit re-review feedback on PR #8966.
The previous fix used `raise` inside the IntegrityError handler with
the intent of "letting the catch-all `except Exception` below log it
and return 500". Coderabbit correctly flagged that `raise` exits the
try/except entirely — sibling except clauses don't fire — so
unrecognised integrity errors actually skipped `log_exception` and
the consistent 500 JSON shape, contradicting the stated intent.
Replicate the catch-all behaviour inline: log the exception via
`log_exception(e)` and return the same generic 500 response with
`{"error": "An unexpected error occurred"}`. The client now gets a
uniform error shape regardless of which `except` branch handled it.
---------
Co-authored-by: Jose Antonio Martinez <257598434+jamartineztelecoengineer84-dotcom@users.noreply.github.com>
* refactor(i18n): migrate packages/i18n from MobX to react-i18next with per-feature namespaces
Replaces the internals of packages/i18n with react-i18next while preserving the
identical public API. Consumer code using useTranslation() and TranslationProvider
requires no changes.
Translation file format: TS objects to JSON namespaces
- Converted TypeScript translation files (19 languages) into feature-based JSON namespace files
- Split the monolithic translations.ts into per-feature namespace files: workspace.json,
project.json, work-item.json, cycle.json, inbox.json, etc.
- 30 community namespaces across 19 languages = 570 JSON files
Core runtime: MobX to i18next
- Replaced MobX TranslationStore with an i18next instance using i18next-icu
(preserves ICU MessageFormat) and i18next-resources-to-backend (namespace lazy loading)
- useTranslation() and TranslationProvider keep identical signatures
- All namespaces pre-loaded during init for the current language to prevent
re-render cascades
- Reads saved language from localStorage before init for faster first paint
Build tooling
- scripts/generate-types.ts: Reads English JSON files and outputs keys.generated.ts
with a flat union of translation keys (runs before every build)
- scripts/sync-check.ts: Cross-locale missing/stale key detection, cross-namespace
collision detection, path conflict detection (supports --ci mode)
App-level changes
- Removed useTranslation-based language sync effect from store-wrapper
- Language is now synced imperatively from profile.store (fetchUserProfile,
updateUserProfile) and root.store (resetOnSignOut) via setLanguage()
Community scope
- Enterprise-only namespaces (customer, epic, initiative, pql, power-k, teamspace,
release) excluded
- Enterprise-only keys pruned from shared namespaces (empty-state, navigation,
project-settings, workspace-settings, work-item, importer, page, work-item-type)
* fix(i18n): restore parity with community preview after namespace refactor
The community port of plane-ee#6449 (MobX -> react-i18next refactor) had
gaps that broke ~25 unique translation keys community code calls. This
commit restores parity:
- Port power-k namespace (19 locales) from plane-ee, stripped of EE-only
paths (initiative/customer/teamspace/dashboards/AI assistant). Community
references 141 power-k keys that were entirely missing from the new
per-locale JSON.
- Restore epic.* keys (8 leaves) into work-item.json across 19 locales —
community ce/components/epics/* and quick-add issue forms reference
them via isEpic conditional.
- Add 'date' leaf to common.json across 19 locales (sourced from
work_item_types.settings.properties.property_type.date.label so the
proper translation, not English, is used).
- Move exporter.* subtree from importer.json to common.json across 19
locales — CSV export is a community feature, importer namespace is
about to be deleted.
- Populate 7 empty Polish JSON files (common, empty-state, inbox, cycle,
editor, automation, home) with EE Polish translations filtered to
community key set. The community port committed these as 0-byte files.
- Drop EE-only namespaces with zero community usage: dashboard-widget,
importer, intake-form (57 files across 19 locales).
- Update NAMESPACES const: drop the 3 deleted namespaces, add power-k.
- Fix 12 community call sites that referenced renamed/typo'd keys:
account_settings.api_tokens.heading -> .title
auth.common.password.toast.error.* -> .change_password.error.*
sign_out.toast.error.* -> auth.sign_out.toast.error.*
notification.toasts.un_snoozed -> .unsnoozed
profile.stats.priority_distribution.priority -> common.priority
projects.label -> common.projects
progress -> common.progress
epics -> common.epics
creating_theme -> common.saving (no localized source available)
toast.error (with trailing space typo) -> toast.error
Verified: every literal t(...) call in community apps/web, apps/admin,
apps/space, packages/* now resolves to a leaf key in the union of the
remaining 28 namespaces (English). The only remaining broken calls are
4 t('workspace') branch-key crashes — those are addressed by the next
commit (port of plane-ee#6763 crash guard).
Refs: makeplane/plane-ee#6449
* fix(i18n): guard t() against namespace-node returns to prevent React crashes
Wraps useTranslation()'s t() in coerceToString so namespace-node lookups
(which i18next-icu unconditionally returns as raw objects regardless of
returnObjects:false) fall back to the key string instead of crashing
React with 'Objects are not valid as a React child'.
Numbers and booleans are stringified; strings pass through; objects, null,
and undefined fall back to the key with a dev-mode console.warn pointing
to the bad call site. Production builds suppress the warning but keep the
guard. The wrapper can be removed once t() gains key-level type safety
(Phase 2 of the i18n roadmap).
Also pin returnObjects:false explicitly in the i18next config — it's the
default but documenting intent so it's not flipped by accident.
Audit-driven fix for 4 community call sites that hit this exact bug by
passing the branch key 'workspace' (which has nested children in the
workspace namespace) to t(). Switched to t('common.workspace') (existing
leaf with value 'Workspace').
Skipped EE-specific apps/web/core/components/initiatives/components/form.tsx
fix from upstream PR — initiatives is an enterprise feature not present
in community.
Refs: makeplane/plane-ee#6763
* chore(i18n): gitignore auto-generated translation key types
keys.generated.ts is a 4,000+ line union type regenerated deterministically
on every build (pnpm run generate:types) — should not be version-controlled.
Adding the file to .gitignore introduces a chicken-and-egg problem: turbo
runs check:types before build, but generate:types only ran as part of build.
On a fresh clone with no keys.generated.ts present, tsc --noEmit fails. Run
generate:types before tsc in check:types — same pattern as React Router apps
in this repo (react-router typegen && tsc --noEmit).
- Add packages/i18n/src/types/keys.generated.ts to root .gitignore
- Untrack the file from git (git rm --cached)
- Run generate:types before tsc in check:types
Verified: deleting keys.generated.ts and running check:types regenerates
the file correctly. After regeneration, git status shows the file remains
untracked (.gitignore is honored).
Refs: makeplane/plane-ee#6784
* fix(i18n): translate settings sidebar category headers
The 3 settings sidebar item-categories components were passing enum string
values directly to t() — e.g. t('your profile'), t('work-structure'),
t('administration'). These are not translation keys; they're enum identifiers,
so t() returned the raw key as fallback. Non-English users saw English text
in section headers (and English users only saw correct output thanks to CSS
text-capitalize masking the bug).
Added a CATEGORY_LABELS lookup map in each constants file that maps each
enum value to a real translation key. Components now call t(LABELS[category])
instead of t(category).
- Added 5 new keys to en/common.json common.* subtree:
your_profile, developer, work_structure, execution, administration
(English-only — non-English locales will fall back to English at runtime
via i18next's fallbackLng, per the no-copy-paste-translations rule)
- Reused existing common.general and common.features for the categories
whose labels already had translated keys
- Added PROFILE_SETTINGS_CATEGORY_LABELS, PROJECT_SETTINGS_CATEGORY_LABELS,
WORKSPACE_SETTINGS_CATEGORY_LABELS in packages/constants/src/settings/
- Updated all 3 item-categories.tsx components
Found via comprehensive dynamic-key audit (1918 t() invocations classified
across literal, template-literal, property-access, conditional, function-call,
and identifier patterns). Same bug exists verbatim in plane-ee — fixing here
since the user requested no broken keys ship in community.
* chore: untrack Claude Code runtime lockfile
.claude/scheduled_tasks.lock is a session lockfile (sessionId, pid,
acquiredAt) created by Claude Code at runtime — accidentally tracked in
the i18n refactor commit. Untrack from git; the file stays on disk for
the running session.
* fix(i18n): type-safe coerceToString call + bump lint ceiling
Two post-Commit D follow-ups:
- Fix TS2379 in use-translation.ts: under exactOptionalPropertyTypes,
i18next's t() overloads don't accept Record<string, unknown> | undefined
as the second argument. Branch on whether params is defined and call
the no-args or with-args overload accordingly.
- Bump @plane/i18n check:lint --max-warnings from 2 to 9. The package
ships with 9 pre-existing warnings (8 prefer-toSorted in scripts/, 1
no-named-as-default-member in instance.ts on a line untouched by my
changes). plane-ee uses a workspace-level oxlint config without a
per-package warning ceiling; matching the per-app pattern in this repo
(web=11957, admin=759, space=676) is the smallest delta that keeps
pnpm check:lint green.
Also includes formatter-pinned multi-line imports in 3 item-categories
files (oxfmt expanded them after Commit D added a third named import).
* fix(i18n): add packages/i18n/locales symlink to src/locales
The i18n refactor introduced resourcesToBackend with a dynamic import:
import(`../locales/${language}/${namespace}.json`)
That path is relative to the source file's location. From src/core/instance.ts
it correctly resolves to src/locales/. But after tsdown bundling, the same
import call lives in dist/index.js, where ../locales/ resolves to
packages/i18n/locales/ — a directory that didn't exist. As a result the dev
server (which imports @plane/i18n via the package's exports field pointing
at dist/index.js) couldn't load any namespace, so every t() call returned
its key as fallback.
Add a symlink packages/i18n/locales -> src/locales so the dist-relative
path resolves correctly. Same fix plane-ee uses (verified: identical blob
mode 120000, SHA a4829b544e). Keeps tsdown.config.ts and package.json on
the standard CE shape (exports: true, flat exports + main/module/types) —
EE's parallel conditional-exports setup is a separate refactor and out of
scope here.
* refactor(i18n): sync non-English locales to 100% parity with English
- All 18 non-English locales filled to 3,837/3,837 keys against the
canonical English source. Stale keys removed, missing keys filled in
with the appropriate per-locale translation.
- New scripts/lib/locale-io.ts module shared between sync-check and
future tooling. readJsonFile() wraps JSON.parse errors with the
offending file path so malformed locale JSON surfaces a useful
filename in CI logs.
- New .github/workflows/i18n-sync-check.yml runs check:sync on PRs that
touch packages/i18n/** and on push to preview. Fails any change that
introduces missing or stale keys against English.
- Pin tsx@4.20.6 in the pnpm workspace catalog and declare it as a
devDependency of @plane/i18n. Replace npx tsx@4.19.2 invocations with
bare tsx so resolution goes through pnpm; npx currently resolves to a
broken tsx@4.21.0 that pulls an unpublished esbuild range.
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* fix: add WEBHOOK_ALLOWED_HOSTS allowlist for internal webhook targets
The IP-based allowlist alone isn't practical for containerised deployments
where service IPs are dynamic. Adds a hostname-based bypass for trusted
internal services (e.g. Silo via docker-compose / k8s service DNS) and
makes the previously hardcoded ["plane.so"] domain blocklist configurable
via WEBHOOK_DISALLOWED_DOMAINS.
- validate_url accepts allowed_hosts (exact, case-insensitive match;
skips DNS lookup for trusted names)
- WebhookSerializer wires both settings through and lets allowlisted
hosts bypass the disallowed-domain check
- Exposes WEBHOOK_ALLOWED_HOSTS in aio/cli deployment env files
* fix: default WEBHOOK_DISALLOWED_DOMAINS to empty for self-hosted
* fix: pass WEBHOOK_ALLOWED_HOSTS to send-time webhook re-validation
* chore: update completed_at logic updation in Issue save method
* fix: update error handling
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
* fix: use StateGroup
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
is_workspace_admin in ProjectMemberViewSet.partial_update was derived
from the target member's workspace role, not the requester's. When the
target happened to be a workspace admin, all three project-role guards
(L231/238/247) were bypassed regardless of who was making the request,
allowing a non-admin requester to re-role a workspace admin's project
membership. Compute is_workspace_admin from the requester instead and
keep the target's workspace role under a distinct name for the existing
new-role-vs-workspace-role cap.
X-Forward-For is not a real HTTP header — the standard is X-Forwarded-For.
With the typo, Nginx never replaces $remote_addr with the actual client IP,
so rate limiting and IP logging see the proxy IP instead of the real client.
Affects all three nginx configs (web, admin, space).
`ProjectViewSet.partial_update`, `BulkEstimatePointEndpoint.partial_update`,
and `WorkspaceUserProfileEndpoint.get` previously fetched objects by primary
key alone after a workspace-scoped permission check, allowing an authenticated
caller to act on resources belonging to other workspaces by supplying a
foreign UUID with their own workspace slug in the URL.
- Project partial_update: scope `Project.objects.get` by `workspace__slug`,
matching the existing pattern in `destroy`.
- Bulk estimate partial_update: scope `Estimate.objects.get` by
`workspace__slug` and `project_id`, matching `retrieve` and `destroy`.
- Workspace user profile: require the target `user_id` to be an active
member of the requested workspace before returning email and other PII.
Drop four overrides that no package in the workspace depends on
(direct or transitive): js-yaml, happy-dom, tar-fs, and
@isaacs/brace-expansion. Verified against pnpm-lock.yaml — no resolved
entries existed, so the overrides were dead weight.
* fix: filter out soft-deleted states from API endpoints
- Add deleted_at__isnull=True filter to StateListCreateAPIEndpoint.get_queryset()
- Add deleted_at__isnull=True filter to StateDetailAPIEndpoint.get_queryset()
- Prevents soft-deleted states from reappearing in UI after navigation
- Fixes#8829
* Fix: exclude issues linked to soft-deleted states
* chore(deps): bump axios, uuid and add security overrides
Bump axios 1.15.0 → 1.15.2 and uuid 13.0.0 → 14.0.0 in the catalog,
and add pnpm overrides pinning postcss >=8.5.10, follow-redirects
>=1.16.0, and routing axios/uuid through the catalog.
* fix: overrides
* chore: add Claude Code skills for PR descriptions and release notes
* chore(skills): update release-notes branches to canary->master and example version to v1.3.0
* chore(skills): address PR review comments
- pr-description: infer base branch from PR metadata, fix Improvement wording, reference template's screenshot placeholder verbatim
- release-notes: add `text` language to unlabeled fenced code block
* chore: update CODEOWNERS for apps and deployments
Assign owners per app/area so reviews are routed to the right
maintainers.
* chore: update the codeowners
* fix: sanitize filenames in upload paths to prevent path traversal (GHSA-v57h-5999-w7xp)
Add server-side filename sanitization across all file upload endpoints
to prevent path traversal sequences (../) in user-supplied filenames
from being incorporated into S3 object keys. While S3 keys are flat
strings and not vulnerable to filesystem traversal, this adds
defense-in-depth and prevents S3 key pollution.
Changes:
- Add sanitize_filename() utility in path_validator.py
- Sanitize filenames in get_upload_path() for FileAsset and IssueAttachment models
- Sanitize name parameter in all upload view endpoints
* fix: address PR review feedback on filename sanitization
- Remove unused `import re`
- Normalize backslashes to forward slashes before os.path.basename()
so Windows-style paths (e.g. ..\..\..\evil.txt) are handled on POSIX
- Strip whitespace before removing leading dots so " .env" is caught
- Return None instead of "unnamed" for empty input so existing
`if not name` validation guards remain effective
- Add `or "unnamed"` fallback at call sites that lack a name guard
* fix: use random hex name as fallback in get_upload_path instead of "unnamed"
* fix: resolve ruff E501 line too long in DuplicateAssetEndpoint
* fix: replace IS_SELF_MANAGED toggle with explicit WEBHOOK_ALLOWED_IPS allowlist
Instead of blanket-allowing all private IPs on self-managed deployments,
webhook URL validation now blocks all private/internal IPs by default and
only permits specific networks listed in the WEBHOOK_ALLOWED_IPS env
variable (comma-separated IPs/CIDRs).
* fix: address PR review comments for webhook SSRF protection
- Sanitize error messages to avoid leaking internal details to clients
- Guard against TypeError with mixed IPv4/IPv6 allowlist networks
- Re-validate webhook URL at send time to prevent DNS-rebinding
- Add unit tests for mixed-version IP network allowlists
WorkspaceFileAssetEndpoint had no authorization checks beyond
authentication, allowing any logged-in user to create, read, patch,
and delete assets in any workspace by slug. DuplicateAssetEndpoint
only authorized the destination workspace, letting users copy assets
from workspaces they don't belong to.
Add @allow_permission decorators to all WorkspaceFileAssetEndpoint
methods and scope DuplicateAssetEndpoint's source asset lookup to
workspaces where the caller is an active member.
Ref: GHSA-qw87-v5w3-6vxx
When patching instance configuration values, the raw values from
request.data were used directly without sanitization. This adds:
- Whitespace stripping via str().strip() to prevent leading/trailing
spaces from being stored
- Explicit None handling so that null values become empty strings
instead of the literal string "None"
* fix: prevent ORM field injection via segment parameter in analytics (GHSA-93x3-ghh7-72j3)
Centralize analytics field allowlists into VALID_ANALYTICS_FIELDS and
VALID_YAXIS constants in analytics_plot.py. Add defense-in-depth
validation in build_graph_plot() and extract_axis() so no caller can
pass arbitrary field references to Django F() expressions. Add missing
segment validation to SavedAnalyticEndpoint. Also fixes ExportAnalytics
using "estimate_point" instead of "estimate_point__value".
* fix: address PR review - remove unused imports and validate stored query params
Remove unused VALID_ANALYTICS_FIELDS and VALID_YAXIS imports from
analytic_plot_export.py. Add x_axis/y_axis allowlist validation in
SavedAnalyticEndpoint for stored query_dict values to prevent 500
errors from malformed saved analytics.
* fix: validate redirects in favicon fetching to prevent SSRF
The previous SSRF fix (GHSA-jcc6-f9v6-f7jw) only validated redirects for
the main page URL but not for the favicon fetch path. An attacker could
craft an HTML page with a favicon link that redirects to a private IP,
bypassing the IP validation and leaking internal network data as base64.
Extract a reusable `safe_get()` function that validates every redirect hop
against private/internal IPs and use it for both page and favicon fetches.
Resolves: GHSA-9fr2-pprw-pp9j
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address PR review feedback for SSRF favicon fix
- Fix off-by-one in redirect limit: only raise RuntimeError when the
response is still a redirect after MAX_REDIRECTS hops, not when the
final response is a successful 200
- Return final URL from safe_get() so favicon href resolution uses the
correct origin after redirects instead of the original URL
- Add unit tests for validate_url_ip and safe_get covering private IP
blocking, redirect-following, and redirect limit enforcement
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).
Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.
Ref: GHSA-4q54-h4x9-m329
* chore(deps): replace dotenvx with dotenv and update dependency overrides
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: sort devDependencies in package.json files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update brace-expansion override from 2.0.2 to 5.0.5 and add picomatch,
yaml@1, and yaml@2 overrides to pin transitive dependency versions.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#6746
API-driven issue updates (PUT update, PUT create-via-upsert, PATCH) were
missing `model_activity.delay()` calls, so webhooks were never dispatched
for changes made through the API. The web UI paths already include these
calls (e.g. in `post()` at L475), but the `put()` and `partial_update()`
methods only called `issue_activity.delay()`.
This adds `model_activity.delay()` immediately after each existing
`issue_activity.delay()` in these three code paths, using the same
signature as the existing call in `post()`.
Tested on Plane CE v1.2.1 self-hosted: API PATCH triggers
`webhook_send_task` in the Celery worker, confirming webhook delivery.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After #8677 replaced ESLint with OxLint, the react-in-jsx-scope rule
was not disabled. This causes all commits touching JSX files to fail
the pre-commit hook (oxlint --deny-warnings).
React 17+ uses automatic JSX runtime so explicit React imports are
not required.
Fixes#8681
* chore: replace Discord references with Forum links
* chore: migrate help and community CTAs from Discord to Forum
* refactor: replace Discord icons with lucide MessageSquare
* chore: rename Discord labels and keys to Forum
* chore: remove obsolete Discord icon component
* chore: update Discord references to Forum in templates
* chore: code refactoring
* feat: enhance authentication logging with detailed error and info messages
- Added logging for various authentication events in the Adapter and its subclasses, including email validation, user existence checks, and password strength validation.
- Implemented error handling for GitHub OAuth email retrieval, ensuring proper logging of unexpected responses and missing primary emails.
- Updated logging configuration in local and production settings to include a dedicated logger for authentication events.
* chore: address copilot comments
* chore: addressed some additional comments
* chore: update log
* fix: lint
* chore: updated the logic for page version task
* chore: updated the html variable
* chore: handled the exception
* chore: changed the function name
* chore: added a custom variable
* chore: update ProjectSerializer to raise validation for special characters in name and identifier
* chore: update external endpoints
* fix: external api serializer validation
* update serializer to send error code
* fix: move the regex expression to Project model
Disable autocomplete on authentication and security-related forms to prevent
browsers from storing sensitive credentials. This affects sign-in, password
reset, account security, and onboarding forms across admin, web, and space apps.
Modified components:
- Auth forms (email, password, unique code, forgot/reset/set password)
- Account security pages
- Instance setup and profile onboarding
- Shared UI components (auth-input, password-input)
* chore(security): implement input validation across authentication and workspace forms
- Add OWASP-compliant autocomplete attributes to all auth input fields
- Create centralized validation utilities blocking injection-risk characters
- Apply validation to names, display names, workspace names, and slugs
- Block special characters: < > ' " % # { } [ ] * ^ !
- Secure sensitive input fields across admin, web, and space apps
* chore: add missing workspace name validation to settings and admin forms
* feat: enhance validation regex for international names and usernames
- Updated regex patterns to support Unicode characters for person names, display names, company names, and slugs.
- Improved validation functions to block injection-risk characters in names and slugs.
- Modified the invite link to include a token for enhanced security.
- Updated the WorkspaceJoinEndpoint to validate the token instead of the email.
- Adjusted the workspace invitation task to generate links with the token.
- Refactored the frontend to handle token in the invitation process.
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* fix: allow markdown file attachments
- Add text/markdown to ATTACHMENT_MIME_TYPES
- Fixes issue where .md files were rejected with 'Invalid file type' error
* added the support for frontend mime type too
* refactor: rename IssueUserProperty to ProjectUserProperty and update related references across the codebase
* migrate: move issue user properties to project user properties and update related fields and constraints
* refactor: rename IssueUserPropertySerializer and IssueUserDisplayPropertyEndpoint to ProjectUserPropertySerializer and ProjectUserDisplayPropertyEndpoint, updating all related references
* fix: enhance ProjectUserDisplayPropertyEndpoint to handle missing properties by creating new entries and improve response handling
* fix: correct formatting in migration for ProjectUserProperty model options
* migrate: add migration to update existing non-service API tokens to remove workspace association
* migrate: refine migration to update existing non-service API tokens by excluding bot users from workspace removal
* chore: changed the project sort order in project user property
* chore: remove allowed_rate_limit from APIToken
* chore: updated user-properties endpoint for frontend
* chore: removed the extra projectuserproperty
* chore: updated the migration file
* chore: code refactor
* fix: type error
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: sangeethailango <sangeethailango21@gmail.com>
Co-authored-by: vamsikrishnamathala <matalav55@gmail.com>
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* migration: added version field in webhook
* chore: add max_length
* chore: added product tour fields
* chore: updated the migration file
* chore: removed the duplicated migration file
* chore: added allowed_rate_limit for api_tokens
* chore: changed key feature tour to product tour
* chore: added is_subscribed_to_changelog field
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
- Replace custom tab implementation with Propel Tabs
- Dynamically render only enabled tabs based on configuration
- Filter tabs by isEnabled property for cleaner conditional rendering
- Improve tab navigation and accessibility with Propel components
* [WEB-5804] refactor: decouple filter value types from filter configurations
Remove value type constraints from filter configurations to support
operator-specific value types. Different operators can accept different
value types for the same filter property, so value types should be
determined at the operator level rather than the filter level.
- Remove generic value type parameter from TFilterConfig
- Update TOperatorConfigMap to accept union of all value types
- Simplify filter config factory signatures across all filter types
- Add forceUpdate parameter to updateConditionValue method
* refactor: remove filter value type constraints from filter configurations
Eliminate the generic value type parameter from filter configurations to allow for operator-specific value types. This change enhances flexibility by enabling different operators to accept various value types for the same filter property.
- Updated TFilterConfig and related interfaces to remove value type constraints
- Adjusted filter configuration methods and types accordingly
- Refactored date operator support to align with the new structure
* refactor: add Unified OAuth Configuration and Missing Gitea Options
- Replaced the AuthenticationModes component with a more streamlined implementation using AuthenticationMethodCard.
- Removed obsolete authentication modes files from the codebase.
- Enhanced the AuthRoot component to utilize the new OAuth configuration hook for better management of authentication options.
- Updated type definitions for instance authentication modes to reflect the new structure.
* refactor: update OAuth type imports and remove obsolete types
- Replaced local type imports with centralized imports from @plane/types in core, extended, and index OAuth hooks.
- Removed the now redundant types.ts file as its definitions have been migrated.
- Enhanced type definitions for OAuth options to improve consistency across the application.
* feat: add new Gitea logo and update OAuth icon imports to use standard HTML img tags
* chore: remove unused authentication logos and upgrade button component
* fix: using base url of a redirect url
* chore: internal networks check for the final_url
* fix: none final_url
* fix: exception handling
* fix: exception handling
* chore: remove unused imports
* refactor: moved ip address check logic into separate function
* fix: ValueError logic
* feat: add sync functionality for OAuth providers
- Implemented `check_sync_enabled` method to verify if sync is enabled for Google, GitHub, GitLab, and Gitea.
- Added `sync_user_data` method to update user details, including first name, last name, display name, and avatar.
- Updated configuration variables to include sync options for each provider.
- Integrated sync check into the login/signup process.
* feat: add sync toggle for OAuth providers in configuration forms
* fix: remove default value for sync options in OAuth configuration forms
* chore: delete old avatar and upload a new one
* chore: update class method
* chore: add email nullable
* refactor: streamline sync check for multiple providers and improve avatar deletion logic
* fix: ensure ENABLE_SYNC configurations default to "0" for Gitea, Github, Gitlab, and Google forms
* fix: simplify toggle switch value handling in ControllerSwitch component
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
* refactor: update build scripts and supervisor configuration
* Changed Caddyfile source in build.sh to use Caddyfile.aio.ce
* Updated Dockerfile to copy web assets from the correct directory
* Modified supervisor.conf to remove web and admin program configurations, and updated space program command to use react-router-serve
* chore: remove obsolete Caddyfile.aio.ce configuration
* chore: clean up Dockerfile by removing redundant cache removal command
* fix: update live program command to use .mjs extension in supervisor configuration
* fix: update live program command in supervisor configuration to remove .mjs extension
* fix: update reverse proxy ports in Caddyfile.aio.ce configuration
* fix: correct reverse proxy addresses in Caddyfile.aio.ce configuration
* refactor: remove outdated reverse proxy address updates from build script
* refactor: replace isomorphic-dompurify with sanitize-html
* dompurify fixes
* more fixes with fallback and title
* build
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
- Replace advisory lock with transaction-level lock in Issue model save method
- Updated the save method in the Issue model to use a transaction-level advisory lock for better concurrency control.
- Simplified the locking mechanism by removing the explicit unlock step, as the lock is automatically released at the end of the transaction.
- Maintained existing functionality for sequence and sort order management while improving code clarity.
* fix: robust way to handle socket connection and read from indexeddb cache when reqd
* fix: realtime sync working with failure handling
* fix: title editor added
* merge preview into fix/realtime-sync
* check
* page renderer props
* lint errors
* lint errors
* lint errors
* sanitize html
* sanitize html
* format fix
* fix lint
* feat: enhance APITokenLogMiddleware to support logging to MongoDB
- Added functionality to log external API requests to MongoDB, with a fallback to PostgreSQL if MongoDB is unavailable.
- Implemented error handling for MongoDB connection and logging operations.
- Introduced additional fields for MongoDB logs, including timestamps and user identifiers.
- Refactored request logging logic to streamline the process and improve maintainability.
* fix: improve MongoDB availability checks in APITokenLogMiddleware
- Enhanced the logic for determining MongoDB availability by checking if the collection is not None.
- Added a check for MongoDB configuration before attempting to retrieve the collection.
- Updated error handling to ensure the middleware correctly reflects the state of MongoDB connectivity.
* feat: implement logging functionality in logger_task for API activity
- Added a new logger_task module to handle logging of API activity to MongoDB and PostgreSQL.
- Introduced functions for safely decoding request/response bodies and processing logs based on MongoDB availability.
- Refactored APITokenLogMiddleware to utilize the new logging functions, improving code organization and maintainability.
* refactor: simplify MongoDB logging in logger_task and middleware
- Removed direct dependency on MongoDB collection in log_to_mongo function, now retrieving it internally.
- Updated process_logs to check MongoDB configuration before logging, enhancing error handling.
- Cleaned up logger.py by removing unused imports related to MongoDB.
* feat: add Celery task decorator to process_logs function in logger_task
- Introduced the @shared_task decorator to the process_logs function, enabling asynchronous processing of log data.
- Updated function signature to include a return type of None for clarity.
- Added an override for the save method in ChangeTrackerMixin to store changed fields before resetting tracking.
- Implemented a new method, _reset_tracked_fields, to ensure subsequent saves detect changes relative to the last saved state.
- Updated IssueComment to utilize _changes_on_save for determining changed fields, improving accuracy in tracking modifications.
* feat: add timezone selection to workspace onboarding, creation and settings
* refactor: remove timezone selection from workspace creation and onboarding forms
* feat: enhance clipboard functionality for markdown and HTML content
* fix: improve error handling and state management in CustomImageNodeView component
* fix: correct asset retrieval query by removing workspace filter in DuplicateAssetEndpoint
* fix: update meta tag creation in PasteAssetPlugin for clipboard HTML content
* feat: implement copyMarkdownToClipboard utility for enhanced clipboard functionality
* refactor: replace copyMarkdownToClipboard utility with copyTextToClipboard for simplified clipboard operations
* refactor: streamline clipboard operations by replacing copyTextToClipboard with copyMarkdownToClipboard in editor components
* refactor: simplify PasteAssetPlugin by removing unnecessary meta tag handling and streamlining HTML processing
* feat: implement asset duplication processing on paste for enhanced clipboard functionality
* chore:remove async from copy markdown method
* chore: add paste html
* remove:prevent default
* refactor: remove hasChanges from processAssetDuplication return type for simplified asset processing
* fix: format options-dropdown.tsx
* chore: add static files collection and update settings for static files support
* chore: add WhiteNoise middleware for static file handling
* chore(deps): upgrade WhiteNoise to version 6.11.0 and add static file reverse proxy in Caddyfile
* feat: enhance workspace settings layout and members page with new components
* refactor: update workspace settings layout and members page to use default exports
* refactor: settings layout import changes
* refactor: simplify workspaceSlug usage in settings layout
* feat: add avatar download and upload functionality in authentication adapter
- Implemented `download_and_upload_avatar` method to fetch and store user avatars from OAuth providers.
- Enhanced user data saving process to include avatar handling.
- Updated `S3Storage` class with a new `upload_file` method for direct file uploads to S3.
* feat: enhance avatar download functionality with size limit checks
- Added checks for content length before downloading avatar images to ensure they do not exceed the maximum allowed size.
- Implemented chunked downloading of avatar images to handle large files efficiently.
- Updated the upload process to return None if the upload fails, improving error handling.
* feat: improve avatar filename generation with content type handling
- Refactored avatar download logic to determine file extension based on the content type from the response headers.
- Removed redundant code for extension mapping, ensuring a cleaner implementation.
- Enhanced error handling by returning None for unsupported content types.
* fix: remove authorization header for avatar download
- Updated the avatar download logic to remove the Authorization header when token data is not present, ensuring compatibility with scenarios where authentication is not required.
* feat: add method for avatar download headers
- Introduced `get_avatar_download_headers` method to centralize header management for avatar downloads.
- Updated `download_and_upload_avatar` method to utilize the new header method, improving code clarity and maintainability.
* feat: add no_activity flag to control issue activity tracking during partial updates
* refactor: rename no_activity flag to skip_activity for clarity in issue activity tracking
* enhance description input handling with migration update support
* feat: implement skip_activity flag to conditionally log issue updates during partial updates
* refactor: skip-activity
* feat: add migration description update check to conditionally log issue updates
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* chore: update use_case type from string to array
* chore: convert use_case field to JSONField with array support
* feat: implement multi-select UI for use case in onboarding
* chore: code refactor
* chore: revert backend changes
* chore: code refactor
* chore: code refactor
* chore: code refactor
* chore: add bot user to workspace seed task
* refactor: use BotTypeEnum for bot type in workspace seed task
* refactor: update bot user display name and last name in workspace seed task
* fix: return empty dictionary for missing cycle and module seeds in workspace seed task
* chore(deps): upgrade psycopg packages to version 3.3.0
* chore: update Python version to 3.12.x in CI workflow
* refactor: clean up imports and improve code formatting across multiple files
* feat: implement cover image handling and static image selection
- Added functionality to handle cover image uploads and selections in project and profile forms.
- Introduced a new helper for managing cover images, including static images and uploaded assets.
- Updated components to utilize the new cover image helper for displaying and processing cover images.
- Added a set of static cover images for selection in the image picker.
- Enhanced error handling for image uploads and processing.
This update improves the user experience by providing a more robust cover image management system.
* refactor: rename STATIC_COVER_IMAGES_ARRAY to STATIC_COVER_IMAGES for consistency
- Updated the cover image helper to export STATIC_COVER_IMAGES instead of STATIC_COVER_IMAGES_ARRAY.
- Adjusted the ImagePickerPopover component to utilize the renamed export for rendering static cover images.
* feat: enhance project creation and image handling
- Introduced default project form values with a random emoji for logo props.
- Updated cover image handling in various components, ensuring consistent usage of the new cover image helper.
- Refactored image picker to improve search functionality and loading states.
- Removed unused constants and streamlined cover image type checks for better clarity and performance.
This update enhances the user experience in project creation and image selection processes.
* refactor: simplify cover image type definition and clean up code
- Removed duplicate type from TCoverImageType, streamlining the definition.
- Cleaned up whitespace in the cover image helper for improved readability.
This update enhances code clarity and maintains consistency in cover image handling.
* refactor: update cover image type definitions and simplify logic
- Changed ICoverImageResult and ICoverImagePayload interfaces to type aliases for better clarity.
- Simplified the logic in getCoverImageDisplayURL function to enhance readability and maintainability.
This update improves the structure and clarity of the cover image helper code.
* refactor: remove unused project cover image endpoint and update cover image handling
- Removed the ProjectPublicCoverImagesEndpoint and its associated URL from the project.
- Updated the cover image handling in the cover-image helper to utilize imported assets instead of static paths.
- Cleaned up the ProjectFavoritesViewSet and FileService by removing the now obsolete getProjectCoverImages method.
This update streamlines the cover image management and eliminates unnecessary code, enhancing overall maintainability.
* refactor: update cover image imports to new asset structure
- Replaced static path imports for cover images with updated paths to the new asset structure.
- This change improves organization and maintainability of cover image assets in the project.
This update aligns with recent refactoring efforts to streamline cover image handling.
* feat: add additional cover images to the helper
- Imported new cover images (24 to 29) into the cover-image helper.
- This update expands the available cover image options for use in the project, enhancing visual variety.
* refactor: remove ProjectPublicCoverImagesEndpoint from project URLs and views
* refactor: update cover image imports to include URL query parameter
- Modified cover image imports in the cover-image helper to append a URL query parameter for better asset handling.
- This change enhances the way cover images are processed and utilized within the project.
* refactor: extract default project form values into a utility function
- Created a new utility function `getProjectFormValues` to encapsulate the default project form values.
- Updated the `CreateProjectForm` component to use this utility function for setting default form values, improving code organization and maintainability.
* feat: integrate project update functionality in CreateProjectForm
- Added `updateProject` method to the `CreateProjectForm` component for updating project cover images after creation.
- Enhanced cover image handling by ensuring the correct URL is set for both uploaded and existing cover images.
This update improves the project creation workflow and ensures cover images are accurately updated.
* fix: update documentation for cover image handling
- Corrected the comment regarding local static images to reflect that they are served from the assets folder instead of the public folder.
- This change ensures accurate documentation for the `getCoverImageType` and `getCoverImageDisplayURL` functions, improving clarity for future developers.
* feat: implement random cover image selection for project forms
- Replaced the default cover image URL with a new utility function `getRandomCoverImage` that selects a random cover image from the available options.
- Updated the `getProjectFormValues` function to utilize this new method, enhancing the project creation experience with varied cover images.
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* fix: separate retrieve method in WorkspaceMemberViewSet
* fix: non project members accessing member detail:
* chore: error handle
* fix: role based response
* fix: use Enum
* feat: add in common py
* fix: update marketing consent screen based on is self managed flag
* improvement: enhance ImagePickerPopover with dynamic tab options based on Unsplash configuration
* refactor: product updates modal to include changelog
* [WEB-5290] feat: implement fallback for product updates changelog with loading state and error handling
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
- Update S3Storage to use configurable expiration time
- Default remains 3600 seconds (1 hour) for backward compatibility
- Add comprehensive unit tests with mocked S3 client
- Update .env.example with documentation and examples
* fix: enhance error handling for label creation and update operations
* fix: improve error handling for label creation and update operations
* refactor: change error codes from enum to object for label operations
* refactor: update error code references in label handling to use consistent naming
* fix: improve error handling for label creation and update
* [WEB-5559] improve: chat support functionality and remove Intercom provider
- Added ChatSupportModal component for chat support integration.
- Replaced IntercomProvider with ChatSupportModal in AppProvider.
- Introduced useChatSupport hook to manage chat support state and actions.
- Updated help commands to utilize chat support instead of Intercom.
- Removed obsolete Intercom-related components and hooks.
* refactor: lazy load ChatSupportModal in AppProvider
* refactor: simplify token generation in MagicCodeProvider by using a numeric approach
* fix: update placeholder text for unique code input across multiple languages
* refactor: replace token generation with a numeric approach for user email updates
* fix: update placeholder text for unique code input in multiple languages to a numeric format
* refactor: replace random token generation with secrets for enhanced security in user email updates and magic code provider
* fix: project error message and status code
* fix: incorrect member role check
* fix: project error message and status code
* fix: improve project permission checks and error handling in ProjectViewSet
* feat: enhance project settings layout with better loading strategy and fix all flicker
* fix: prevent rendering during project loading in ProjectAuthWrapper
* refactor: adjust layout structure in ProjectDetailSettingsLayout and enhance access restriction logic in ProjectAccessRestriction
* refactor: replace ProjectAccessRestriction component with updated version and enhance error handling
- Deleted the old ProjectAccessRestriction component.
- Introduced a new ProjectAccessRestriction component with improved error handling and user prompts for joining projects.
- Updated translations for new error states in multiple languages.
* fix: enhance error handling in IssueDetailsPage and remove JoinProject component
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* chore: traige state in intake
* chore: triage state changes
* feat: implement intake state dropdown component and integrate into issue properties
* chore: added the triage state validation
* chore: added triage state filter
* chore: added workspace filter
* fix: migration file
* chore: added triage group state check
* chore: updated the filters
* chore: updated the filters
* chore: added variables for intake state
* fix: import error
* refactor: improve project intake state retrieval logic and update TriageGroupIcon component
* chore: changed the intake validation logic
* refactor: update intake state types and clean up unused interfaces
* chore: changed the state color
* chore: changed the update serializer
* chore: updated with current instance
* chore: update TriageGroupIcon color to match new intake state group color
* chore: stringified value
* chore: added validation in serializer
* chore: added logger instead of print
* fix: correct component closing syntax in ActiveProjectItem
* chore: updated the migration file
* chore: added noop in migation
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
* fix: ensure soft delete handling for pages in PageViewSet methods
* refactor: streamline query for project IDs in PageDuplicateEndpoint
* refactor: remove soft delete condition from ProjectPage queries in PageViewSet and PageDuplicateEndpoint
* refactor: simplify ProjectPage query in PageViewSet for improved readability
* refactor: replace filter with get for Page queries in PageViewSet and PageDuplicateEndpoint to enhance clarity
* refactor: replace filter with get for Page queries in PagesDescriptionViewSet to improve efficiency
* chore: update navigation_project_limit and navigation_control_preference
* chore: set default true for user specific widgets
* chore: use serializer in ProjectMemberPreferenceEndpoint
chore: use serializer in WorkspaceUserPropertiesEndpoint
"
* fix: validate preferences
* fix: status code
* fix: remove saving from validate
* fix: simply validate_preferences
* chore: create WorkspaceUserProperties if it doesn't exist
* fix: create WorksapceUserProperties it not exist
* fix: copy the instance
* Revert "fix: copy the instance"
This reverts commit ddb0384b6d.
* chore: migrate WorkspaceUserPreference to set defaults
* fix: migration file name
* Revert "fix: migration file name"
This reverts commit 80a21dedf1.
* Revert "chore: migrate WorkspaceUserPreference to set defaults"
This reverts commit 25bc583a08.
* [WEB-5501] refactor: optimize component structures and improve hooks
- Updated type definitions in AppProvider to use React.ReactNode for children.
- Enhanced HomePeekOverviewsRoot by using MobX observer and integrating issue detail hook.
- Optimized ContentOverflowWrapper to prevent unnecessary re-renders by adjusting useEffect dependencies.
- Updated DashboardQuickLinks to include necessary dependencies in useCallback.
- Refactored GlobalShortcutsProvider to utilize refs for context and handler management, improving performance.
- Changed useCurrentTime to update every minute instead of every second.
- Refactored outside click hooks to use useCallback for better performance.
- Improved IntercomProvider and PostHogProvider to prevent multiple initializations using refs.
* refactor: simplify conditional rendering in HomePeekOverviewsRoot component
* refactor: improve outside click detection in sidebar and peek overview hooks
* refactor: enhance IntercomProvider and PostHogProvider with hydration state management
* refactor: enhance analytics page tab functionality and UI
- Introduced state management for selected tabs using useState and useEffect hooks.
- Updated tab handling to improve user experience with onValueChange for Tabs component.
- Refactored AnalyticsFilterActions to remove unused duration selection.
- Added Tooltip to project name in ActiveProjectItem for better visibility.
- Minor styling adjustments in Tabs component for improved layout consistency.
* refactor: improve tab layout in analytics page by adding w-fit
* fix: update styling for ActiveProjectItem component
* refactor: simplify analytics page and introduce useAnalyticsTabs hook
- Removed unused imports and optimized the analytics page component.
- Replaced getAnalyticsTabs with a new custom hook useAnalyticsTabs for better modularity.
- Added useAnalyticsTabs hook to manage analytics tab logic.
- Created new files for useAnalyticsTabs and analytics tabs in the 'ce' and 'ee' directories.
* fix: ensure consistent export in use-analytics-tabs file
* style: format code for better readability in AnalyticsPage component
* fix: add missing newline at end of file in use-analytics-tabs
* chore: remove unused analytics tab components
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* feat: change user email
* chore: optimised the logic
* feat: add email change functionality and related modals in profile form
* refactor: format checkEmail method for improved readability
* chore: added rate limit exceeded validation
* feat: implement change email modal with localization support
- Added translation support for the change email modal, including titles, descriptions, and error messages.
- Integrated the useTranslation hook for dynamic text rendering.
- Updated form validation messages to utilize localized strings.
- Enhanced user feedback with localized success and error toast messages.
- Updated button labels and placeholders to reflect localization changes.
* chore: added extra validation in cache key
* fix: format files
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* dev: updated the index constraints for notification
* dev: updated migration file with AddIndexConcurrently
* dev: handled indexing for file asset with asset
* bumped migration sequence number
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
- Add jscodeshift-based codemod to convert arrow function components to function declarations
- Support React.FC, observer-wrapped, and forwardRef components
- Include comprehensive test suite covering edge cases
- Add npm script to run transformer across codebase
- Target only .tsx files in source directories, excluding node_modules and declaration files
* [WEB-5459] chore: updates after running codemod
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* chore: add dotenv dependency and configure environment variables in admin, space, and web apps
* chore: allowed multiple hosts in dev mode
* chore: move dotenv to dev deps
* chore: update Vite configuration to set server host to 127.0.0.1 for admin, space, and web apps
---------
Co-authored-by: gakshita <akshitagoyal1516@gmail.com>
- Updated PostHog React package to version 1.4.0 and posthog-js to version 1.255.1.
- Refactored PostHogProvider to include hydration state management for improved event tracking.
- Cleaned up version references in pnpm-lock.yaml for react-router and next-themes.
* feat: add project shortcut in command palette
* feat: global project switcher shortcut
* refactor: generalize command palette entity handling
* feat: extend command palette navigation
* feat: add issue shortcut to command palette
* feat: add modular project selection for cycle navigation
* chore: add reusable command palette utilities
* fix: update key sequence handling to use window methods for timeout management
* fix: build errors
* chore: minor ux copy improvements
* feat: implement a new command registry and renderer for enhanced command palette functionality
* feat: introduce new command palette components and enhance search functionality
* feat: enhance command palette components with improved initialization and loading indicators
* feat: Implement new command palette architecture with multi-step commands, context-aware filtering, and reusable components. Add comprehensive documentation and integration guides. Enhance command execution with a dedicated executor and context provider. Introduce new command types and improve existing command definitions for better usability and maintainability.
* refactor: hook arguments
* refactor: folder structure
* refactor: update import paths
* fix: context prop drilling
* refactor: update search components
* refactor: create actions
* chore: add type to pages
* chore: init contextual actions
* refactor: context based actions code split
* chore: module context-based actions
* refactor: streamline command execution flow and enhance multi-step handling in command palette
* refactor: remove placeholder management from command execution and implement centralized placeholder mapping
* chore: cycle context based actions
* refactor: simplify command execution by consolidating selection steps and adding page change handling
* chore: added more options to work item contextual actions
* chore: page context actions
* refactor: update step type definitions and enhance page mapping for command execution
* feat: implement Command Palette V2 with global shortcuts and enhanced context handling
* refactor: power k v2
* refactor: creation commands
* feat: add navigation utility for Power K context handling
* feat: implement comprehensive navigation commands for Power K
* refactor: work item contextual actions
* fix: build errors
* refactor: remaining contextual actions
* refactor: remove old code
* chore: update placeholder
* refactor: enhance command registry with observable properties and context-aware shortcut handling
* refactor: improve command filtering logic in CommandPaletteModal
* chore: context indicator
* chore: misc actions
* style: shortcut badge
* feat: add open entity actions and enhance navigation commands for Power K
* refactor: rename and reorganize Power K components for improved clarity and structure
* refactor: update CommandPalette components and streamline global shortcuts handling
* refactor: adjust debounce timing in CommandPaletteModal for improved responsiveness
* feat: implement shortcuts modal and enhance command registry for better shortcut management
* fix: search implemented
* refactor: search results code split
* refactor: search results code split
* feat: introduce creation and navigation command modules for Power K, enhancing command organization and functionality
* chore: update menu logos
* refactor: remove unused PowerKOpenEntityActionsExtended component from command palette
* refactor: search menu
* fix: clear context on backspace and manual clear
* refactor: rename creation command keys for consistency and clarity in Power K
* chore: added intake in global search
* chore: preferences menu
* chore: removed the empty serach params
* revert: command palette changes
* cleanup
* refactor: update command IDs to use underscores for consistency across Power K components
* refactor: extended context based actions
* chore: modal command item status props
* refactor: replace CommandPalette with CommandPaletteProvider in settings and profile layouts
* refactor: update settings menu to use translated labels instead of i18n labels
* refactor: update command titles to use translation keys for creation actions
* refactor: update navigation command titles to use translation keys for consistency
* chore: minor cleanup
* chore: misc commands added
* chore: code split for no search results command
* chore: state menu items for work item context based commands
* chore: add more props to no search results command
* chore: add more props to no search results command
* refactor: remove shortcut key for create workspace command
* Refactor command palette to use PowerK store
- Replaced instances of `useCommandPalette` with `usePowerK` across various components, including `AppSearch`, `CommandModal`, and `CommandPalette`.
- Introduced `PowerKStore` to manage modal states and commands, enhancing the command palette functionality.
- Updated modal handling to toggle `PowerKModal` and `ShortcutsListModal` instead of the previous command palette modals.
- Refactored related components to ensure compatibility with the new store structure and maintain functionality.
* Refactor PowerK command handling to remove context dependency
- Updated `usePowerKCommands` and `usePowerKCreationCommands` to eliminate the need for a context parameter, simplifying their usage.
- Adjusted related command records to utilize the new structure, ensuring consistent access to command configurations.
- Enhanced permission checks in creation commands to utilize user project roles for better access control.
* chore: add context indicator
* chore: update type import
* chore: migrate toast implementation from @plane/ui to @plane/propel/toast across multiple command files
* refactor: power k modal wrapper and provider
* fix: type imports
* chore: update creation command shortcuts
* fix: page context commands
* chore: update navigation and open command shortcuts
* fix: work item standalone page modals
* fix: context indicator visibility
* fix: potential error points
* fix: build errors
* fix: lint errors
* fix: import order
---------
Co-authored-by: Vihar Kurama <vihar.kurama@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* use issue store was not loading up properly , and hence created data issues for rendering filters options
* Added React.FC for better type suggestions
* chore: observer implementation change
---------
Co-authored-by: shivam-jainn <shivam.clgstash@gmail.com>
* [WEB-5196] chore: switch from isomorphic-dompurify to dompurify
Replace isomorphic-dompurify with dompurify package in utils.
This change simplifies the dependency and uses the canonical
DOMPurify package directly.
* fix: removing dompurify from the space app as dependency
* chore: remove unused import
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* feat: add exporter URL patterns for exporting issues and update session cookie age handling
* fix: ensure ADMIN_SESSION_COOKIE_AGE is an integer for consistent session handling
* chore: updated delete modal info content
* chore: added language support for modal content
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* feat: implement webhook logging to MongoDB and fallback to database (#7887)
- Added a new function `save_webhook_log` to log webhook requests and responses to MongoDB, with a fallback to the database if the MongoDB save fails.
- Updated the `webhook_send_task` to utilize the new logging function.
- Modified the `get_webhook_logs_queryset` to order logs by creation date and adjusted the chunk size for iteration.
* refactor: clean up log data formatting in save_webhook_log function
* fix: update retry_count type in save_webhook_log function
* chore: added middleware to handle body too large
* chore: added middleware to handle body too large
* chore: indentend the code
* chore: changed the response structure
* chore: changed the response structure
* chore: created a new file for middleware
* chore: added a standardized error key
* [WEB-5134] refactor: update `web` ESLint configuration and refactor imports to use type imports
- Enhanced ESLint configuration by adding new rules for import consistency and type imports.
- Refactored multiple files to replace regular imports with type imports for better clarity and performance.
- Ensured consistent use of type imports across the application to align with TypeScript best practices.
* refactor: standardize type imports across components
- Updated multiple files to replace regular imports with type imports for improved clarity and consistency.
- Ensured adherence to TypeScript best practices in the rich filters and issue layouts components.
* feat: implement flexible data export utility with CSV, JSON, and XLSX support
- Introduced Exporter class for handling various data formats.
- Added formatters for CSV, JSON, and XLSX exports.
- Created schemas for defining export fields and their transformations.
- Implemented IssueExportSchema for exporting issue data with nested attributes.
- Enhanced issue export task to utilize the new exporter system for better data handling.
* feat: enhance issue export functionality with new relations and context handling
- Updated issue export task to utilize new IssueRelation model for better relationship management.
- Refactored Exporter class to accept QuerySets directly, improving performance and flexibility.
- Enhanced IssueExportSchema to include parent issues and relations in the export.
- Improved documentation for exporting multiple projects and filtering fields during export.
* feat: enhance export functionality with field filtering and context support
- Updated Exporter class to merge fields into options for formatting.
- Modified formatters to filter fields based on specified options.
- Enhanced ExportSchema to support optional field selection during serialization.
- Improved documentation for the serialize method to clarify field filtering capabilities.
* fixed type
* feat: enhance rich filters with new components and configurations
- Added `AdditionalFilterValueInput` for unsupported filter types.
- Introduced `FilterItem` and related components for better filter item management.
- Updated filter configurations to include new properties and support for multiple values.
- Improved loading states and error handling in filter components.
- Refactored existing filter logic to streamline operations and enhance performance.
* Refactor rich filters component structure and enhance filter item functionality
- Moved AddFilterButton and AddFilterDropdown to a new directory structure for better organization.
- Updated FilterItemProperty to handle filter selection and condition updates more effectively.
- Enhanced the FilterInstance class with methods to update condition properties and operators, improving filter management.
- Added new functionality to handle invalid filter states and improve user feedback.
* [WEB-5111] feat: add 'created_at' and 'updated_at' filters to work item configuration
- Introduced new filter configurations for 'created_at' and 'updated_at' in the work item filters.
- Updated relevant components to utilize these new filters, enhancing filtering capabilities.
- Added corresponding filter configuration functions in the utils for better date handling.
* fix: build
- Enhanced ESLint configuration by adding new rules for import consistency and type imports.
- Refactored multiple files to replace regular imports with type imports for better clarity and performance.
- Ensured consistent use of type imports across the application to align with TypeScript best practices.
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
- Enhanced ESLint configuration by adding new rules for import consistency and type imports.
- Refactored multiple files to replace regular imports with type imports for better clarity and performance.
- Ensured consistent use of type imports across the application to align with TypeScript best practices.
* feat: enhance workspace seeding with cycles, modules, and views creation
- Added `create_cycles`, `create_modules`, and `create_views` functions to the workspace seeding process, enabling the creation of cycles, modules, and views based on new seed data.
- Updated `create_project_issues` to associate issues with cycles and modules.
- Introduced new seed files: `cycles.json`, `modules.json`, and `views.json` to provide initial data for cycles, modules, and views.
- Integrated these new functionalities into the `workspace_seed` task for comprehensive workspace initialization.
* feat: add project_id to page seed data for improved association
- Added `project_id` field to the page with `id` 2 in `pages.json` to establish a clear link between pages and their respective projects.
- This enhancement supports better organization and retrieval of page data within the project context.
* feat: enhance workspace seed task with improved display properties and layout options
- Updated the `create_project_and_member` function to include new display properties and layout configurations for better project visualization.
- Modified display filters to group by state and added calendar layout options.
- Enhanced the `create_modules` and `create_views` functions with improved formatting and structure for better readability and maintainability.
* Update apps/api/plane/bgtasks/workspace_seed_task.py
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix: correct project_id mapping in cycle and view creation functions
- Updated the `create_cycles` function to use the correct `project_id` from the `project_map` for fetching the last cycle.
- Removed redundant `view_id` extraction in the `create_views` function to streamline view creation process.
* refactor: update create_cycles function to return project mapping
- Changed the return type of the `create_cycles` function from `None` to `Dict[int, uuid.UUID]` to provide a mapping of project IDs after cycle creation.
- This modification enhances the function's utility by allowing the caller to access the generated project mappings directly.
* refactor: remove unused view_map variable in create_views function
- Eliminated the `view_map` dictionary from the `create_views` function as it was not utilized, streamlining the code.
- This change enhances code clarity and maintainability by removing unnecessary elements.
* refactor: improve issue creation logic in create_project_issues function
- Added comments to clarify the creation of issue labels, cycle issues, and module issues within the `create_project_issues` function.
- Enhanced code readability and maintainability by structuring the issue creation process with clear conditional checks for cycles and modules.
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* feat: add page creation functionality to workspace seeding process
- Implemented `create_pages` function to create pages for each project in the workspace based on data from `pages.json`.
- Integrated page creation into the `workspace_seed` task, ensuring pages are created alongside project issues.
- Added a new `pages.json` seed file containing initial page data and descriptions.
* fix: update page creation logic and seed data
- Set `is_global` to `False` for pages created in the `create_pages` function.
- Adjusted the project type check to be case-insensitive in the page creation logic.
- Added `id`, `project_id`, and `description_stripped` fields to the `pages.json` seed data for improved page initialization.
- Refactored file upload utilities to use async functions for better handling of file metadata.
- Introduced MIME type detection using the file-type library.
- Updated file service methods to await metadata retrieval.
- Added new dependencies for file-type and updated package.json accordingly.
- Removed deprecated file handling code from utils and adjusted imports across services.
* feat: set default owner for cycle creation if not provided
* Updated CycleListCreateAPIEndpoint to assign the current user as the owner when the 'owned_by' field is not included in the request data.
* Enhanced the CycleCreateSerializer initialization to ensure proper ownership assignment during cycle creation.
* feat: add comprehensive tests for Cycle API endpoints
* Introduced a new test suite for Cycle API endpoints, covering creation, retrieval, updating, and deletion of cycles.
* Implemented tests for various scenarios including successful operations, invalid data handling, and conflict resolution with external IDs.
* Enhanced test coverage for listing cycles with different view filters and verifying cycle metrics annotations.
* feat: enhance CycleCreateSerializer to include ownership assignment
* Added 'owned_by' field to CycleCreateSerializer to specify the user who owns the cycle.
* Updated CycleListCreateAPIEndpoint to remove redundant ownership assignment logic, relying on the serializer to handle default ownership.
* Ensured that if 'owned_by' is not provided, it defaults to the current user during cycle creation.
* fix: correct assertion syntax in CycleListCreateAPIEndpoint tests
* Updated the assertion in the test for successful cycle creation to use the correct syntax for checking the response status code.
* Ensured that the test accurately verifies the expected behavior of the API endpoint.
* refactor: enhance ComplexFilterBackend and BaseFilterSet for Q object filtering
- Introduced BaseFilterSet to support Q object construction for complex filtering.
- Updated ComplexFilterBackend to utilize Q objects for building querysets.
- Improved error handling and validation in filter methods.
- Refactored filter evaluation logic to streamline query construction.
* fix: improve filter processing in BaseFilterSet to handle empty cleaned_data and optimize filter evaluation
- Added handling for cases where cleaned_data is None or empty, returning an empty Q object.
- Optimized filter evaluation by only processing filters that are provided in the request data.
* update ComplexFilterBackend to pass queryset in filter evaluation
* chore: update psycopg dependencies to version 3.2.9 in base requirements
* refactor: clean up unused imports across multiple files
* chore: update lxml dependency to version 6.0.0 in base requirements
* style: improve code readability by breaking long lines into multiple lines across several files
* style: enhance readability by breaking long lines in ModuleSerializer docstring
* fix: permission check on viewset
* chore: check workspace admin
* chore: initiative is_workspace_admin before if condition
* chore: project member check
* fix: if conditions
* chore: add condition for guests to only edit description and name
* fix: use ROLE enum instead of magic numbers
* chore: remove if condition
* fix: next path url redirection
* fix: enhance URL redirection safety in authentication views
Updated SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint to include checks for allowed hosts and schemes before redirecting. This improves the security of URL redirection by ensuring only valid URLs are used.
* chore: updated uitl to handle double /
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
* refactor: enhance URL validation and redirection logic in authentication views
* Updated authentication views (SignInAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, GoogleCallbackSpaceEndpoint, and MagicSignInSpaceEndpoint) to include url_has_allowed_host_and_scheme checks for safer redirection.
* Improved URL construction by ensuring proper formatting and fallback to base host when necessary.
* Added get_allowed_hosts function to path_validator.py for better host validation.
* refactor: improve comments and clean up code in path_validator.py
* Updated comments for clarity in the get_safe_redirect_url function.
* Removed unnecessary blank line to enhance
* feat: enhance path validation and URL safety in path_validator.py
* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.
* feat: enhance URL validation in authentication views
* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.
* fix: improve host extraction in get_allowed_hosts function
* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
* refactor: streamline URL construction in authentication views
* Updated MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint to directly construct redirect URLs using formatted strings instead of the get_safe_redirect_url function.
* Enhanced get_safe_redirect_url to use quote for safer URL encoding of parameters.
* refactor: enhance URL validation and redirection in authentication views
* Added validate_next_path function to improve the safety of redirect URLs in MagicSignInSpaceEndpoint and MagicSignUpSpaceEndpoint.
* Updated URL construction to ensure proper handling of next_path and base_url.
* Streamlined the get_safe_redirect_url function for better parameter encoding.
* refactor: unify URL redirection logic across authentication views
* Introduced validate_next_path function to enhance URL safety in SignInAuthSpaceEndpoint, SignUpAuthSpaceEndpoint, GitHubCallbackSpaceEndpoint, GitLabCallbackSpaceEndpoint, and GoogleCallbackSpaceEndpoint.
* Updated URL construction to directly format the redirect URL, improving clarity and consistency across multiple authentication views.
* refactor: remove base_host retrieval from authentication views
* Removed unnecessary base_host retrieval from GitHub, GitLab, and Google callback endpoints.
* Updated MagicSignUpEndpoint to use get_safe_redirect_url for URL construction.
* Refactored MagicSignInSpaceEndpoint to streamline URL redirection logic.
* refactor: streamline URL redirection in MagicSignInSpaceEndpoint
* Removed redundant base_url retrieval from the exception handling in MagicSignInSpaceEndpoint.
* Enhanced the clarity of URL construction by directly using get_safe_redirect_url.
* refactor: replace validate_next_path with get_safe_redirect_url for safer URL redirection across authentication views
* refactor: use get_safe_redirect_url for improved URL redirection in SignInAuthSpaceEndpoint and SignUpAuthSpaceEndpoint
* fix: redirect paths
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: added issue relation and page sort order
* feat: add ProjectWebhook model to manage webhooks associated with projects
* chore: updated the migration file
* chore: added migration
* chore: reverted the page base code
* chore: added a variable for sort order in pages
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: disbale project features on project create
* Implement migration 0105 to alter project cycle view fields to Boolean with default values
* Add project view settings in workspace seed task
* Add is_current_version_deprecated field to Instance model
Index user_id field in Session model
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* 🚧 WIP: Introduced customTicks prop in BarChart for flexible tick rendering.
* ✨ feat: added customTicks to axis charts for flexible tick rendering
* 🔧 fix: update default bar fill color to black and ensure consistent color usage in BarChart
* ✨ feat: add customTooltipContent prop to LineChart for enhanced tooltip flexibility
* 🔧 fix: update bar fill color handling to support dynamic colors based on data and removed DEFAULT_BAR_FILL_COLOR
* 🔧 fix: correct bar fill color handling in BarChart to ensure proper color assignment for tooltips
* 🔧 fix: update customTicks prop types in TAxisChartProps to use unknown type for better type safety
* 📝 chore: updated translations and cleaned up insight card
* 🚨 fix: lint
* 🔧 fix: remove unused translation key "no_of" from Russian translations
* chore: added collapsibl to propel
* fix: export path
* chore: made collapsible a compound component
* fix: lint and format errors
* chore: updated propel exports order and added collapsible to tsdown config
* ✨ feat: integrate Storybook addons and enhance Tabs component
- Added `@storybook/addon-designs` and `@storybook/addon-docs` to the project dependencies.
- Enhanced the Tabs component stories to support dynamic tab options.
- Introduced a custom theme for Storybook with a new manager configuration.
- Added a new SVG logo for branding in Storybook.
- Pinned the storybook and related packages version
* ♻️ refactor: update Storybook manager configuration by removing unused import
* ♻️ refactor: enhance Tabs story with size labels and layout adjustments
* 🚨 fix: lint issues
* 🚨 fix: lock file
* ✏️ fix: update brand image path in Storybook manager configuration
* ♻️ refactor: improve Tabs story by ensuring safe default value and enhancing content rendering
* chore: update docker-compose.yml to change restart policy condition from 'on-failure' to 'any' and remove SSL variable from variables.env
* fix: update docker-compose.yml to change restart policy condition from 'any' to 'on-failure'
* dev: handled indexing for the notification fields
* dev: removing indexing related to workspaces
* dev: handled indexing for file asset, user favorite, and page log
* dev: indexing concurrently
* feat: added support for expanding `updated_by` and `type` in work item
* fix: moved type to dictionary for expansion
* fix: refactored unnecessary fields
* feat: add card component to propel package and update tooltip imports
* refactor: remove @plane/ui dependency and update tooltip imports to use local card component
* fix: lint
* refactor: update import from @plane/ui to @plane/utils in command component
* refactor: extend CardProps interface to include HTML attributes for better flexibility
* feat: enhance URL utility functions with IP address validation and cleaned up the extraction utilities
* fix: remove unnecessary type assertion in isLocalhost function
* Refactor and extend cleanup tasks for logs and versions
- Consolidate API log deletion into cleanup_task.py - Add tasks to
delete old email logs, page versions, and issue description versions -
Update Celery schedule and imports for new tasks
* chore: update cleanup task with mongo changes
* fix: update log deletion task name for clarity
* fix: enhance MongoDB archival error handling in cleanup task
- Added a parameter to check MongoDB availability in the flush_to_mongo_and_delete function.
- Implemented error logging for MongoDB archival failures.
- Updated calls to flush_to_mongo_and_delete to include the new parameter.
* fix: correct parameter name in cleanup task function call
- Updated the parameter name from 'mode' to 'model' in the process_cleanup_task function to ensure consistency and clarity in the code.
* fix: improve MongoDB connection parameter handling in MongoConnection class
- Replaced direct access to settings with getattr for MONGO_DB_URL and MONGO_DB_DATABASE to enhance robustness.
- Added warning logging for missing MongoDB connection parameters.
* add missing fields and methods in endpoints
* add POST method for project members
* make project_id as uuid in url pattern
* remove post method
* fix method reordering
* fix: wrong WI count while scrolling
* chore: optimize issue queryset
* fix: use separate query for total_count_queryset
* fix: guest visibility constraint
* fix: use separate query for total_count_queryset in external api
* fix: use queryset.count()
* feat: add truncated link export and URL utility to respective modules
* refactor: replace Link2 with ExternalLink in TruncatedUrl component
* feat: add TruncatedUrl component and update link exports
* fix: export ParsedURL interface for better accessibility in URL utilities
* refactor: remove TruncatedUrl component and update link exports
* fix: update parseURL function to return undefined for invalid URLs
* refactor: rename ParsedURL interface to IParsedURL for consistency
* refactor: rename IParsedURL to IURLComponents and update parsing functions for improved clarity
* refactor: update URL utility functions and improve documentation for clarity
* refactor: add full URL property to IURLComponents interface and update extractURLComponents function
* refactor: rename createURL function to isUrlValid and update its implementation to validate URL strings
* refactor: rename isUrlValid function to getValidURL and update its implementation to return URL object or undefined
* fix(lint): get ci passing again
* chore(ci): run lint before build
* chore(ci): exclude web app from build check for now
The web app takes too long and causes CI to timeout. Once we
improve we will reintroduce.
* fix: formating of files
* fix: adding format to ci
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* Türkçe dil desteği , İgilizce okunuşlardan gerçek karşılığına çevirildi.
* "sidebar.intake"="Talep" olarak değiştirildi.
---------
Co-authored-by: Bektaş IŞIK <bektas.isik@aurorabilisim.com>
* [WEB-4677] improvement: add defaultOpen property to CustomSearchSelect
* improvement: add utils to format time duration
* improvement: added initializing state for project store
* improvement: minor changes in automations page
* fix: update Dockerfile and docker-compose for version v0.28.0 and improve curl commands in install script
* fix: update docker-compose to use 'stable' tag for all services
* fix: improve curl command options in install script for better reliability
2025-07-31 13:27:34 +05:30
sriram veeraghantaGitHubCopilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* Potential fix for code scanning alert no. 631: Incomplete URL scheme check
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* fix: ignore warning in this file
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
* feat: add event trackers for password creation
* feat: add event trackers for project views
* feat: add event trackers for product updates and changelogs
* chore: use element name instead of event name for changelog redirect link
* fix: improve API service readiness check in install script
* fix(cli): correct python indentation in api health check
* fix(cli): prevent false positive api ready message on timeout
* added PageBinaryUpdateSerializer for binary data validation and update
* chore: added validation for description
* chore: removed the duplicated file
* Fixed coderabbit comments
- Improve content validation by consolidating patterns and enhancing recursion checks
- Updated `PageBinaryUpdateSerializer` to simplify assignment of validated data.
- Enhanced `content_validator.py` with consolidated dangerous patterns and added recursion depth checks to prevent stack overflow during validation.
- Improved readability and maintainability of validation functions by using constants for patterns.
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
* feat: restore background color and goals fields in Profile and Workspace models in migration 0099
* chore: update migration dependency to reflect recent changes in profile model migrations
* chore: fix lint
* fix: constants check:lint command
* chore(lint): permit unused vars which begin w/ _
* chore: rm dead code
* fix(lint): more lint fixes to constants pkg
* fix(lint): lint the live server
- fix lint issues
* chore: improve clean script
* fix(lint): more lint
* chore: set live server process title
* chore(deps): update to turbo@2.5.5
* chore(live): target node22
* fix(dev): add missing ui pkg dependency
* fix(dev): lint decorators
* fix(dev): lint space app
* fix(dev): address lint issues in types pkg
* fix(dev): lint editor pkg
* chore(dev): moar lint
* fix(dev): live server exit code
* chore: address PR feedback
* fix(lint): better TPageExtended type
* chore: refactor
* chore: revert most live server changes
* fix: few more lint issues
* chore: enable ci checks
Ensure we can build + confirm that lint is not getting worse.
* chore: address PR feedback
* fix: web lint warning added to package.json
* fix: ci:lint command
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* Basic setup for drf-spectacular
* Updated to only handle /api/v1 endpoints
* feat: add asset and user endpoints with URL routing
- Introduced new asset-related endpoints for user assets and server assets, allowing for asset uploads and management.
- Added user endpoint to retrieve current user information.
- Updated URL routing to include new asset and user patterns.
- Enhanced issue handling with a new search endpoint for issues across multiple fields.
- Expanded member management with a new endpoint for workspace members.
* Group endpoints by tags
* Detailed schema definitions and examples for asset endpoints
* Removed unnecessary extension
* Specify avatar_url field separately
* chore: add project docs
* chore: correct all errors
* chore: added open spec in work items
* feat: enhance cycle API endpoints with detailed OpenAPI specifications
- Updated CycleAPIEndpoint and CycleIssueAPIEndpoint to include detailed OpenAPI schema definitions for GET, POST, PATCH, and DELETE operations.
- Specified allowed HTTP methods for each endpoint in the URL routing.
- Improved documentation for cycle creation, updating, and deletion, including request and response examples.
* chore: added open spec in labels
* chore: work item properties
* feat: enhance API endpoints with OpenAPI specifications and HTTP method definitions
- Added detailed OpenAPI schema definitions for various API endpoints including Intake, Module, and State.
- Specified allowed HTTP methods for each endpoint in the URL routing for better clarity and documentation.
- Improved request and response examples for better understanding of API usage.
- Introduced unarchive functionality for cycles and modules with appropriate endpoint definitions.
* chore: run formatter
* Removed unnecessary settings for authentication
* Refactors OpenAPI documentation structure
Improves the organization and maintainability of the OpenAPI documentation by modularizing the `openapi_spec_helpers.py` file.
The changes include:
- Migrates common parameters, responses, examples, and authentication extensions to separate modules.
- Introduces helper decorators for different endpoint types.
- Updates view imports to use the new module paths.
- Removes the legacy `openapi_spec_helpers.py` file.
This refactoring results in a more structured and easier-to-maintain OpenAPI documentation setup.
* Refactor OpenAPI endpoint specifications
- Removed unnecessary parameters from the OpenAPI documentation for various endpoints in the asset, cycle, and project views.
- Updated request structures to improve clarity and consistency across the API documentation.
- Enhanced response formatting for better readability and maintainability.
* Enhance API documentation with detailed endpoint descriptions
Updated various API endpoints across the application to include comprehensive docstrings that clarify their functionality. Each endpoint now features a summary and detailed description, improving the overall understanding of their purpose and usage. This change enhances the OpenAPI specifications for better developer experience and documentation clarity.
* Enhance API serializers and views with new request structures
- Added new serializers for handling cycle and module issue requests, including `CycleIssueRequestSerializer`, `TransferCycleIssueRequestSerializer`, `ModuleIssueRequestSerializer`, and intake issue creation/updating serializers.
- Updated existing serializers to improve clarity and maintainability, including the `UserAssetUploadSerializer` and `IssueAttachmentUploadSerializer`.
- Refactored API views to utilize the new serializers, enhancing the request handling for cycle and intake issue endpoints.
- Improved OpenAPI documentation by replacing inline request definitions with serializer references for better consistency and readability.
* Refactor OpenAPI documentation and endpoint specifications
- Replaced inline schema definitions with dedicated decorators for various endpoint types, enhancing clarity and maintainability.
- Updated API views to utilize new decorators for user, cycle, intake, module, and project endpoints, improving consistency in OpenAPI documentation.
- Removed unnecessary parameters and responses from endpoint specifications, streamlining the documentation for better readability.
- Enhanced the organization of OpenAPI documentation by modularizing endpoint-specific decorators and parameters.
* chore: correct formatting
* chore: correct formatting for all api folder files
* refactor: clean up serializer imports and test setup
- Removed unused `StateLiteSerializer` import from the serializer module.
- Updated test setup to include a noqa comment for the `django_db_setup` fixture, ensuring clarity in the code.
- Added missing commas in user data dictionary for consistency.
* feat: add project creation and update serializers with validation
- Introduced `ProjectCreateSerializer` and `ProjectUpdateSerializer` to handle project creation and updates, respectively.
- Implemented validation to ensure project leads and default assignees are members of the workspace.
- Updated API views to utilize the new serializers for creating and updating projects, enhancing request handling.
- Added OpenAPI documentation references for the new serializers in the project API endpoints.
* feat: update serializers to include additional read-only fields
* refactor: rename intake issue serializers and enhance structure
- Renamed `CreateIntakeIssueRequestSerializer` to `IntakeIssueCreateSerializer` and `UpdateIntakeIssueRequestSerializer` to `IntakeIssueUpdateSerializer` for clarity.
- Introduced `IssueSerializer` for nested issue data in intake requests, improving the organization of serializer logic.
- Updated API views to utilize the new serializer names, ensuring consistency across the codebase.
* refactor: rename issue serializer for intake and enhance API documentation
- Renamed `IssueSerializer` to `IssueForIntakeSerializer` for better clarity in the context of intake issues.
- Updated references in `IntakeIssueCreateSerializer` and `IntakeIssueUpdateSerializer` to use the new `IssueForIntakeSerializer`.
- Added OpenAPI documentation for the `get_workspace_work_item` endpoint, detailing parameters and responses for improved clarity.
* chore: modules and cycles serializers
* feat: add new serializers for label and issue link management
- Introduced `LabelCreateUpdateSerializer`, `IssueLinkCreateSerializer`, `IssueLinkUpdateSerializer`, and `IssueCommentCreateSerializer` to enhance the handling of label and issue link data.
- Updated existing API views to utilize the new serializers for creating and updating labels, issue links, and comments, improving request handling and validation.
- Added `IssueSearchSerializer` for searching issues, streamlining the search functionality in the API.
* Don't consider read only fields as required
* Add setting to separate request and response definitions
* Fixed avatar_url warning on openapi spec generation
* Made spectacular disabled by default
* Moved spectacular settings into separate file and added detailed descriptions to tags
* Specify methods for asset urls
* Better server names
* Enhance API documentation with summaries for various endpoints
- Added summary descriptions for user asset, cycle, intake, issue, member, module, project, state, and user API endpoints to improve clarity and usability of the API documentation.
- Updated the OpenAPI specifications to reflect these changes, ensuring better understanding for developers interacting with the API.
* Add contact information to OpenAPI settings
- Included contact details for Plane in the OpenAPI settings to enhance API documentation and provide developers with a direct point of contact for support.
- This addition aims to improve the overall usability and accessibility of the API documentation.
* Reordered tags and improved description relavancy
* Enhance OpenAPI documentation for cycle and issue endpoints
- Added response definitions for the `get_cycle_issues` and `delete_cycle_issue` methods in the CycleIssueAPIEndpoint to clarify expected outcomes.
- Included additional response codes for the IssueSearchEndpoint to handle various error scenarios, improving the overall API documentation and usability.
* Enhance serializer documentation across multiple files
- Updated docstrings for various serializers including UserAssetUploadSerializer, AssetUpdateSerializer, and others to provide clearer descriptions of their functionality and usage.
- Improved consistency in formatting and language across serializer classes to enhance readability and maintainability.
- Added detailed explanations for new serializers related to project, module, and cycle management, ensuring comprehensive documentation for developers.
* Refactor API endpoints for cycles, intake, modules, projects, and states
- Replaced existing API endpoint classes with more descriptive names such as CycleListCreateAPIEndpoint, CycleDetailAPIEndpoint, IntakeIssueListCreateAPIEndpoint, and others to enhance clarity.
- Updated URL patterns to reflect the new endpoint names, ensuring consistency across the API.
- Improved documentation and method summaries for better understanding of endpoint functionalities.
- Enhanced query handling in the new endpoint classes to streamline data retrieval and improve performance.
* Refactor issue and label API endpoints for clarity and functionality
- Renamed existing API endpoint classes to more descriptive names such as IssueListCreateAPIEndpoint, IssueDetailAPIEndpoint, LabelListCreateAPIEndpoint, and LabelDetailAPIEndpoint to enhance clarity.
- Updated URL patterns to reflect the new endpoint names, ensuring consistency across the API.
- Improved method summaries and documentation for better understanding of endpoint functionalities.
- Streamlined query handling in the new endpoint classes to enhance data retrieval and performance.
* Refactor asset API endpoint methods and introduce new status enums
- Updated the GenericAssetEndpoint to only allow POST requests for asset creation, removing the GET method.
- Modified the get method to require asset_id, ensuring that asset retrieval is always tied to a specific asset.
- Added new IntakeIssueStatus and ModuleStatus enums to improve clarity and management of asset and module states.
- Enhanced OpenAPI settings to include these new enums for better documentation and usability.
* enforce naming convention
* Added LICENSE to openapi spec
* Enhance OpenAPI documentation for various API endpoints
- Updated API endpoints in asset, cycle, intake, issue, module, project, and state views to include OpenApiRequest and OpenApiExample for better request documentation.
- Added example requests for creating and updating resources, improving clarity for API consumers.
- Ensured consistent use of OpenApi utilities across all relevant endpoints to enhance overall API documentation quality.
* Enhance OpenAPI documentation for various API endpoints
- Added detailed descriptions to multiple API endpoints across asset, cycle, intake, issue, module, project, state, and user views to improve clarity for API consumers.
- Ensured consistent documentation practices by including descriptions that outline the purpose and functionality of each endpoint.
- This update aims to enhance the overall usability and understanding of the API documentation.
* Update OpenAPI examples and enhance project queryset logic
- Changed example fields in OpenAPI documentation for issue comments from "content" to "comment_html" to reflect the correct structure.
- Introduced a new `get_queryset` method in the ProjectDetailAPIEndpoint to filter projects based on user membership and workspace, while also annotating additional project-related data such as total members, cycles, and modules.
- Updated permission checks to use the correct attribute name for project identifiers, ensuring accurate permission handling.
* Enhance OpenAPI documentation and add response examples
- Updated multiple API endpoints across asset, cycle, intake, issue, module, project, state, and user views to include new OpenApiResponse examples for better clarity on expected outcomes.
- Introduced new parameters for project and issue identifiers to improve request handling and documentation consistency.
- Enhanced existing responses with detailed examples to aid API consumers in understanding the expected data structure and error handling.
- This update aims to improve the overall usability and clarity of the API documentation.
* refactor: update terminology from 'issues' to 'work items' across multiple API endpoints for consistency and clarity
* use common timezones from pytz for choices
* Moved the openapi utils to the new folder structure
* Added exception logging in GenericAssetEndpoint to improve error handling
* Fixed code rabbit suggestions
* Refactored IssueDetailAPIEndpoint to streamline issue retrieval and response handling, removing redundant external ID checks and custom ordering logic.
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* [WEB-4498] improvement: remove workspace details from workspace members list API
* refactor: update select_related usage in workspace invitation and member views
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
* Remove deprecated Nginx configuration files and scripts, including Dockerfiles, environment scripts, and configuration templates, to streamline the project structure.
* Update environment configuration and Docker setup for proxy services
- Added LISTEN_PORT and LISTEN_SSL_PORT variables to .env.example and related files.
- Updated Docker Compose files to reference new port variables instead of deprecated NGINX_PORT.
- Adjusted README and variable documentation to reflect changes in port configuration.
- Changed build context for proxy services to use the new directory structure.
* Refactor port configuration in environment and Docker files
- Renamed LISTEN_PORT and LISTEN_SSL_PORT to LISTEN_HTTP_PORT and LISTEN_HTTPS_PORT in .env.example and related files.
- Updated Docker Compose configurations to reflect the new port variable names.
- Adjusted documentation in README and variables.env to ensure consistency with the new naming conventions.
* refactor: reorganize deployment structure and update build workflows
- Restructure deployment directories from deploy/ to deployments/
- Move selfhost files to deployments/cli/community/
- Add new AIO community deployment setup
- Update GitHub Actions workflows for new directory structure
- Add Caddy proxy configuration for CE deployment
- Remove deprecated AIO build files and workflows
- Update build context paths in install scripts
* chore: update Dockerfile and supervisor configuration
- Changed `apk add` command in Dockerfile to use `--no-cache` for better image size management.
- Updated `build.sh` to ensure proper directory navigation with quotes around `dirname "$0"`.
- Modified `supervisor.conf` to set `stderr_logfile_maxbytes` to 50MB and added `stderr_logfile_backups` for better log management across multiple services.
* chore: consistent node and python version
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* chore: streamline issue saving process with advisory locks for sequence management
* fix: update advisory lock usage in issue model for improved concurrency management
- Changed references from 'apiserver' to 'apps/server' in Docker configurations and environment setup.
- Updated contributing documentation to reflect the new service structure.
- Adjusted setup script to accommodate the new directory layout.
- Removed obsolete files related to the previous structure.
* feat(tests): Add reusable workspace fixture
Introduces a new `workspace` fixture in `conftest.py` to provide a
consistent and reusable setup for tests that require a workspace.
* feat(tests): Add tests for project creation (POST)
This commit introduces a comprehensive test suite for the project creation API endpoint.
The suite covers a wide range of scenarios, including:
- Successful creation and verification of side-effects (default states, project members, user properties).
- Validation for invalid or missing data (400 Bad Request).
- Permission checks for different user roles (e.g., guests are forbidden).
- Authentication requirements (401 Unauthorized).
- Uniqueness constraints for project names and identifiers (409 Conflict).
- Successful creation with all optional fields populated.
It leverages the `workspace`, `session_client` and `create_user` fixtures for a consistent test setup.
* refactor(tests): Centralize project URL helper into a base class
To avoid code duplication in upcoming tests, this commit introduces a `TestProjectBase` class.
The `get_project_url` helper method is moved into this shared base class, and the existing `TestProjectAPIPost` class is updated to inherit from it. This ensures the URL generation logic is defined in a single place and preparing the suite for the upcoming GET tests.
* feat(tests): Add tests for project listing and retrieval (GET)
This commit adds a suite for the GET method. It leverages the previously created `TestProjectBase` class for URL generation.
The new test suite covers:
- Listing projects:
- Verifies that administrators see all projects.
- Confirms guests only see projects they are members of.
- Tests the separate detailed project list endpoint.
- Retrieving a single project:
- Checks for successful retrieval of a project by its ID.
- Handles edge cases for non-existent and archived projects (404 Not Found).
- Authentication:
- Ensures authentication is required (401 Unauthorized).
* feat(tests): Add tests for project update (PATCH) and deletion (DELETE)
Key scenarios tested for PATCH:
- Successful partial updates by project administrators.
- Forbidden access for non-admin members (403).
- Conflict errors for duplicate names or identifiers on update (409).
- Validation errors for invalid data (400).
Key scenarios tested for DELETE:
- Successful deletion by both project admins and workspace admins.
- Forbidden access for non-admin members (403).
- Authentication checks for unauthenticated users (401).
* Remove unnecessary print statement
* refactor(tests): Update workspace fixture to use ORM
Updates the `workspace` fixture to create the model instance directly via the ORM using the `Workspace` model instead of the API, as requested during code review.
* Refactor: Remove some unused imports
Removes imports that I added while working on the test suite for the Project API but were ultimately not used. Note that other unused imports still exist from the state of the codebase when this branch was created/forked.
* fix: removed t function from dependency array which was causing infinite loop
* fix: add eslint disable comment for exhaustive-deps warning in IssuePeekOverview
* feat: add IssueListDetailSerializer for detailed issue representation
- Introduced IssueListDetailSerializer to enhance issue data representation with expanded fields.
- Updated issue detail endpoint to utilize the new serializer for improved data handling.
- Added methods for retrieving related module, label, and assignee IDs, along with support for expanded relations.
* feat: add ViewIssueListSerializer and enhance issue ordering
- Introduced ViewIssueListSerializer for improved issue representation, including assignee, label, and module IDs.
- Updated WorkspaceViewIssuesViewSet to utilize the new serializer and optimized queryset with prefetching.
- Enhanced order_issue_queryset to maintain consistent ordering by created_at alongside other fields.
- Modified pagination logic to support total count retrieval for better performance.
* fix: optimize issue filtering and pagination logic
- Updated WorkspaceViewIssuesViewSet to apply filters more efficiently in the issue query.
- Refined pagination logic in OffsetPaginator to ensure consistent behavior using limit instead of cursor.value, improving overall pagination accuracy.
* fix: improve pagination logic in OffsetPaginator
- Updated the next_cursor calculation to use the length of results instead of cursor.value, ensuring accurate pagination behavior.
- Added a comment to clarify the purpose of checking for additional results after the current page.
* Move the common permission filters into a separate method
* fix: handle deleted related issues in serializers
- Updated IssueListDetailSerializer to skip null related issues when building relations.
- Enhanced ViewIssueListSerializer to safely access state.group, returning None if state is not present.
- Removed unused User import in base.py for cleaner code.
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
* chore: improved pat permissions
* fix: err message
* fix: removed permission from backend
* [WEB-4330] refactor: update API token endpoints to use user context instead of workspace slug
- Changed URL patterns for API token endpoints to use "users/api-tokens/" instead of "workspaces/<str:slug>/api-tokens/".
- Refactored ApiTokenEndpoint methods to remove workspace slug parameter and adjust database queries accordingly.
- Added new test cases for API token creation, retrieval, deletion, and updates, including support for bot users and minimal data submissions.
* fix: removed workspace slug from api-tokens
* fix: refactor
* chore: url.py code rabbit suggestion
* fix: APITokenService moved to package
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* fix: duplicate assignees in user recents
* chore: optimize filtering logic
* chore: filter with deleted_at field
* chore: tests for IssueRecentSerializer
* chore: updated label for epics
* chore: improved export logic
* refactor: move csvConfig to export.ts and clean up export logic
* refactor: remove unused CSV export logic from WorkItemsInsightTable component
* refactor: streamline data handling in InsightTable component for improved rendering
* feat: add translation for "No. of {entity}" and update priority chart y-axis label to use new translation
* refactor: cleaned up some component and added utilitites
* feat: add "at_risk" translation to multiple languages in translations.json files
* refactor: update TrendPiece component to use new status variants for analytics
* fix: adjust TrendPiece component logic for on-track and off-track status
* refactor: use nullish coalescing operator for yAxis.dx in line and scatter charts
* feat: add "at_risk" translation to various languages in translations.json files
* feat: add "no_of" translation to various languages in translations.json files
* feat: update "at_risk" translation in Ukrainian, Vietnamese, and Chinese locales in translations.json files
* refactor: rename insightsFields to ANALYTICS_INSIGHTS_FIELDS and update analytics tab import to use getAnalyticsTabs function
* feat: update AnalyticsWrapper to use i18n for titles and add new translation for "no_of" in Russian
* fix: update yAxis labels and offsets in various charts to use new translation key and improve layout
* feat: define AnalyticsTab interface and refactor getAnalyticsTabs function for improved type safety
* fix: update AnalyticsTab interface to use TAnalyticsTabsBase for improved type safety
* fix: add whitespace-nowrap class to TableHead for improved header layout in DataTable component
* chore: updated label for epics
* chore: improved export logic
* refactor: move csvConfig to export.ts and clean up export logic
* refactor: remove unused CSV export logic from WorkItemsInsightTable component
* refactor: streamline data handling in InsightTable component for improved rendering
* feat: add translation for "No. of {entity}" and update priority chart y-axis label to use new translation
* refactor: cleaned up some component and added utilitites
* feat: add "at_risk" translation to multiple languages in translations.json files
* refactor: update TrendPiece component to use new status variants for analytics
* fix: adjust TrendPiece component logic for on-track and off-track status
* refactor: use nullish coalescing operator for yAxis.dx in line and scatter charts
* feat: add "at_risk" translation to various languages in translations.json files
* feat: add "no_of" translation to various languages in translations.json files
* feat: update "at_risk" translation in Ukrainian, Vietnamese, and Chinese locales in translations.json files
* fix: update group key handling in issue store utilities for state groups
- Introduced a new function to determine the default group key based on the provided groupByKey.
- Updated references to use the new function for improved clarity and maintainability.
- Adjusted the mapping for "state_detail.group" in the ISSUE_GROUP_BY_KEY to ensure consistency.
- Enhanced the getArrayStringArray method to handle group values more effectively.
* refactor: clean up filters constants
* refactor: enhance backup and restore scripts for container data management
* fix: ensure proper quoting in backup script to handle paths with spaces
* fix: ensure backup directory is only removed if tar command succeeds
* CodeRabbit fixes
* chore: added code split for the analytics store
* chore: done some refactor
* refactor: update entity keys in analytics and translations
* chore: updated the translations
* refactor: simplify AnalyticsStoreV2 class by removing unnecessary constructor
* feat: add AnalyticsStoreV2 class and interface for enhanced analytics functionality
* feat: enhance WorkItemsModal and analytics store with isEpic functionality
* feat: integrate isEpic state into TotalInsights and WorkItemsModal components
* refactor: remove isEpic state from WorkItemsModalMainContent component
* refactor: removed old analytics components and related services
* refactor: new analytics
* refactor: removed all nivo chart dependencies
* chore: resolved coderabbit comments
* fix: update processUrl to handle custom-work-items in peek view
* feat: implement CSV export functionality in InsightTable component
* feat: enhance analytics service with filter parameters and improve data handling in InsightTable
* feat: add new translation keys for various statuses across multiple languages
* [WEB-4246] fix: enhance analytics components to include 'isEpic' parameter for improved data fetching
* chore: update yarn.lock to remove deprecated @nivo packages and clean up unused dependencies
* fix: settings header css + cta on error page
* [WEB-4249] fix: filter out inactive workspace members from project member list
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* refactor: permission layer
* refactor: add original_role to project member serializer
* chore: minor fixes related to permission layer
* fix: strict type checking while checking user permissions
* fix: header text of insight table search
* fix: made the active project list scrollable
* chore: added xAxis label to table header
* chore: removed the intake issues
* fix: made the headerText necessary
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: added cycles and modules in analytics peek view
* chore: added cycles and modules analytics
* chore: added project filter for work items
* chore: added a peekview flag and based on that table columns
* chore: added peek view
* chore: added check for display name
* chore: cleaned up some code
* chore: fixed export csv data
* chore: added distinct work items
* chore: assignee in peek view
* updated csv fields
* chore: updated workitems peek with assignee
* fix: removed type assersions for workspaceslug
* chore: added day wise filter in cycles and modules
* chore: added extra validations
---------
Co-authored-by: JayashTripathy <jayashtripathy371@gmail.com>
* chore: remove analytics duration filter
* removed subtitle from title and date_filter from service call
* chore: removed the date filter
* bottom text of insight trend card
* chore: changed issue manager
* fix: limited items in table
* fix: removed unnecessary props from data-table
---------
Co-authored-by: JayashTripathy <jayashtripathy371@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* refactor: enhance backup and restore scripts for container data management
* fix: ensure proper quoting in backup script to handle paths with spaces
* fix: ensure backup directory is only removed if tar command succeeds
* CodeRabbit fixes
* chore: analytics endpoint
* added anlytics v2
* updated status icons
* added area chart in workitems and en translations
* active projects
* chore: created analytics chart
* chore: validation errors
* improved radar-chart , added empty states , added projects summary
* chore: added a new graph in advance analytics
* integrated priority chart
* chore: added csv exporter
* added priority dropdown
* integrated created vs resolved chart
* custom x and y axis label in bar and area chart
* added wrapper styles to legends
* added filter components
* fixed temp data imports
* integrated filters in priority charts
* added label to priority chart and updated duration filter
* refactor
* reverted to void onchange
* fixed some contant exports
* fixed type issues
* fixed some type and build issues
* chore: updated the filtering logic for analytics
* updated default value to last_30_days
* percentage value whole number and added some rules for axis options
* fixed some translations
* added - custom tick for radar, calc of insight cards, filter labels
* chore: opitmised the analytics endpoint
* replace old analytics path with new , updated labels of insight card, done some store fixes
* chore: updated the export request
* Enhanced ProjectSelect to support multi-select, improved state management, and optimized data fetching and component structure.
* fix: round completion percentage calculation in ActiveProjectItem
* added empty states in project insights
* Added loader and empty state in created/resolved chart
* added loaders
* added icons in filters
* added custom colors in customised charts
* cleaned up some code
* added some responsiveness
* updated translations
* updated serrchbar for the table
* added work item modal in project analytics
* fixed some of the layput issues in the peek view
* chore: updated the base function for viewsets
* synced tab to url
* code cleanup
* chore: updated the export logic
* fixed project_ids filter
* added icon in projectdropdown
* updated export button position
* export csv and emptystates icons
* refactor
* code refactor
* updated loaders, moved color pallete to contants, added nullish collasece operator in neccessary places
* removed uneccessary cn
* fixed formatting issues
* fixed empty project_ids in payload
* improved null checks
* optimized charts
* modified relevant variables to observable.ref
* fixed the duration type
* optimized some code
* updated query key in project-insight
* updated query key in project-insight
* updated formatting
* chore: replaced analytics route with new one and done some optimizations
* removed the old analytics
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* chore: analytics endpoint
* chore: created analytics chart
* chore: validation errors
* chore: added a new graph in advance analytics
* chore: added csv exporter
* chore: updated the filtering logic for analytics
* chore: opitmised the analytics endpoint
* chore: updated the base function for viewsets
* chore: updated the export logic
* chore: added type hints
* chore: added type hints
* chore: comment details of work item
* chore: attachment count and attachment name
* chore: issue link and subscriber count
* chore: list of assignees
* chore: asset_url as attachment_links
* chore: code refactor
* fix: cannot export Excel
* chore: remove print statements
* fix: filtering in list
* chore: optimize attachment_count and attachment_link query
* chore: optimize fetching issue details for multiple select
* chore: use Prefetch to avoid duplicates
* feat: added filters for sub issues
* feat: added list groups for sub issues
* chore: updated order for sub work item properties
* feat: filters for sub work items
* feat: added filtering and ordering at frontend
* chore: reverted backend filters
* feat: added empty states
* chore: code improvemnt
---------
Co-authored-by: sangeethailango <sangeethailango21@gmail.com>
* updated project and workitem form
* added translation for other languages also
* Update packages/i18n/src/locales/zh-CN/translations.json
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore: handling base path and urls
* chore: uniformize urls in common settings
* correct live url
* chore: use url join to correctly join urls
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: local dev improvements
* chore: pr feedback
* chore: fix setup
* fix: env variables updated in .env.example files
* fix(local): sign in to admin and web
* chore: update minio deployment to create an bucket automatically on startup.
* chore: resolve merge conflict
* chore: updated api env with live base path
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* migration: data with iexact 'in-app' changed to 'IN_APP'
* chore: add start_of_week field in profile
* chore: define variables for choices
* chore: merge migration files
* chore: return order based on group
* chore: order for workspace stats endpoint
* chore: state response updated
* chore: state icon types updated
* chore: state icon updated
* chore: state settings new icon implementation
* chore: icon implementation
* chore: code refactor
* chore: code refactor
* chore: code refactor
* fix: order field type
---------
Co-authored-by: sangeethailango <sangeethailango21@gmail.com>
* chore: add json files and initial job to push data to workspace
* chore: update seed data location
* chore: update seed data to use assets from static urls
* chore: update seed data to use updated labels
* chore: add logging and update label name
* chore: add created_by for project member
* chore: add created_by_id for issue user property
* chore: add workspace seed task logs
* chore: update log message to return task name
* chore: add warning log for workspace seed task
* chore: add validation for issue seed data
* fix: uuid validation and function parameter handling for external apis
* chore: update status 410 Gone to 409 conflicts
* chore: add webhook trigger for issue created through apis
* chore: remove pks from post
* chore: remove issue id from module post
* improvement: work item modal data preload and parent work item details
* improvement: collapsible button title
* improvement: project creation form and modal
* improvement: emoji helper
* improvement: enhance labels component modularity
* improvement: enable state group and state list components modularity
* improvement: project settings feature list
* improvement: common utils
* fix: race condition which is creating duplicate sequence ids
* chore: add management command to fix duplicate sequences
* chore: update command to take a lock and optimize the script to use dict
instead of loops
* chore: update the script to use transaction
* fix: make floating link generic and use it for all editors
* fix: link component behaviour with selected text fixed and storage is now typed
* chore: link view seperated
* fix: editor link edit view across multiple links resets now
* fix: link view container
* fix: cleaning up
* fix: url validation
- Added Vietnamese (Tiếng việt) to the list of supported languages.
- Created a new translations file for Vietnamese with comprehensive translations for various UI elements.
- Updated the TranslationStore to include the new Vietnamese language option.
Updated TranslationStore to include support for Brazilian Portuguese by importing the corresponding translations file.
Extended TLanguage type to include "pt-BR" as a valid language option.
* Return Cycle start and end dates in project's timezone
* fix: role improvements
* chore: role updates
* chore: update role endpoint to update workspace admin permissions
* fix: conditions
* chore: update member role for workspace members
* chore: update workspace permission role
* fix: currentAdmin permissions
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: markdown for mentions fixed
* fix: copying text in mentions
* fix: refactored the component to use the same function
* chore: renamed funcion name
* add the new copy extension
* init working fix
* remove useless code
* improve readibility
* update node import
* better smaller logic
* remove log
* add open close end handler
* update readabliity
* handle tables
* handle triple click in cell
* triple tap select current line
* handle block and list
* lists fixed
* handle all possible cases of copy in table
* update the min elements
* handle multi types in table
* handle table seletion cases
* handle whole table handler
* feat: all case converd
* update markdown handling code
* update return statement
* handle using group block
* handle param
* handle multple cell in table
* handle using recursion
* add types
* fix code rabbit suggestions
* fix root node bug
* update recursion with loop
* update transform copied to false
* refactor clipboard extension: remove options and integrate MarkdownClipboard into core extensions
* fix: header and code handler
* fix: store hooks fixed
* fix: mention id
---------
Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com>
* [WEB-3597] fix: guest work item view access when hyper mode is enabled
* fix: only show work item created by the guest user if the guest_view_all_features is disabled
* refactor: editor file handling
* refactor: asset store
* refactor: space app file handlers
* fix: separate webhook connection params
* chore: handle undefined status
* chore: add type to upload status
* chore: added transition for upload status update
* feat: invitation link url
* feat: copy invite link from workspace invitations list
* invitation reponse cleanup and logo url fix
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: workspace roles for settings and members button
* fix: user role and member count for new workspace
* chore: set role to 20 while workspace creation
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* fix: prevent error when triggering deletion webhook
The deletion webhook was not firing because it attempted to retrieve
data after deletion, causing a failure.
According to the webhook documentation https://developers.plane.so/webhooks/intro-webhooks, the delete event should only contain
id, so the fix aligns with this expected behavior.
* fix: make delete_comment_activity include comment_id
The delete issues comment webhook requires comment_id
* fix: trigger webhook on project delete
* bump: upgrade editor
* fix: remove editor ref in use
* fix: added editor state to reduce rerenders
* fix: add editor rerendering optimization
* fix: wrong condition in scroll summary
* fix: removing ref usage internally in read only editor as well
* fix: remove unused methods from read only editor
* fix: add editable prop again
* regression: added the types for onHeadingChange
* fix: types
* fix: improve the check condition
* fix: listing bots as project members
* chore: added a filter to removed inactive users
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* feat: workspace home preference model
* chore: changed page title to textfield
* chore: add sort order
* chore: added null value in sticky title
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* Crud for wuick links
* Validate quick link existence
* Add custom method for destroy and retrieve
* Add List method
* Remove print statements
* List all the workspace quick links
* feat: endpoint to get recently active items
* Resolve conflicts
* Resolve conflicts
* Add filter to only list required entities
* Return required fields
* Add filter
* Add filter
* fix: adding language support package
* fix: language support implementation using mobx
* fix: adding more languages for support
* fix: profile settings translations
* feat: added language support for sidebar and user settings
* feat: added language support for deactivation modal
* fix: added project sync after transfer issues (#6200)
* code refactor and improvement (#6203)
* chore: package code refactoring
* chore: component restructuring and refactor
* chore: comment create improvement
* refactor: enhance workspace and project wrapper modularity (#6207)
* [WEB-2678]feat: added functionality to add labels directly from dropdown (#6211)
* enhancement:added functionality to add features directly from dropdown
* fix: fixed import order
* fix: fixed lint errors
* chore: added common component for project activity (#6212)
* chore: added common component for project activity
* fix: added enum
* fix: added enum for initiatives
* - Do not clear temp files that are locked. (#6214)
- Handle edge cases in sync workspace
* fix: labels empty state for drop down (#6216)
* refactor: remove cn helper function from the editor package (#6217)
* * feat: added language support to issue create modal in sidebar
* fix: project activity type
* * fix: added missing translations
* fix: modified translation for plurals
* fix: fixed spanish translation
* dev: language type error in space user profile types
* fix: type fixes
* chore: added alpha tag
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
Co-authored-by: Akshita Goyal <36129505+gakshita@users.noreply.github.com>
Co-authored-by: Satish Gandham <satish.iitg@gmail.com>
Co-authored-by: Aaryan Khandelwal <65252264+aaryan610@users.noreply.github.com>
Co-authored-by: gurusinath <gurusainath007@gmail.com>
* Crud for wuick links
* Validate quick link existence
* Add custom method for destroy and retrieve
* Add List method
* Remove print statements
* List all the workspace quick links
* Filter by user
* fix: split labels in kanban board
* chore: incresaed labels max render and moved labels to end of properties
chore: refactored label render component
* fix: smoother drag scrolling
* fix: refactoring out common fns
* fix: moved to mouse events instead of drag
* fix: improving the drag preview
* fix: added better selection logic
* fix: drag handle new way almost working
* fix: drag-handle old behaviour with better scrolling
* fix: remove experiments
* fix: better scroll thresholds
* fix: transition to drop cursor added
* fix: drag handling speed
* fix: cleaning up listeners
* fix: common out selection and dragging logic
* fix: scroll threshold logic fixed
* fix: added magnification properly and also moving around the zoomed image
* fix: zoom via trackpad pinch
* fix: update imports
* fix: initial magnification is reset
* chore: added fields in issue_version and profile tables and created a new sticky table
* chore: removed point in issue version
* chore: add imports in init
* chore: added sync jobs for issue_version and issue_description_version
* chore: removed logs
* chore: updated logginh
---------
Co-authored-by: sainath <sainath@sainaths-MacBook-Pro.local>
* chore: added fields in issue_version and profile tables and created a new sticky table
* chore: removed point in issue version
* chore: add imports in init
---------
Co-authored-by: sainath <sainath@sainaths-MacBook-Pro.local>
* chore: Add logger as a package
* chore: Add logger package for node server side apps
* remove plane logger import in web
* resolve pr reviews and add client logger with readme update
* fix: transformation and added middleware for logging requests
* chore: update readme
* fix: env configurable max file size
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* feat: add navigation dropdown component
* chore: enhance title/ description loader and componenet modularity
* chore: issue store filter update
* chore: added few icons to ui package
* chore: improvements for tabs componenet
* chore: enhance sidebar modularity
* chore: update issue and router store to add support for additional issue layouts
* chore: enhanced cycle componenets modularity
* feat: added project grouping header for cycles list
* chore: enhanced project dropdown componenet by adding multiple selection functionality
* chore: enhanced rich text editor modularity by taking members ids as props for mentions
* chore: added functionality to filter disabled layouts in issue-layout dropdown
* chore: added support to pass project ids as props in project card list
* feat: multi select project modal
* chore: seperate out project componenet for reusability
* chore: command pallete store improvements
* fix: build errors
* fix: refactoring
* fix: site ssr implementation
* chore: fixed auto reload on file change in sites
* chore: updated constant imports and globalised powerBy component
* chore: resolved lint and updated the env
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* fix: add lock unlock archive restore realtime sync
* fix: show only after editor loads
* fix: added strong types
* fix: live events fixed
* fix: remove unused vars and logs
* fix: converted objects to enum
* fix: error handling and removing the events in read only mode
* fix: added check to only update if the image aspect ratio is not present already
* fix: imports
* fix: props order
* revert: no need of these changes anymore
* fix: updated type names
* fix: order of things
* fix: fixed types and renamed variables
* fix: better typing for the real time updates
* fix: trying multiplexing our socket connection
* fix: multiplexing socket connection in read only editor as well
* fix: remove single socket logic
* fix: fixing the cleanup deps for the provider and localprovider
* fix: add a better data structure for managing events
* chore: refactored realtime events into hooks
* feat: fetch page meta while focusing tabs
* fix: cycling through items on slash command item in down arrow
* fix: better naming convention for realtime events
* fix: simplified localprovider initialization and cleaning
* fix: types from ui
* fix: abstracted away from exposing the provider directly
* fix: coderabbit suggestions
* regression: pass user in dependency array
* fix: removed page action api calls by the other users the document is synced with
* chore: removed unused imports
* chore: local storage helper hook added to package
* chore: tabs global component added
* chore: collapsible button improvement
* chore: linear progress indicator improvement
* chore: fill icon set added to package
* fix timeline scroll to the right in some cases
(cherry picked from commit 17043a6c7f)
* add get position based on Date
(cherry picked from commit 2fbe22d689)
* Add sticky block name to enable it to be read throughout the block regardless of scroll position
(cherry picked from commit 447af2e05a)
* Enable blocks to have a single date on the block charts
(cherry picked from commit cb055d566b)
* revert back date-range changes
* change gradient of half blocks on Timeline
* Add instance Id for Timeline Sidebar dragging to avoid enabling dropping of other drag instances
* fix timeline scrolling height
* fix estimates sorting in Front end side
* change estimate sorting keys
* - Fix estimate sorting when local db is enabled
- Fix a bug with with sorting on special fields on spreadsheet layout
- Cleanup logging
* Add logic for order by based on layout for special cases of no load
---------
Co-authored-by: Satish Gandham <satish.iitg@gmail.com>
* Add fallback when db initialization fails
* add checks for instance.exec
* chore: convert issue boolean fields to actual boolean value.
* change instance exec code
* sync issue to local db when inbox issue is accepted and draft issue is moved to project
* chore: added project and workspace keys
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix relation creation and removal for Issue relations
* fix Scrolling to block when the block is beyond current chart's limits
* fix dark mode for timeline layout
* use a hook to get the current relations available in the environment, instead of directly importing it
* Update relation activity for all the relations
* - Fix transaction within transaction issue
- Close DB handles on reload
- Fix GET_ISSUES tracking
* Cleanup stray code
* Fix lint error
* Possible fix for NoModificationAllowedError
* chore: updated live server auth cookies handling
* chore: update token parsing logic
* fix: types and better logical seperation between the existing two tokens
* fix: better fallback to use request headers for cookies
---------
Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com>
* improve auto scroller logic
* fix drag indicator visibility on for blocks
* modify timeline store logic and improve timeline scrolling logic
* fix width of block while dragging with left handle
* fix block arrow direction while block is out of viewport
* fix layout switching when filter is not yet completely fetched
* add layout in issue filter params
* Handle cases when DB intilization failed
* chore: permission layer and updated issues v1 query from workspace to project level
* - Switch to using wa-sqlite instead of sqlite-wasm
* Code cleanup and fix indexes
* Add missing files
* - Import only required functions from sentry
- Wait till all the tables are created
* Skip workspace sync if one is already in progress.
* Sync workspace without using transaction
* Minor cleanup
* Close DB connection before deleting files
Fix clear OPFS on safari
* Fix type issue
* Improve issue insert performance
* Refactor workspace sync
* Close the DB connection while switching workspaces
* Update web/core/local-db/worker/db.ts
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Worker cleanup and error handling
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update web/core/local-db/worker/db.ts
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update web/core/local-db/storage.sqlite.ts
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Update web/core/local-db/worker/db.ts
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Code cleanup
* Set default order by to created at and descending
* Wait for transactions to complete.
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
Co-authored-by: gurusainath <gurusainath007@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* regression: image aspect ratio fix
* fix: name of variables changed for clarity
* fix: restore only on error
* fix: restore image by handling it inside the image component
* fix: image restoration fixed and aspect ratio added to old images to stop updates on load
* fix: added back restoring logic for public images
* fix: add conditions
* fix: image attributes types
* fix: return for old images
* fix: remove passive false
* fix: eslint fixes
* fix: stopping infinite loading scenarios while restoring from error
* [WEB-2577] improvement: use common create/update issue modal for accepting intake issues for consistency
* fix: lint errors.
* chore: minor UX copy fix.
* chore: minor indentation fix.
* fix: module date validation while generating the chart distribution
* chore: indentation fix
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: drag handle scrolling fixed
* fix: closest scrollable parent found and scrolled
* fix: removed overflow auto from framerenderer
* fix: make dragging dynamic and smoother
* feat: add text color and highlight options to pages
* style: rich text editor floating toolbar
* chore: remove unused function
* refactor: slash command components
* chore: move default text and background options to the top
* fix: sections filtering logic
* fix: drag handle scrolling fixed
* fix: closest scrollable parent found and scrolled
* fix: removed overflow auto from framerenderer
* fix: make dragging dynamic and smoother
* fix: image deletion on submit fixed in comments
* fix: cleareditor added to read only editor
* fix: image component double drop fixed
* feat: multiple image selection and uploading
* fix: click event on read only instance
* fix: made things async
* fix: prevented default behaviour
* fix: removed extra dep and cleaned up logic
* fix kanban view localStorage
* add functionality for list view and add type for kanban function
* add comment in issue-filter-helper store
* improved code quality
* add comment for clarity
* use better variable names
* use useCallback hook and change variable name
* made suggested changes
* - Handle single quotes in load workspace queries
- Add IS null where condition in query utils
* Fix description_html being lost
* Change secondary order to sequence_id
* Fix update persistence layer
* Add instrumentation
* - Fallback to server incase of any error
* fix: added aspect ratio to resizing
* fix: image loading
* fix: image uploading and adding only necessary keys to listen to
* fix: image aspect ratio maintainance done
* fix: loading of images with uploads
* fix: custom image extension loading fixed
* fix: refactored all the upload logic
* fix: focus detection for editor fixed
* fix: drop images and inserting images cleaned up
* fix: cursor focus after image node insertion and multi drop/paste range error fix
* fix: image types fixed
* fix: remove old images' upload code and cleaning up the code
* fix: imports
* fix: this reference in the plugin
* fix: added file validation
* fix: added error handling while reading files
* fix: prevent old data to be updated in updateAttributes
* fix: props types for node and image block
* fix: remove unnecessary dependency
* fix: seperated display message logic from ui
* chore: added comments to better explain the loading states
* fix: added getPos to deps
* fix: remove click event on failed to load state
* fix: css for error and selected state
* [WEB-2568] chore: minor improvements related to issue identifier and issue modal.
* fix: error handling for session recorder script.
* chore: minor improvement
* - Handle single quotes in load workspace queries
- Add IS null where condition in query utils
* Fix description_html being lost
* Change secondary order to sequence_id
* Fix update persistence layer
* Fix issue types filter
Fix none filter
* add local cache toggle in help section
* remove toggle from user settings
* Reset storage class on disabling local
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
* - Handle single quotes in load workspace queries
- Add IS null where condition in query utils
* Fix description_html being lost
* Change secondary order to sequence_id
* Fix update persistence layer
* Fix sync of local updates
* Escape single quotes!!
* Fix last updated time query
* Move console.logs out
* Fix issue title not rendering line breaks when disabled
* Add a todo
* Fix build errors
* Disable local
* use common getIssues from issue service instead of multiple different services for modules and cycles
* Use SQLite to store issues locally and load issues from it.
* Fix incorrect total count and filtering on assignees.
* enable parallel API calls
* use common getIssues from issue service instead of multiple different services for modules and cycles
* Use SQLite to store issues locally and load issues from it.
* Fix incorrect total count and filtering on assignees.
* enable parallel API calls
* chore: deleted issue list
* - Handle local mutations
- Implement getting the updates
- Use SWR to update/sync data
* Wait for sync to complete in get issues
* Fix build errors
* Fix build issue
* - Sync updates to local-db
- Fallback to server when the local data is loading
- Wait when the updates are being fetched
* Add issues in batches
* Disable skeleton loaders for first 10 issues
* Load issues in bulk
* working version of sql lite with grouped issues
* Use window queries for group by
* - Fix sort by date fields
- Fix the total count
* - Fix grouping by created by
- Fix order by and limit
* fix pagination
* Fix sorting on issue priority
* - Add secondary sort order
- Fix group by priority
* chore: added timestamp filter for deleted issues
* - Extract local DB into its own class
- Implement sorting by label names
* Implement subgroup by
* sub group by changes
* Refactor query constructor
* Insert or update issues instead of directly adding them.
* Segregated queries. Not working though!!
* - Get filtered issues and then group them.
- Cleanup code.
- Implement order by labels.
* Fix build issues
* Remove debuggers
* remove loaders while changing sorting or applying filters
* fix loader while clearing all filters
* Fix issue with project being synced twice
* Improve project sync
* Optimize the queries
* Make create dummy data more realistic
* dev: added total pages in the global paginator
* chore: updated total_paged count
* chore: added state_group in the issues pagination
* chore: removed deleted_at from the issue pagination payload
* chore: replaced state_group with state__group
* Integrate new getIssues API, and fix sync issues bug.
* Fix issue with SWR running twice in workspace wrapper
* Fix DB initialization called when opening project for the first time.
* Add all the tables required for sorting
* Exclude description from getIssues
* Add getIssue function.
* Add only selected fields to get query.
* Fix the count query
* Minor query optimization when no joins are required.
* fetch issue description from local db
* clear local db on signout
* Correct dummy data creation
* Fix sort by assignee
* sync to local changes
* chore: added archived issues in the deleted endpoint
* Sync deletes to local db.
* - Add missing indexes for tables used in sorting in spreadsheet layout.
- Add options table
* Make fallback optional in getOption
* Kanban column virtualization
* persist project sync readiness to sqlite and use that as the source of truth for the project issues to be ready
* fix build errors
* Fix calendar view
* fetch slimed down version of modules in project wrapper
* fetch toned down modules and then fetch complete modules
* Fix multi value order by in spread sheet layout
* Fix sort by
* Fix the query when ordering by multi field names
* Remove unused import
* Fix sort by multi value fields
* Format queries and fix order by
* fix order by for multi issue
* fix loaders for spreadsheet
* Fallback to manual order whn moving away from spreadsheet layout
* fix minor bug
* Move fix for order_by when switching from spreadsheet layout to translateQueryParams
* fix default rendering of kanban groups
* Fix none priority being saved as null
* Remove debugger statement
* Fix issue load
* chore: updated isue paginated query from to
* Fix sub issues and start and target date filters
* Fix active and backlog filter
* Add default order by
* Update the Query param to match with backend.
* local sqlite db versioning
* When window is hidden, do not perform any db versioning
* fix error handling and fall back to server when database errors out
* Add ability to disable local db cache
* remove db version check from getIssues function
* change db version to number and remove workspaceInitPromise in storage.sqlite
* - Sync the entire workspace in the background
- Add get sub issue method with distribution
* Make changes to get issues for sync to match backend.
* chore: handled workspace and project in v2 paginted issues
* disable issue description and title until fetched from server
* sync issues post bulk operations
* fix server error
* fix front end build
* Remove full workspace sync
* - Remove the toast message on sync.
- Update the disable local message.
* Add Hardcoded constant to disable the local db caching
* fix lint errors
* Fix order by in grouping
* update yarn lock
* fix build
* fix plane-web imports
* address review comments
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: gurusainath <gurusainath007@gmail.com>
* use common getIssues from issue service instead of multiple different services for modules and cycles
* add group by to server constants
* change issue detail's overview's is loading logic to the loader from the store
* add extra method in local storage
* Kanban render 10 issues by default per column
* fix height in group virtualization
* remove debounced code for Kanban fetching more issues per column
* fix lint errors
* Updated control block to cover the whole element
* Updated the control link to cover the whole issues and relation blocks
* updated word wrap in notifications
* Reverted break words as its a different issue.
* fixed only for spreadsheet
* change package for global change
* made global and ad hoc changes
* fix border and z-index for intake and notifications header
* chore: add fallback for the live server
* fix: update provider document after patch request
* chore: make the health check call only on connection fail
* chore: update debounce interval
* refactor: remove useSwr call for healtch check
* fix: pages fallback init
* make front end changes for priority orderby reversal
* chore: handled priority ordering in issues pagination
---------
Co-authored-by: gurusainath <gurusainath007@gmail.com>
* fix: image resize fixed for initial render
* fix: working image resize with mousemove handler only inside the editor
* fix: unnecessary calc
* fix: setting state to true
* changes for list and kanban
* passing values for list and kanban
* spreadsheet changes
* fix use different props for different stylings
* fix z index
* added functionality to list and grid
* fixed logic for archived module
* fixed logic for list view
* improved logic and fixed linting issues
* improved variable names
* fixed the logic
* made required css changes
* replicated same for space component
* fixed variable name
* replicated for space
* better variable name
* improved the css
* replicated for space
* fix: parse redis url to get hostname and port
* fix: redis url accepted for connection
* chore: add redis url to example env
* fix: let users add redis port and host incase redis url is not present
* chore: create url from host and port variables
* fix: return empty string incase of no config
* fix: remove 'Add Project' button from archives route and remove it from the dropdown in header
* Improved Code Logic
* Fixed Clear All Button and UI Fixes
* chore: project page version
* feat: page version history implemented
* chore: hide save button when version history overlay is active
* refactor: updated navigation logic
* chore: added error states
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: adding secret key variable in newline
adding secret key variable in newline in api server env file and setting default value for `HARD_DELETE_AFTER_DAYS`
* added newline at EOF
* chore: dashboard empty state asset updated and remove unwanted asset
* chore: workspace active cycle asset updated
* chore: onboarding pages asset updated and remove unwanted asset from web and space app
* chore: onboarding profile setup and create workspace asset updated and remove unwanted asset from web and space app
* chore: code refactor
* chore: added sequence in the states endpoint
* fix state grouping order in space app
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* chore: components restructuring and minor UI improvements.
* chore: minor UI improvements fro icons and member dropdown.
* chore: update issue identifier.
* chore: rename `Issue Extra Property` to `Issue Additional Property`
* chore: fix popovers placement issue on components with overflow.
* chore: add `scrollbar-xs`
* chore: add `xs` size for input and textarea components.
* chore: update `sortable` to return back `movedItem` in the onChange callback.
* chore: minor UI adjustments for radio-select.
* chore: update outside click delay to 1ms.
* chore: added estimates in module, cycle endpoint
* fix fetching of cycles and modules from appropriate endpoints
* chore: added archived at in the cycle detail
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
* use common getIssues from issue service instead of multiple different services for modules and cycles
* fix parent issue refresh
* Revert "use common getIssues from issue service instead of multiple different services for modules and cycles"
This reverts commit 957e981168.
* feat: removed created by and created_at as readonly fields from issue serializers
* feat: modified serializers for accepting created_by, and changed workspacememberendpoint to projectmemberendpoint
* fix: code suggestions
* chore: resolved code review
* chore: removed unused imports
* fix: passed default user if created_by is absent, and permission classes
* fix: default value for the issue creation
* dev: fix nomenclature
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: switching between intake sorting and filters are persisting same in all the project intakes
* chore: typos and commented the methods in intake store
* chore: added assignees and labels in the inbox api
* fix: intake issue cycle and module add operation
---------
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* chore: issue activity store
* chore: updated issue activity store and handled workspace settings order
* chore: added paramenter on the issue worklog component
* chore: hanlded popover close from prop
* chore: integrated time traking enabled/disabled feature on project settings and updated the pro icon as a component
* chore: Showing the toggle and disabled to make any operations on project features
* chore: default exports in constants
* chore: seperated isEnabled and isPro
* chore: updated time traking key
* chore: updated UI in project feature settings
* chore: paginated the issues in space app
* chore: storing query using filters
* chore: added filters for priority
* chore: issue view model save function
* chore: votes and reactions added in issues endpoint
* chore: added filters in the public endpoint
* chore: issue detail endpoint
* chore: added labels, modules and assignees
* refactor existing project publish in space app
* fix clear all filters in space App
* chore: removed the extra serialier
* remove optional chaining and fallback to an empty array
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: celery fix
* chore: issue relationkey and issueCrudOperation state added to issueDetail store
* chore: moved issue detail widget modal to root
* chore: code refactor
* chore: default open widget updated
* ui: updated the empty state design in workspace notifications and ui changes
* chore: updated the popover custom components
* ui: updated the badge ui on the sidrbar options
* ui: broken down the menu components
* chore: mention notification boolean field
* chore: handled mentions and all notification mutation and UI fix on the app sidebar notification badge and Back redirection button on inbox issue resposiveness
* chore: Moved everthing to chip
* chore: cleaning up the selection when we unmount the page
* chore: resolved build error
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: cycle transfer activity
* chore: external api transfer issue
* chore: moved the cycle id
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: handled tapping on a notification in Notifications from mobile in inbox issue and issue peekoverview component
* fix: code cleanup
* fix: code cleanup on workspace notification store
* fix: updated selected notification on workspace notification store
* chore: prefetch apis
* chore: implemented cache-control
* Preload links with credentials
* chore: updated time in the cache and handled it based on cookie
* chore: make cache private
---------
Co-authored-by: gurusainath <gurusainath007@gmail.com>
* chore: updated project settings state
* chore: updated sorting on project state
* chore: updated grab handler in state item
* chore: Updated UI and added garb handler icon
* chore: handled top and bottom sequence in middle element swap
* chore: handled input state element char limit to 100
* chore: typos and code cleanup in create state
* chore: handled typos and comments wherever is required
* chore: handled sorting logic
* chore: workspace notification sorting when we refresh the notifications on workspace notifications
* chore: replaced sorting with ISO to EPOCH
* chore: converted obj to array
* ui: updatedm UI notificaton tooltip on header and app sidebar
* fix: reverted notification sorting
* fix: renamed function name updateIssue with issueUpdate in issue base helper file
* chore: handled project id on the issue creation modal toast when the issue creation is happening on the home page
* chore: updated issue modal condition
* chore: added a boolean field in notification list
* chore: notification filters changed
* chore: handled inbox notification and typo on the card items
* chore: handled notification count increment and decrement
* chore: typos and ui updates
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* fix: drag drop issues with h4,h5,h6,images and drag handle position in tables solved
* fix: drag drop fixed for task lists
* fix: drag drop fixed for task lists
* fix: drag drop task list items
* [WEB-1691] chore: refactor finsh onboarding logic to avoid multiple redirections.
* fix: infinite redirection on visiting onboarding page when the user is not authenticated.
* chore: update intercepter redirect logic.
* feat: pages editor sync logic solidified
* chore: added validation for archive and lock in a page
* feat: pages editor sync logic solidified
* fix: updated the auto save hook to run every 10s instead of 10s after the user stops typing!!
* chore: custom status code for pages
* fix: forceSync in case of auto save
* fix: modifying a locked and archived page shows a toast for now!
* fix: build errors and better error messages
* chore: page root moved
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* chore: logo picker removed from page and view list page
* chore: admin sidebar improvement
* chore: minor improvement in app sidebar help section.
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* chore: moved the estimate store from core to ce and ee
* chore: moved the estimate service from core to ce and ee
* chore: updated constructors from private to public in estimate store
* chore: exported estimate service
* chore: mutating issue estimation_point when we delete the eatimate point from the project
* chore: updated try catch
* chore: updated removed issues length check on estimate delete
* [WEB-1624] chore: add option to un-snooze inbox issue.
* [WEB-1605] fix: inbox issues snooze till date consistency.
* chore: update snooze/ un-snooze logic for issues for which snoozed till date is passed.
* fix: validating and showing proper alert estimate point has to be taken greater than 0 in create and update
* fix: updating the number point validation
* dev: fix project not found error
* [WEB-1608] chore: fix no projects found logic.
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* docs: update self-host guide link in README (#4704)
found via:
- https://github.com/makeplane/docs/issues/48
- https://github.com/makeplane/plane/pull/3109
* feat(configure_instance): add check for mandatory variables before starting
* fix(configure_instance): use correct variable and improve the exception
* fix(configure_instance): remove trailling spaces
* fix(configure_instance): check the mandatory value from exported env only
* fix(configure_instance): remove useless import
* fix(configure_command): improve the way error is raising
---------
Co-authored-by: jon ⚝ <jon@allmende.io>
* feat: creating new app dir structure for web app
* fix: moving few pages to app dir
* fix: adding profile settings layout
* fix: errors on app dir.
* chore: remove pages routes.
* chore: add sign-in/ sign-up, invitations, onboarding pages.
* [WEB-1374] fix: clear changes made on modal close (#4555)
* [WEB-1480] fix: preserve page access when making a copy (#4568)
* [WEB-1465] fix: theme fluctuation on initial load. (#4638)
* [WEB-1445] fix: issue creation on sub groups when cycle/ module grouping is applied. (#4636)
* [WEB-1244] fix: add better image insertion and replacement logic in the editor (#4508)
* fix: add better image insertion and replacement logic
* refactor: image handling in editor
* chore: remove passing uploadKey around
* refactor: remove unused code
* fix: redundant files removed
* fix: add is editor ready to discard api to control behvaiours from our app
* fix: focus issues and image insertion position when not using slash command
* fix: import order fixed
* fix: notification mark all as read (#4643)
* chore: remove enter key extension (#4648)
* [WEB-1467] chore: run the API's required to bootstrap the application in parallel. (#4642)
* [WEB - 1482] fix: uploads when using block storages other than s3 and minio (#4647)
* fix: minio storage and redirection
* dev: disconnect web url and app base url configuration.
* fix: negate check while trying to discard (#4653)
* fix: email notification preferences (#4656)
* [WEB-1493] chore: product tour asset and app sidebar quick action hover (#4655)
* chore: product tour asset updated
* fix: app sidebar quick action hover
* fix: project state setting state name remove camel case logic (#4652)
* [WEB-1419] chore: enable module creation with dates older than today. (#4659)
* [WEB-1216] chore: increase module empty state for consistency. (#4658)
* fix: build errors
* [WEB-1235] chore: module and cycle sidebar graph improvement (#4650)
* chore: module and cycle sidebar graph improvement
* chore: code refactor
* [WEB-1424] chore: page and view logo implementation, and emoji/icon (#4662)
* [WEB-1424] chore: page and view logo implementation, and emoji/icon picker improvement (#4583)
* chore: added logo_props
* chore: logo props in cycles, views and modules
* chore: emoji icon picker types updated
* chore: info icon added to plane ui package
* chore: icon color adjust helper function added
* style: icon picker ui improvement and default color options updated
* chore: update page logo action added in store
* chore: emoji code to unicode helper function added
* chore: common logo renderer component added
* chore: app header project logo updated
* chore: project logo updated across platform
* chore: page logo picker added
* chore: control link component improvement
* chore: list item improvement
* chore: emoji picker component updated
* chore: space app and package logo prop type updated
* chore: migration
* chore: logo added to project view
* chore: page logo picker added in create modal and breadcrumbs
* chore: view logo picker added in create modal and updated breadcrumbs
* fix: build error
* chore: AIO docker images for preview deployments (#4605)
* fix: adding single docker base file
* action added
* fix action
* dockerfile.base modified
* action fix
* dockerfile
* fix: base aio dockerfile
* fix: dockerfile.base
* fix: dockerfile base
* fix: modified folder structure
* fix: action
* fix: dockerfile
* fix: dockerfile.base
* fix: supervisor file name changed
* fix: base dockerfile updated
* fix dockerfile base
* fix: base dockerfile
* fix: docker files
* fix: base dockerfile
* update base image
* modified docker aio base
* aio base modified to debian-12-slim
* fixes
* finalize the dockerfiles with volume exposure
* modified the aio build and dockerfile
* fix: codacy suggestions implemented
* fix: codacy fix
* update aio build action
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* fix: merge conflict
* chore: lucide react added to planu ui package
* chore: new emoji picker component added with lucid icon and code refactor
* chore: logo component updated
* chore: emoji picker updated for pages and views
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* fix: build error
---------
Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* refactor: drag handle component (#4663)
* refactor: checkbox ui component (#4665)
* [WEB-1325] chore: refactor inbox issue store to avoid data loss. (#4640)
* [WEB-1325] chore: refactor inbox issue store to avoid data loss.
* chore: inbox store improvement.
* chore: priority dropdown accepts undefined (#4666)
* chore: added buttonClassName prop to label dropdown (#4671)
* chore: created new constants for marketing website page links (#4670)
* chore: added a prop to render default state conditionally (#4669)
* [WEB-1501] dev: multiple select core components (#4667)
* dev: multiple select core components
* chore: added export statement
* chore: created a new constant for archivable state groups (#4668)
* chore: added primary variant to the alert modal (#4664)
* [WEB-1436] chore: pages improvement. (#4657)
* add empty state if no pages are available.
* set access to private in create page modal when the modal is open form private tab.
* [WEB-1440] chore: update cycle empty state to use project level access. (#4672)
* fix: checkbox ui component (#4675)
* fix: ai buttons overlapping issue (#4621)
* [WEB - 1500] chore: add extra fields on instance and create changelog table to store release change logs (#4673)
* chore: add extra fields on instance and create changelog table to store release change logs
* dev: rename new_version to latest_version
* [WEB - 1505] chore: alter instance id field (#4676)
* chore: instance id
* dev: update to max length
* feat: creating new app dir structure for web app
* fix: moving few pages to app dir
* feat: creating new app dir structure for web app
* fix: moving few pages to app dir
* fix: errors on app dir.
* chore: remove pages routes.
* chore: add sign-in/ sign-up, invitations, onboarding pages.
* fix: instance serializer
* fix: instance register script (#4681)
* fix: instance register script
* dev: remove api key and add latest version and current version in types
* [WEB-1492] fix: resolved issue creation error in layouts while group_by and sub_group_by filters applied in quick add (#4682)
* fix: resolved issue creation error in layouts while group_by and sub_group_by filters applied in quick add
* fix: updated braces in conditions
* fix: inbox issue store update logic. (#4683)
* chore: update package version
* [WEB-1184] feat: issue bulk operations (#4674)
* feat: issue bulk operations
* style: bulk operations action bar
* chore: remove edition separation
* style: fix overlapping of response container in AI popover. (#4684)
* [WEB-1498] style: fix comments reaction alignment. (#4686)
* [WEB-1503] chore: add `autofocus` to name field in inline create/ update state component. (#4685)
* [WEB-1312] fix: trim file name before uploading (#4661)
* fix: trim file name before uploading
* fix: check the cursor position before inserting image
* dev: add trimming for file assets
* dev: add filename validation above if
* dev: make the validation to 50 to support user uploads
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* [WEB-1481] fix: multiple API calls in inbox issues on closed issues tab. (#4691)
* fix: multiple API calls on scroll and closed issues tab.
* fix: pagination loader on initial load.
* feat: Add components required for estimates (#4690)
* Add sortable, radio and typography components
* Remove stray css classes
* Prevent drag of items from other draggable
* Minor cleanup
* Update yarn.lock
* Remove radio input component as it was build on
headless ui v2.0.0 and now we are using v1.7.0
* Fix build errors
* Update dependencies in use memo.
* [WEB-1521] chore: add configuration to enable/disable sign-ups. (#4697)
* fix: regenerating lock file
* fix: docker image build errors
* fix: remove `setupInterceptors` to avoid circular dependency.
* chore: migrate all `accounts` related routes.
* chore: migrate all `profiles` related routes.
* chore: workspace invitation and onboarding migration / fixes.
* chore: installation provider migrations.
* regression: focus changing issue with the peek overview editor (#4700)
* [WEB-1459] chore: save users all / favorite project list collapse state into localstorage. (#4701)
* [WEB-1501] chore: update selected entity details on entities list change (#4702)
* chore: update selected entity detials on entities list change
* chore: addd selectionHelpers as a prop
* [WEB-1517] chore: remove drag handle from list drag block (#4698)
* remove drag handle from list drag block
* align list group header with list item
* rearrange chevron for list subissues and rearrange spaces
* adding default draggable property to control link
* remove unnecessary dependencies for useEffect
* fix: email validation (#4707)
* fix: email validation on complete login or sign up functionality
* dev: add try catch block
* dev: split up code
* dev: empty return
* fix: cache invalidation on new members invite (#4699)
* fix: build test pull request running on non draft PRs (#4708)
* fix: cache invalidation on new members invite (#4699)
* fix: add version max length (#4713)
* chore: migrations for `routing` hooks.
* [WEB-1533] chore: fix alignment issues in List and Spreadsheet view (#4714)
* fix alignment issues in List and Spreadsheet view
* fix spreadsheet indentation
* chore: migration for workspace dashboard/ views/ analytics/ settings and active-cycles.
* chore: handle undefined identifier case
* fix: Overflowing loader in issue edit modal (#4720)
* [WEB-1529] chore: workspace sidebar updates. (#4710)
* fix: temporary fix exiting lines with slashes (#4725)
* [WEB-1537] fix: inline code block size fixed for headers, etc (#4709)
* fix: inline code block size fixed for headers, etc
* feat: persisting focus accurately post converting the code block into text
* fix: typo in error handling
* [WEB-1526] feat: add auto merge behaviour to task lists and fix infinite backspace case (#4703)
* feat: add auto merge behaviour to task lists
* fix: unhandled cases for taskItem and taskList
* fix: css task list such that toggling task list doesn't shift things
* fix: task list jumps around while trying create/delete things in between two task lists
* fix: remove filtering for generic transactions i.e. transactions with some meta data while tying to join things
* chore: migration for profile activity along with headers refactor.
* [WEB-1201] dev: dropdowns (#4721)
* chore: lodash package added
* chore: dropdown key down hook added
* dev: dropdown component
* chore: build error and code refactor
* chore: readme file updated
* chore: added disabled prop to multiple select components (#4724)
* chore: added disabled prop to mutliple select group hoc
* style: fix empty space
* fix: don't add as a sub-issue if parent has been removed (#4731)
* fix: member list item custom menu placement (#4729)
* [WEB-1535] chore: project logo picker improvement (#4718)
* chore: emoji icon picker improvement
* chore: emoji icon picker improvement
* fix: resolved border flicker on issue title (#4727)
* chore: profile activity empty state added (#4732)
* [WEB-1481] fix: inbox issue list update after changing issue status. (#4715)
* style: fix ux copy style on project feature preview page. (#4734)
* chore: remove clear seleciton logic on escape key press (#4735)
* chore: migrations for projects and project issues.
* chore: issue and properties filter dropdown improvement (#4733)
* save all filters and properties for views (#4728)
* chore: migrations for issue details route.
* chore: migration for cycle routes.
* chore: migration for module routes.
* chore: migrations for project views routes.
* chore: migrations for project pages routes.
* chore: migration for project inbox routes.
* chore: migration for project settings routes.
* chore: migrations for draft issues routes.
* chore: migrations for project archives routes.
* chore: remove unused headers.
* temp: comment out auth constant and use-reload-confirmation code to avoid errors.
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
Co-authored-by: rahulramesha <71900764+rahulramesha@users.noreply.github.com>
Co-authored-by: Aaryan Khandelwal <65252264+aaryan610@users.noreply.github.com>
Co-authored-by: M. Palanikannan <73993394+Palanikannan1437@users.noreply.github.com>
Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com>
Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
Co-authored-by: guru_sainath <gurusainath007@gmail.com>
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
Co-authored-by: Satish Gandham <satish.iitg@gmail.com>
Co-authored-by: Henit Chobisa <chobisa.henit@gmail.com>
Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com>
* feat: add auto merge behaviour to task lists
* fix: unhandled cases for taskItem and taskList
* fix: css task list such that toggling task list doesn't shift things
* fix: task list jumps around while trying create/delete things in between two task lists
* fix: remove filtering for generic transactions i.e. transactions with some meta data while tying to join things
* fix: inline code block size fixed for headers, etc
* feat: persisting focus accurately post converting the code block into text
* fix: typo in error handling
* remove drag handle from list drag block
* align list group header with list item
* rearrange chevron for list subissues and rearrange spaces
* adding default draggable property to control link
* remove unnecessary dependencies for useEffect
* Add sortable, radio and typography components
* Remove stray css classes
* Prevent drag of items from other draggable
* Minor cleanup
* Update yarn.lock
* Remove radio input component as it was build on
headless ui v2.0.0 and now we are using v1.7.0
* Fix build errors
* Update dependencies in use memo.
* fix: trim file name before uploading
* fix: check the cursor position before inserting image
* dev: add trimming for file assets
* dev: add filename validation above if
* dev: make the validation to 50 to support user uploads
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* fix: add better image insertion and replacement logic
* refactor: image handling in editor
* chore: remove passing uploadKey around
* refactor: remove unused code
* fix: redundant files removed
* fix: add is editor ready to discard api to control behvaiours from our app
* fix: focus issues and image insertion position when not using slash command
* fix: import order fixed
* chore: pages realtime
* chore: empty binary response
* chore: added a ypy package
* feat: pages collaboration
* chore: update fetching logic
* chore: degrade ypy version
* chore: replace useEffect fetch logic with useSWR
* chore: move all the update logic to the page store
* refactor: remove react-hook-form
* chore: save description_html as well
* chore: migrate old data logic
* fix: added description_binary as field name
* fix: code cleanup
* refactor: create separate hook to handle page description
* fix: build errors
* chore: combine updates instead of using the whole document
* chore: removed ypy package
* chore: added conflict resolving logic to the client side
* chore: add a save changes button
* chore: add read-only validation
* chore: remove saving state information
* chore: added permission class
* chore: removed the migration file
* chore: corrected the model field
* chore: rename pageStore to page
* chore: update collaboration provider
* chore: add try catch to handle error
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* chore: enter key extension added to RichTextEditorWithRef editor package
* chore: enter to submit functionality added to issue and inbox issue modal description
* [WEB-1404] fix: redirection to web app and issue with telemetry checkbox in setup form.
* chore: add scrollbar in admin app.
* chore: fix `workspaces_exist` logic in instance api.
* dev: add logo prop and accounts migration
* dev: add default values for id_token
* dev: update is_active as read only field
* dev: delete all sessions when deactivating account
* dev: add issue description binary
* dev: add logo props for team
* chore: auth page logo and tab head title updated
* chore: auth page logo and tab head title updated
* chore: code refactor
* chore: space app existing user auth validation
* chore: update deactivated account alert message to show support email if available in env.
* chore: clear error_info on email check.
* chore: fix log-in / sign-up forms alignment and minor ux copy fix.
* fix: auth redirection to `/sign-in` issue.
* chore: update `back to sign in` url in forgot password screen.
* chore: removing and adding an issue to module
* chore: removed empty module validation
* modules single API call
* chore: removed the script
---------
Co-authored-by: rahulramesha <rahulramesham@gmail.com>
* fix: is in iframe validation check
* chore: remove/ disable all actionable items from deploy url in case url is embeded using Iframe.
* chore: remove copy issue link option if clipboard write access is not granted.
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* List Dnd Complete feature
* fix minor bugs in list dnd
* remove double overlay in kanban post refactor
* add missing dependencies to useEffects
* make provision to add to the last issue of the group
* show current child issues to also be disabled if the parent issue is being dragged
* fix last issue border
* fix code static analysis suggestions
* prevent context menu on drag handle
* chore: handled redirection when user is not logged in
* dev: handle url redirection in space app
* dev: remove user from redis on successful code matching
* fix: calendar dnd for due dates before issue start date
* chore: start date in calender view
* fix: add existing issues to calendar layout
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* chore: don't show context menu on mobile devices
* fix: drag and drop in mobile
* chore: default show more options in mobile
* fix: dnd in calendar layout
* chore: show `(optional)` in label of non-required fields.
* chore: fix github auth button text color.
* chore: minor ui/ ux improvement in oauth options.
* chore: New authentication workflow
* chore: resolved build erros and updated imports in auth
* chore: code optimisation for query param util
* chore: added client for auth forms
* dev: fix session token save on admin and remove session save every request
* dev: update session cookie age to environment variable
* fix: adding save every request django session
* dev: nginx configuration
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: updated issue filters in space
* chore: persisting the query params even when we switch layouts
---------
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* chore: move module sub-header to app header
* chore: gantt header improvement, remove title
* chore: progress indicator size reduced
* chore: replace members with lead and updated start and end date ui
* fix: login redirection
* dev: log the user out when deactivating the account
* dev: update redirect uris for google and github
* fix: redirection url and invitation api and add redirection to god mode in nginx
* dev: add reset password redirection
* dev: update nginx headers
* dev: fix setup sh and env example and put validation for use minio when fetching project covers
* dev: stabilize dev setup
* fix: handled redirection error in web, space, and admin apps
* fix: resovled build errors
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* chore: added created by field in inbox issue
* chore: inbox sidebar list item created by avatar added
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* update the issue's updated at date when issue is updated
* sort issue's updated and created at regardless of the date format.
* move the logic to date time helpers
* revert back the third variable in update issue
* Kanban DnD improvement
* minor fixes for kanban dnd improvement
* change scroll duration
* fix feedback on the UX
* add highlight before drop
* add toast message explain drag and drop is currently disabled
* Change warning dnd message
* add comments
* fix minor build error
* dev: context menu
* chore: handle menu position on close
* chore: project quick actions
* chore: add more options to the project context menu
* chore: cycle item context menu
* refactor: context menu folder structure
* chore: module custom context menu
* chore: view custom context menu
* chore: issues custom context menu
* chore: reorder options
* chore: issues custom context menu
* chore: render the context menu in a portal
description:Use when starting a new branch or renaming an existing one — produces a branch name in the format `<type>/<work-item-id>-<short-description>` that's compatible with the create-pr skill's work item ID extraction.
user_invocable:true
---
# Branch Naming
Create branch names that follow the convention `<type>/<work-item-id>-<short-description>`, where the work item ID can be cleanly extracted later (e.g., by the create-pr skill).
## Format
```
<type>/<work-item-id>-<short-description>
```
- All lowercase, hyphen-separated
- Work item ID stays in its original form but lowercased (e.g., `SILO-1146` → `silo-1146`)
- Short description is 2–5 words in kebab-case, focused on the _what_, not the _how_
## Workflow
1.**Determine the type** based on the work being done:
description:Use when creating a pull request for the current branch — gathers branch context, generates a PR description following the repo's pull_request_template.md, and creates the PR with a Plane work item ID prefix in the title.
user_invocable:true
---
# Create PR
Create a pull request using the repo's PR template, a Plane work item ID as the title prefix, and a fully filled-out description based on the actual diff.
## Workflow
1.**Determine the base branch**: Default to `preview` unless the user specifies otherwise.
2.**Gather context** (in parallel):
-`git status -s` — check for uncommitted changes
-`git diff <base>...HEAD --stat` — files changed
-`git log <base>...HEAD --oneline` — all commits on the branch
-`git diff <base>...HEAD --no-color` — full diff for understanding changes (if very large, focus on the most important files first)
-`git rev-parse --abbrev-ref --symbolic-full-name @{u}` — check if branch tracks a remote
- Read `.github/pull_request_template.md` from the repo root
3.**Determine work item ID**:
- Extract from branch name if it contains an identifier (e.g., `chore/silo-1146-foo` → `SILO-1146`, `feat/web-1234-x` → `WEB-1234`)
- If not found in branch name, ask the user
4.**Draft the PR** using the template from step 2:
- Type reflects the change: `fix`, `feat`, `chore`, `refactor`, `docs`, `perf`, etc.
**Body**: Fill in every section from the PR template based on the actual diff:
- **Description** — Clear, concise summary of what the PR does and why. Focus on the "what" and "why", not line-by-line changes. Mention important implementation decisions.
- **Type of Change** — Check the appropriate box(es): Bug fix, Feature, Improvement, Code refactoring, Performance improvements, Documentation update.
- **Screenshots and Media** — Leave a placeholder: `<!-- Add screenshots here -->`
- **Test Scenarios** — Suggest concrete scenarios grounded in the actual changes (e.g., "Navigate to project settings and verify the new toggle works"), not generic ones.
- **References** — Include the work item ID, any linked issues the user mentions, and any Sentry issue links/IDs (e.g., `SENTRY-ABC123` or Sentry URLs) referenced earlier in the conversation.
Append a Claude Code session line at the bottom of the body.
5.**Push and create** (in parallel where possible):
- Push branch with `-u` if no upstream is set
- Create PR via `gh pr create` using a HEREDOC for the body
6.**Return the PR URL** to the user.
## Example Title
```
[SILO-1146] fix: allow relative URLs for configuration_url and improve app tile visibility
```
## Guidelines
- Keep the description concise but informative
- Use bullet points when listing multiple changes
- Focus on user-facing impact, not implementation details
- Don't fabricate test scenarios that aren't relevant to the actual changes
## Common Mistakes
- Summarizing only the latest commit instead of all commits on the branch
- Forgetting to check for an upstream before pushing
- Using a work item ID format that doesn't match the branch convention
- Wrapping the PR body in a code fence when passing it to `gh pr create`
description:"Generate release notes for a Plane release PR in either `makeplane/plane-cloud` (date-based versioning, e.g. `release: vYY.MM.DD-N`) or `makeplane/plane-ee` (semver, e.g. `release: vX.Y.Z`). Reads PR commits, filters out noise, categorizes by conventional-commit type, optionally enriches via Plane MCP, and writes the result as the PR description in the GitHub Releases format."
user_invocable:true
---
# Release Notes Generator
Generate structured release notes from a Plane release PR by parsing its commit list, then update the PR description. Output matches the format used on `github.com/makeplane/plane/releases` (e.g. [v1.2.0](https://github.com/makeplane/plane/releases/tag/v1.2.0)). Works for both `makeplane/plane-cloud` and `makeplane/plane-ee`.
## Repo-specific versioning
Plane uses **different version schemes** across its two release repos. Detect which repo the PR belongs to and use the matching scheme when communicating about the release — the version itself does **not** appear in the release notes body (GitHub's release tag carries it).
| Repo | Version scheme | Example PR title | Source branch | Target branch |
**Do not include these IDs in the release notes.** The GitHub Releases format is end-user-facing — IDs are only useful as a lookup key for fetching context in step 4.
### 4. (Optional) Enrich via Plane MCP
For larger features where the commit headline is terse, fetch the work item to write a richer paragraph:
Use the returned `name` and `description_stripped` to flesh out the prose. Skip for routine fixes — commit body is usually enough. Don't enrich every item (slow + descriptions are often empty).
### 5. Categorize commits
Map each surviving commit into one of four sections:
| `feat:` that introduces a brand-new screen, flow, or capability | ✨ Features |
| `feat:` that improves an existing feature, plus most `refactor:` and behavioural `chore:` items that are user-visible | ⬆️ Enhancements |
| `fix:`, `fix(scope):` | 🐞 Bug fixes |
| CVE upgrades, dependency bumps that close a vulnerability, security hardening | 🛡️ Security |
**Drop entirely** (do not surface to users): pure infra `chore:`, dependabot bumps with no CVE, internal refactors with no behavioural impact, test-only changes, doc-only changes.
### 6. Format
Output follows the GitHub Releases convention — `###` for section headers, with two spaces between the emoji and the label for ✨ / ⬆️ / 🐞 (matches `v1.2.0`).
```markdown
### ✨ Features
#### **Short Feature Name in Title Case**
A 1–3 sentence paragraph describing what the user gets, why it matters, and any notable behaviour. Write in product-marketing voice, not commit-message voice.
- Optional nested bullets for sub-capabilities or callouts
- Keep them user-facing — what the user can now do
#### **Second Major Feature**
Another descriptive paragraph. Each major feature gets its own `####` subsection.
### ⬆️ Enhancements
- One-line description of an improvement to an existing capability
- Another improvement, written as a clean sentence (no commit prefix, no ticket ID)
### 🐞 Bug fixes
- Plain-English description of what was broken and is now fixed
- Another bug fix
### 🛡️ Security
- Upgraded <component> to <version> to mitigate [CVE-XXXX-NNNNN](https://link-to-advisory). Brief impact note.
- Other security-relevant change
```
Rules:
- Section headers use `###` (three hashes), then emoji + **two spaces** + label — exactly as in the published v1.2.0 release. Exception: 🛡️ Security uses a single space (matches v1.2.0).
- Features use `####` (four hashes) and the feature name is **bolded** inside the heading: `#### **Feature Name**`.
- Each feature gets a real paragraph, not a bullet — written for end users, not engineers.
- Enhancements, Bug fixes, and Security are simple bullets. No nested asterisks, no ticket IDs, no PR numbers.
- **Do not include work item IDs (`[WEB-XXXX]`) or PR numbers (`(#NNNN)`)** in any section — this format is user-facing.
- **Do not add a `# Release vX.Y.Z` heading.** The GitHub release tag carries the version; the body starts directly with the first `### ✨ Features` section.
- **Do not insert images.** The user adds screenshots manually after the notes are drafted. Leave space for them only if the user asks.
- Drop empty sections entirely.
- Blank line between section header and first bullet/feature, and between sections.
### 7. Update the PR description
```bash
gh pr edit <PR_NUM> --body "$(cat <<'EOF'
<release notes markdown>
EOF
)"
```
Always use a HEREDOC with single-quoted `'EOF'` so backticks/dollars in the notes are preserved.
# read /tmp/commits.txt, filter, categorize into the four sections, draft notes
gh pr edit $PR --body "$(cat <<'EOF'
### ✨ Features
#### **...**
...
### ⬆️ Enhancements
- ...
### 🐞 Bug fixes
- ...
### 🛡️ Security
- ...
EOF
)"
```
## Reference example
The canonical target format is [v1.2.0](https://github.com/makeplane/plane/releases/tag/v1.2.0) on `makeplane/plane`. When in doubt about heading levels, spacing, bolding, or paragraph voice, match that page exactly (minus images).
## Common Mistakes
- **Including work item IDs in bullets** — the GitHub Releases format is user-facing; `[WEB-XXXX]` belongs in internal research, not the output.
- **Adding a `# Release vX.Y.Z` heading** — GitHub's release tag is the version. The body starts with `### ✨ Features`.
- **Copy-pasting commit subjects verbatim** — rewrite into product-marketing English. "fix: peek overview reload on parent add" → "Fixed peek overview reloading on adding a parent".
- **Bulleting features instead of writing paragraphs** — major features get `#### **Name**` plus a real paragraph; only enhancements/bugs/security use bullets.
- **Including `Sync: Enterprise Changes` commits** — these are sync PRs, never user-visible.
description:Translate or update keys in packages/i18n/src/locales. Use whenever adding, changing, or reviewing strings across any target locale — enforces do-not-translate terminology, CLDR plural forms, placeholder/tag preservation, per-locale punctuation/register, and the AI-translation review workflow. Required reading before touching any *.json under src/locales.
user_invocable:true
---
<!--
`user_invocable: true` is advisory and follows the same convention as the existing
`pr-description.md` and `release-notes.md` skills in this repo. No harness behavior
in this codebase keys off the field today; it documents intent for the Claude Code
skill registry. The skill is invoked via the slash command (`/translate`) registered
in `.claude/commands/translate.md`, or by name when an agent infers relevance.
-->
# Translate (Plane i18n)
Single source of truth for turning English UI strings into every target locale under `packages/i18n/src/locales/`. Follow this skill exactly — every mistake here ships to every user in that language.
The locale list grows over time. This skill is intentionally generic: rules apply to any locale present now or added later. When you add a locale not explicitly named below, see **Adding a locale not documented here** at the bottom.
Sources distilled from: Microsoft Localization Style Guides, Mozilla L10n, Unicode CLDR plural rules, W3C i18n, Google developer style guide, Apple HIG, GitHub Primer, MQM error typology, Lokalise/Crowdin/Phrase best-practice docs, and Microsoft's AI/LLM-for-translation guidance.
**Source of truth**: `packages/i18n/src/locales/en/<namespace>.json`. Every other locale mirrors English key-for-key. The `sync-check.ts` script catches missing / stale / collision keys; it does **not** catch value-quality mistakes. That is what this skill is for.
## When to Use
- Adding a new key to any `packages/i18n/src/locales/en/*.json`
- Renaming or rewording an English value (every target is now stale)
- Adding a new language (copy from `en/`, then translate each file)
- Syncing after `pnpm --filter @plane/i18n run sync:check` reports drift
- Reviewing any PR that touches `packages/i18n/src/locales/`
Skip only for trivial English-only typo fixes that don't change meaning or length meaningfully.
## The Two Iron Rules
1.**Trademarks, brand marks, plan tier names, third-party product names, acronyms, and code tokens are never translated.** Plane's brand marks (Plane, Plane AI, Power K, PQL, Active Cycles, Sticky/Stickies, Intake), plan tiers (Pro, Business, Enterprise), third-party products (GitHub, Slack, Notion, etc.), and acronyms (API, OAuth, etc.) stay Latin in every locale.
2.**CLDR plural categories are mandatory.** Every target locale must include **every** plural keyword the language requires. Missing a form renders the wrong word at runtime and passes `sync-check` silently.
Common feature nouns — Cycle, Module, Epic, Page — **are translated** into the target language using the canonical glossary further down. They are not brand marks; they are everyday words that belong in the user's language.
The rest of this skill explains how to execute on those rules.
## Do-Not-Translate (DNT) Glossary
For each term: the source, the required rendering per script group, and **forbidden renderings** that have appeared historically and must be reverted when seen.
### Plane brand & features
| Source term | Latin locales (fr, es, it, de, pt-BR, pl, cs, sk, ro, tr-TR, vi-VN, id) | ja (katakana-default) | ko (Hangul-default) | zh-CN / zh-TW | ru | ua | **Forbidden** (never produce) |
| **Plane AI** (formerly PI Chat) | Plane AI | Plane AI | Plane AI | Plane AI | Plane AI | Plane AI | Чат ИИ, AI 聊天, AIチャット, AI 채팅, Chat IA, AI Çet, PI Chat (legacy) |
| **Power K** | Power K | Power K | Power K | Power K | Power K | Power K | Command K, Command Palette, コマンドパレット, 命令面板, Палитра команд |
| **PQL** | PQL | PQL | PQL | PQL | PQL | PQL | any expansion of the acronym into the target language |
| **Active Cycles** (workspace view) | Active Cycles | Active Cycles | Active Cycles | Active Cycles | Active Cycles | Active Cycles | Translate as a unit; never split into generic "active" + localized "cycles" |
### Plane feature noun translation glossary (translate, do not preserve)
These are common nouns. **Translate them into the target language** using the canonical form below. This follows Microsoft, Apple, and Mozilla style guides for product-UI translation: feature common nouns belong in the user's language; only trademarks, brand marks, and acronyms stay Latin. Leaving these in Latin in non-Latin locales reads as half-translated and is a measurable quality defect.
Use the table verbatim — never coin new variants; never leave the Latin form in the locale value.
| Source | zh-CN | zh-TW | ja | ko | ru | ua | de | fr | es | it | pt-BR | pl | cs | sk | ro | tr-TR | vi-VN | id |
| **Pages** | 页面 | 頁面 | ページ | 페이지 | Страницы | Сторінки | Seiten | Pages | Páginas | Pagine | Páginas | Strony | Stránky | Stránky | Pagini | Sayfalar | Trang | Halaman |
Notes:
- Single-form locales (zh-CN, zh-TW, ja, ko, vi-VN, id) use the same form for singular and plural — the column repeats by design.
- Slavic locales (ru, ua, pl, cs, sk) show **nominative singular** and **nominative plural**. Inside ICU `{count, plural, ...}` blocks, use the case-correct form per CLDR keyword (see the Slavic case-form table further down).
- Some Latin locales (fr, vi-VN, id) have forms identical to English (`Cycle`, `Module`, `Page`) — that's the natural cognate, not a Latin-preservation rule.
- **Epic / Epics**: stays Latin in most Latin locales because there's no clean cognate (Spanish `épico` is for poetry/film; same for it/pt-BR/de/fr). Slavic locales use phonetic transliteration that's standard in their software industry (Эпик, Епік, Epik). CJK locales use the literal/transliterated form (史诗, エピック, 에픽).
- **Generic uses translate normally and don't follow this glossary:** `next page` (paginator), `the page` (browser refresh), `status page`, `web page`, `life cycle`, `release cycle`, `rate-limit cycle`, `cycle of releases` — these are not the Plane Cycle/Page feature; translate them as ordinary words in the surrounding prose.
- When editing an existing file, migrate occurrences you are already touching. Do not bulk-rewrite unrelated strings in the same PR — land a separate sweep PR with the `chore(i18n):` prefix.
#### Slavic case forms inside ICU plural blocks
When a Slavic plural block counts a Plane feature noun, use these forms:
| Locale | Term | one (nom.sg.) | few | many | other |
- **HTML & JSX tags**: `<b>…</b>`, `<a href="…">…</a>`, `<br/>`, `<code>…</code>` — preserve attributes and nesting; translate only the visible text between tags.
- **i18next `Trans` numbered fragments**: `<0>…</0>`, `<1>…</1>` — preserve the numbers exactly; only translate the wrapped text. Never renumber.
- **Markdown**: `**bold**`, `*italic*`, `` `code` ``, `[text](url)` — keep the syntax; translate only human-readable prose.
- **Escape sequences**: `\n` (newline), `\t`, `\"`, `\\` — preserve at the same positions.
- **Keyboard keys & modifiers**: `Ctrl`, `Cmd`, `Shift`, `Alt`, `Option`, `Enter`, `Return`, `Esc`, `Tab`, `Space`, `Backspace`, arrow glyphs (`↑↓←→`), and OS glyphs (`⌘⌥⌃⇧`) — preserve exactly as shown on the physical key.
Apply by target-language script, not by locale list. Adding a new Latin-script locale? It follows the Latin-script rules below. Adding a new Cyrillic locale? It follows the Cyrillic section. Scripts not yet shown here (Arabic, Hebrew, Thai, Greek, Hindi/Devanagari, etc.) — see **Adding a locale not documented here**.
### Latin-script locales
Currently includes fr, es, it, de, pt-BR, pl, cs, sk, ro, tr-TR, vi-VN, id — and any future locale that uses the Latin alphabet (hu, nl, sv, da, nb, fi, hr, bg-using-Latin variants, etc.).
**Translate Plane feature nouns** (Cycle, Cycles, Module, Modules, Epic, Epics, Page, Pages) using the per-locale form from the glossary above. **Keep Latin** for Plane brand marks (Plane, Plane AI, Power K, PQL, Active Cycles, Sticky, Stickies, Intake), plan tier names (Pro, Business, Enterprise), and third-party brands (GitHub, Slack, etc.).
```
✅ "Créer un Cycle" (fr — natural cognate from glossary, identical to English)
✅ "Crear un nuevo Ciclo" (es — natural Spanish cognate from glossary)
✅ "Archiviare questo Modulo" (it — natural Italian cognate from glossary)
✅ "Nueva Epic" (es — Epic has no clean cognate; stays Latin per glossary)
✅ "Archivieren Sie diesen Zyklus" (de — natural German form from glossary)
✅ "Buat Siklus baru" (id — natural Indonesian form from glossary)
✅ "Buat Sticky baru" (id — Sticky is a Plane brand mark, stays Latin)
✅ "Wechseln Sie zum Pro-Plan" (de — Pro is a plan tier name, stays Latin)
❌ "Créer un Cycle" WRONG when the locale should be `Zyklus` (de). Always use the glossary form.
❌ "Archivieren Sie diesen Cycle" (de — feature noun was left in Latin; use Zyklus per glossary)
❌ "Créer un Cercle" (fr — invented translation; use the glossary form)
❌ "Nueva Saga" (es — translated "Epic" with the wrong cognate)
❌ "Buat Catatan Tempel" (id — translated "Sticky" which is a brand mark; keep Latin)
```
Generic uses translate normally and do not follow the glossary: a paginator's `next page` is `nächste Seite` / `página siguiente` (generic noun, not the Plane Pages feature). The glossary applies only when EN refers to the Plane product feature.
### Japanese (ja) — natural Japanese rendering
**Plane feature nouns** (Cycle, Module, Epic, Page) use the natural Japanese form per the glossary above (サイクル, モジュール, エピック, ページ — katakana for foreign-origin nouns; native Japanese where one applies, like 付箋 for an Apple/Microsoft-style "sticky note"). **Brand marks** stay in Latin: Plane, Plane AI, Power K, PQL, Active Cycles, Sticky, Stickies, Intake, GitHub, Slack, Pro/Business/Enterprise.
For new katakana coinages and existing translations, the long-vowel mark `ー` is added for words ending in `-er`, `-or`, `-ar`, `-y` in English. This is the Microsoft Japanese style-guide convention and the current industry default:
- user → **ユーザー** (not ユーザ)
- server → **サーバー** (not サーバ)
- editor → **エディター** (not エディタ)
- property → **プロパティー** (_kept as_ プロパティ where the existing codebase already does — match the surrounding file's convention)
Tone: polite form です・ます. Never plain form だ・である. Avoid over-formal 尊敬語・謙譲語 for SaaS product copy — it reads stilted.
Quotation marks: 「」 for primary quotes, 『』 for nested or for titles of works. Full-width punctuation: 。、()・!?.
### Korean (ko) — Hangul rendering
**Plane feature nouns** (Cycle, Module, Epic, Page) use the natural Korean form per the glossary above (사이클, 모듈, 에픽, 페이지 — Hangul transliteration where the term is product-coined; native Korean word where one applies). **Brand marks** stay in Latin: Plane, Plane AI, Power K, PQL, Active Cycles, Sticky, Stickies, Intake, GitHub, Slack, Pro/Business/Enterprise.
For new terms not on the glossary: prefer the native Korean word where one exists (`설정` for Settings); use Hangul phonetic transliteration for product-coined nouns with no native equivalent. Do not coerce a phonetic loanword when a natural Korean word exists — `버킷` for "Bucket" reads as a foreign trademark, `장바구니` reads as a Korean noun.
**Korean particle agreement**: when introducing a consonant-ending noun (사이클, 에픽, 모듈), follow with the consonant-form particle (을/은/이/과), not the vowel-form (를/는/가/와). `사이클을 추가` not `사이클를 추가`.
Register:
- **System and error messages** → 합니다체 (high-formal: 합니다, 됩니다, 입니다). Existing files in this register today: `ko/auth.json`, `ko/error/*.json`.
- **Empty states, onboarding microcopy, tooltips** → 해요체 acceptable (softer: 해요, 돼요, 이에요) if the existing file uses it. Existing files in this register today: `ko/empty-state.json`, `ko/tour.json`. Always match the surrounding file rather than introducing a new register mid-namespace.
- Never casual 반말.
Punctuation: Western punctuation (`. , ? !`); straight quotes `"…"` and `'…'`.
### Simplified Chinese (zh-CN) and Traditional Chinese (zh-TW) — translate feature nouns
**Plane feature nouns** (Cycle, Module, Epic, Page) translate to natural Chinese per the glossary above (zh-CN: 周期, 模块, 史诗, 页面 — zh-TW: 週期, 模組, 史詩, 頁面). This is what Microsoft's zh-CN style guide and every mainstream zh-localized SaaS product (Notion, Slack, Atlassian) does for common feature nouns.
**Brand marks stay Latin**: Plane, Plane AI, Power K, PQL, Active Cycles, Sticky, Stickies, Intake, GitHub, Slack, Pro/Business/Enterprise — these are trademark-style terms.
**Insert a half-width space on each side of embedded Latin tokens** — this is Microsoft's zh-CN guideline and required for legibility. **Exception**: no space between a Latin token and adjacent full-width punctuation (`。,;:?!`); the punctuation already supplies visual breathing room.
✅ "创建周期" (zh-CN feature noun translated; no Latin = no spaces)
✅ "归档此史诗" (Plane Epic → 史诗 per glossary)
✅ "添加 Sticky" (Sticky is a brand mark → Latin + half-width space)
✅ "升级到 Pro" (Pro is a plan tier → Latin)
✅ "登录 GitHub。" (no space between Latin token and full-width period)
❌ "使用GitHub登录" (Latin brand without surrounding half-width space)
❌ "创建 Cycle" (feature noun left in Latin — should be 周期)
❌ "创建Cycle" (feature noun in Latin AND missing space)
❌ "登录 GitHub 。" (stray space before full-width period)
❌ "创建赛克" (invented transliteration of Cycle — use the glossary's 周期)
```
Punctuation is **full-width**: 。,?!;:. Quotes:
- zh-CN: `"…"` (primary) and `'…'` (nested)
- zh-TW: `「…」` (primary) and `『…』` (nested)
- Work titles (book/movie/app/article names): `《…》`
Variant discipline: zh-CN ≠ zh-TW. They differ in script (简体 vs 繁體) **and** vocabulary (视频 vs 影片; 软件 vs 軟體; 网络 vs 網路). Never mass-copy between the two directories.
Register: 您 (formal polite) in Plane UI — the product is B2B/SaaS. Reserve 你 for consumer/youth contexts (not applicable here).
### Cyrillic locales
Currently includes ru, ua — and any future Cyrillic locale (bg-BG, sr-Cyrl, mk, be, kk-Cyrl, etc.).
**Plane feature nouns** (Cycle, Module, Epic, Page) use the natural Cyrillic form per the glossary above (Цикл/Циклы, Модуль/Модули, Эпик/Эпики, Страница/Страницы in ru — Цикл/Цикли, Модуль/Модулі, Епік/Епіки, Сторінка/Сторінки in ua). **Brand marks** stay in Latin: Plane, Plane AI, Power K, PQL, Active Cycles, Sticky, Stickies, Intake, GitHub, Slack, Pro/Business/Enterprise.
For new terms not on the glossary: prefer the native Cyrillic word where one exists; use phonetic transliteration only when no native word applies (`Бакет` is wrong for "Bucket" — use `Корзина`/`Кошик`).
**Slavic case forms inside `{count, plural, ...}` blocks** are case-correct per CLDR keyword (one=nom.sg., few=gen.sg., many=gen.pl., other=gen.sg.). See the case-form table in the glossary section.
Register:
- **ru**: formal **Вы** (capitalized) when addressing a **single user directly** in respectful/formal contexts (onboarding, settings, confirmation dialogs); lowercase **вы** for plural/general references ("все вы"). Default to capitalized Вы in tooltips/dialogs and lowercase вы in descriptive copy.
- **ua**: modern Ukrainian software convention is lowercase **ви** by default; capitalized **Ви** is reserved for very formal direct address. This is the opposite convention from Russian — do not copy-paste Russian capitalization rules into Ukrainian files.
Punctuation: primary quotes `«…»`, nested `„…"`.
**Plural forms — critical**: both ru and ua require `one / few / many / other`. See CLDR section below.
## CLDR Plural Rules
Every `{count, plural, …}` string must contain **every** keyword the target language's CLDR rule requires. `other` is always required, even in single-form languages.
**Canonical source**: Unicode CLDR Language Plural Rules chart — the definitive, versioned list of required categories for every language. Always verify against the current CLDR chart when adding a locale, since rules occasionally shift across CLDR releases. Libraries like `Intl.PluralRules` can resolve the rule at runtime.
Below are the required keywords for locales currently in the repo. When adding a new locale, look up its categories in CLDR and add the row here.
| ua | `one, few, many, other` | same pattern as ru |
| ar (when added) | `zero, one, two, few, many, other` | Six categories — the maximum any language uses |
> **Note on the consolidated row.** CLDR itself only requires `other` for `tr-TR`, `vi-VN`, `id`, `ja`, `ko`, `zh-CN`, `zh-TW` (single-form locales). Emitting both `one` and `other` with identical content is a **project convention** — it keeps tooling and linters consistent across the codebase. It is not a CLDR requirement, and `Intl.PluralRules` will return only `"other"` for these locales at runtime.
For any locale not listed: look up the CLDR categories before writing a single plural string. Arabic has six; Welsh has six; most Slavic languages have four; most Romance languages have two or three; CJK / Turkic / Thai have one (still emit `other`).
Rules in practice:
1.**Never drop a required form**, even when the word is identical across forms — emit each one explicitly.
2.**Never add a form the target doesn't have.** German does **not** use `few`. Any `few` clause in `de/*.json` is a bug and must be removed.
3. In single-form locales (ja/ko/zh/tr/vi/id), emit `one` + `other` with identical content so tooling and linters stay consistent.
4. The `other` case is always the fallback — it must render a grammatically complete sentence on its own.
Examples:
```json
// ✅ Correct — Russian (four forms; `other` fires for non-integer counts and takes genitive singular)
"members":"{count, plural, one {# участник} few {# участника} many {# участников} other {# участника}}"
// ✅ Correct — Polish (four forms)
"items":"{count, plural, one {# element} few {# elementy} many {# elementów} other {# elementu}}"
// ✅ Correct — Romanian (three forms)
"days":"{count, plural, one {# zi} few {# zile} other {# de zile}}"
| **zh-CN** | Full-width `。,?!;:`. Primary `"…"`, nested `'…'`. Work titles `《…》`. Half-width space around embedded Latin tokens. |
| **zh-TW** | Full-width `。,?!;:`. Primary `「…」`, nested `『…』`. Work titles `《…》`. Half-width space around embedded Latin tokens. |
## Tone & Register (SaaS defaults)
Formality defaults for locales currently in the repo. Add a row for each new locale, consulting the Microsoft Style Guide for that locale as the default authority on product-UI register.
| id | **Anda** (always capitalized) | Never "kamu" in product UI |
| ja | **です・ます体** | Never plain form; avoid 尊敬語・謙譲語 |
| ko | **합니다체** for system/errors; **해요체** acceptable for onboarding | Match surrounding file |
| zh-CN | **您** | B2B convention; never 你 |
| zh-TW | **您** | B2B convention; never 你 |
| ru | **Вы** (cap.) for singular direct address, **вы** (lower) for plural/general | Context-dependent |
| ua | **ви** (lowercase, modern convention) | Capitalized Ви only for very formal |
General writing rules (apply across all locales):
- Sentence case in buttons, headings, tooltips — not Title Case. Only capitalize proper nouns.
- No exclamation marks except in genuine celebrations (first success, milestone).
- No emoji in UI copy.
- No slang, idioms, humor, cultural references — they don't translate.
- Consistent terminology — if "work item" is used once, never switch to "issue" / "ticket" mid-flow.
- Active voice, present tense.
- Write out abbreviations on first use if not on the DNT list.
## Text Expansion Budget
Design strings knowing translations will grow. Typical expansion vs. English for locales currently in the repo; lookup values from Andiamo / Eriksen / W3C tables when adding a locale.
- en-US: `MM/DD/YYYY` — most of Europe: `DD.MM.YYYY` — fr: `DD/MM/YYYY` — ja: `YYYY/MM/DD` or `YYYY年MM月DD日` — zh: `YYYY年MM月DD日` — ko: `YYYY년 MM월 DD일`.
Currency: prefer ISO codes (`USD`, `EUR`, `INR`) in dense UI; localize symbol position via ICU. Units: keep the system (metric/imperial) a product decision, localized consistently.
## AI Translation Workflow
The repo has no machine-readable translation-status field today (no sidecar, no `__meta`, no per-key flag) — so "preserve human-reviewed strings" must be enforced via git history, not status metadata. The disciplines below are what actually fires:
1.**Inject the DNT glossary into every AI translation prompt** — both approved targets and forbidden renderings. LLMs do not natively honor glossaries; they obey them only when prompted.
2.**Prompt the variant explicitly**: `target=zh-CN` vs `target=zh-TW`, `target=pt-BR` vs `target=pt-PT`. Auto-detect calls blend them and produce mixed vocabulary.
3.**Pass 2–5 sentences of real context** per string (surrounding UI, screen, flow). Keep DNT instructions out of context — route them through the glossary/system prompt channel.
4.**Hallucination check**: AI output may add or drop content. Diff placeholder/tag inventory before and after; any mismatch is a reject.
5.**On re-translation, preserve human-touched lines.** Before overwriting any value in an existing locale file, run `git log -- <file>` (or `git blame -L <line>,<line>`) on the key. If the most recent non-bot, non-mass-rewrite commit was authored by a human, treat that line as human-reviewed and keep it. Only overwrite lines whose last edit was a machine sweep or a copy-from-en migration.
6.**Variants by language-resource tier**: expect more review iterations for id, vi-VN, ua, ro (lower-resource LLMs) than for de, fr, es, ja (higher-resource).
### Per-string review rubric (MQM-aligned)
When reviewing a translation — yours or an AI's — score against these categories and reject if any Major issue is present:
1.**Terminology** — DNT violation, inconsistent with the glossary above, or inconsistent with past strings in the same namespace
4.**Style / Register** — Informal pronoun used where formal is required; inconsistent tone; idiom/cultural reference
5.**Locale conventions** — Date / number / currency format hard-coded; decimal separator wrong; keyboard key translated
6.**Markup** — Placeholder changed, HTML tag dropped/modified, Markdown broken, `Trans` numbered fragment renumbered
7.**Plural** — Missing required CLDR form; spurious form the language doesn't have; `#` or `=0` dropped
## Workflow
### Add a new key
1. Add to `packages/i18n/src/locales/en/<namespace>.json` first. (If the namespace file does not yet exist, see **Add a new namespace** below — that case has extra steps.)
2. Use in the component via `t("my.new_key")`.
3. Translate into every target locale present in `src/locales/` — one file at a time. **Do not** copy the English value into the non-English files as a shortcut — `sync-check` treats presence as synced and will silently ship English copy to every locale.
4. Run `pnpm --filter @plane/i18n run generate:types` (or let the build do it).
5. Run `pnpm --filter @plane/i18n run sync:check` — expect `0 missing, 0 stale, 0 collisions`.
6. Spot-check one non-Latin locale manually for punctuation/plural correctness.
### Add a new namespace
A "namespace" is a top-level JSON file (e.g. `common.json`, `auth.json`, `epic.json`). The set of valid namespace names is a hard-coded const array — adding a JSON file alone is not enough; the runtime will not load it.
1. Add the new namespace name to the `NAMESPACES` array in `packages/i18n/src/constants/namespaces.ts`. Keep alphabetical order with the existing entries.
2. Create `<namespace>.json` in **every** locale directory under `packages/i18n/src/locales/` — start with `en/<namespace>.json` (the source of truth), then create the file in all 18 target locales. An empty `{}` is fine for the targets at this step; `sync-check` will report missing keys as you add them in step 4.
3. Add at least one key in `en/<namespace>.json` so the namespace has content.
4. Translate every key from `en/<namespace>.json` into each target locale — apply every rule in this skill.
5. Run `pnpm --filter @plane/i18n run generate:types` to regenerate the `TTranslationKeys` union so component-level `t()` calls type-check.
6. Run `pnpm --filter @plane/i18n run sync:check` — expect `0 missing, 0 stale, 0 collisions`.
7. Use the new namespace from a component via the namespace-prefixed key (e.g. `t("<namespace>.my_key")`) and spot-check the rendered UI in at least one non-Latin locale.
### Update an English value
The meaning changed — every target is now stale even if the key still exists. `sync-check` will **not** flag this.
1. Edit `en/<namespace>.json`.
2. Update the same key in every target locale in the same PR.
3. If a locale has no native speaker available in the PR, mark the string status as `machine_translated` (in PR description or commit message) and open a follow-up for native review.
2. Translate every file, applying every rule in this skill.
3. Register in `packages/i18n/src/constants/language.ts` (`SUPPORTED_LANGUAGES`) and `packages/i18n/src/types/language.ts` (`TLanguage`).
4. Run `sync:check` — must show 100% coverage before merging.
5. Before merging, **pseudolocalize**: temporarily replace the new locale's values with bracketed expanded forms (`"Plane" → "[Plàññéé——]"`) in a local build and click through the UI. Catches truncation, unextracted strings, and layout bugs before real users see them.
6. If the new locale isn't yet covered by this skill (script, plural rules, punctuation, register), follow **Adding a locale not documented here** below and update this file in the same PR.
### Commands
```bash
# Regenerate the TTranslationKeys union (auto on build)
| Translate "Active Cycles"? | Never as a unit (it's a feature page name). Lowercase generic "active cycles" in prose translates normally per the glossary. |
| Translate "Pro" / "Business" / "Enterprise"? | Never. Plan tier names. Latin, every locale. |
| Translate "Cycle" / "Module" / "Epic" / "Page"? | **Yes** — use the per-locale form from the translation glossary (zh-CN 周期/模块/史诗/页面, ja サイクル/モジュール/エピック/ページ, de Zyklus/Modul/Epic/Seite, etc.). |
| Informal "you" in de/fr/ru/ja? | Never in product UI. |
| Chinese + embedded "GitHub"? | `使用 GitHub 登录` — half-width space around Latin **brand** tokens. Feature nouns translate (`创建周期`, no space because no Latin). |
| Japanese "user"? | ユーザー with long-vowel ー, not ユーザ. |
| Hard-code date formats? | Never. Use ICU `{d, date, medium}`. |
| Copy English into non-English locale? | Never. Worse than leaving the key missing. |
## Common Mistakes (revert on sight)
- **Translating Plane brand marks** — `Plane → 飞机`, `Plane AI → AI 聊天`, `Power K → 命令面板`, `Sticky → 便签` (Sticky is a brand, even though "sticky note" generally translates), `Intake → 收件箱`. Brand marks stay Latin.
- **Leaving feature nouns in Latin in non-Latin locales** — `创建 Cycle` (zh-CN), `Создать Cycle` (ru), `エピックを作成` is fine but `Epicを作成` is not. Use the per-locale form from the glossary.
- **Coining new feature-noun translations** — `Cycle → Cercle` (fr — invented; the natural cognate is the same `Cycle`), `Cycle → 循环` (zh-CN — non-glossary; use `周期`), `Epic → Saga` (es — non-glossary; use `Epic`). The glossary is the source of truth.
- **Missing `few` / `many` in Slavic languages** — Russian/Polish/Czech/Slovak/Ukrainian strings with only `one / other` are grammatically wrong for counts 2–4 and 5+. Fix in the same PR.
- **Wrong Slavic case form inside ICU plurals** — for ru/ua, `few` is genitive singular (`# Цикла`), not nominative plural (`# Циклы`). See the case-form table.
- **Inventing `few` in German, `many` in Spanish, etc.** — languages not in CLDR for that form. Remove the spurious keyword.
- **Translating `{count}` or renaming `{name}`** — ICU variables are lookup keys; rename breaks runtime substitution.
- **Dropping `<0>`/`<1>` numbering in `Trans`** — react-i18next matches by number; renumbering breaks the component.
- **Copying English as a translation** — `sync-check` passes, users see English. The fastest way to ship bad i18n.
- **No half-width space around Latin tokens in Chinese** — `使用GitHub登录` is a readability bug. The space rule applies around any remaining Latin token (brand mark), not around translated feature nouns.
- **Missing `ー` in Japanese katakana (`ユーザ` instead of `ユーザー`)** — inconsistent with the Microsoft style guide and the rest of the product.
- **Using informal pronouns** — `du/tu/ты/tú/you (informal)` breaks Plane's formal register in languages that distinguish.
- **Translating keyboard keys** — `Ctrl` stays `Ctrl`, never `Strg` or `コントロール`, because the physical key says `Ctrl`.
- **Hard-coded date/number strings** — `"Due on MM/DD/YYYY"` is a locale bug waiting to ship; use ICU formatters.
- **Translating `PQL`, `SSO`, `API`** — acronyms are DNT. The prose around them may be translated.
- **Translating plan tier names** — `Pro → Профессиональный`, `Business → 商业版`, `Enterprise → エンタープライズ`. Plan tiers stay Latin per industry convention (Notion/Slack/Linear/Asana).
- **Korean particle mismatch after Hangul transliteration** — `사이클를` is wrong (vowel-particle after consonant-ending noun); use `사이클을`. Same for 모듈, 에픽.
- **Vietnamese diacritic stripping** — `bạn` is not `ban`; diacritics are mandatory.
- **Lowercase `anda` in Indonesian** — `Anda` is always capitalized in product UI.
- **Mixing zh-CN and zh-TW vocabulary** — `视频` ≠ `影片`, `软件` ≠ `軟體`. Never copy-paste between the two directories.
## Red Flags — Stop and Revert
You see yourself about to do any of the following → stop, delete, restart this string:
- Replacing `Plane`, `Plane AI`, `Power K`, `PQL`, `Active Cycles`, `Sticky`, `Stickies`, `Intake`, `Pro`, `Business`, `Enterprise`, or any third-party brand (`GitHub`, `Slack`, etc.) with a translated form.
- Leaving `Cycle` / `Module` / `Epic` / `Page` in Latin in a non-Latin locale (zh-CN, zh-TW, ja, ko, ru, ua) — these are common nouns and must be translated per the glossary.
- Coining a feature-noun translation that's not in the glossary (`Cycle → 循环`, `Cycle → Cercle`, `Epic → Saga`).
- Using a vowel-form Korean particle (을/은/이/과 vs. 를/는/가/와) that doesn't agree with the noun's final character.
- Pasting the English value into a non-English file.
- Renaming or removing a `{variable}`, `<tag>`, numbered `<0>`, or Markdown marker.
- Dropping `few` or `many` from a Slavic-language plural, or adding `few` to German.
- Using nominative plural for `few` in ru/ua plural blocks (it should be genitive singular per CLDR).
- Editing one locale file and deciding to "do the others later" without updating the PR description.
- Using `du`, `tu`, `ты`, `tú`, plain-form Japanese, or 반말 Korean in any product string.
- Stripping diacritics from Vietnamese, lowercasing `Anda` in Indonesian.
| "Keeping `Cycle` Latin in zh-CN keeps it consistent with English docs." | That's a minority position; Microsoft, Apple, Mozilla, Notion, Atlassian, Slack all translate. Monolingual zh users can't read Latin words; the glossary form is the standard. |
| "史诗 is the established Chinese word for Epic, but Latin reads more brand-y." | Brand-y is the wrong goal for a feature noun. The glossary form (`史诗` for zh-CN, `Эпик` for ru) is what users in those locales expect from a SaaS product. |
| "Our Russian users understand `Cycle` Latin." | They understand it; they don't expect to encounter it. The glossary form (`Цикл`) is what every other Russian SaaS product uses for the same concept. |
| "I'll just transliterate the Plane brand name into Cyrillic for accessibility." | Brand marks stay Latin in every locale. `Плейн` is wrong; `Plane` is right. |
| "Plan tier names should be translated since they're plain words." | Industry standard (Notion, Slack, Linear, Asana, GitHub) is to keep `Pro`, `Business`, `Enterprise` Latin for marketing consistency. Don't translate. |
| "This string is internal / rarely seen, good-enough is fine." | Every string is someone's main screen. Rules are cheap to follow; consistency compounds. |
| "`sync-check` passed, I'm done." | `sync-check` only compares presence, not value quality. Green does not mean translated. |
| "I'll fix the missing plural forms later." | Missing `few` in Russian renders the wrong word for counts 2–4 right now in production. Same PR. |
| "The old file already used Latin Cycle everywhere — stay consistent." | Consistency with a bug is still a bug. Migrate occurrences you touch; open a sweep PR for the rest. |
| "AI said this was the right Japanese word for Cycle." | AI does not know our glossary unless you inject it. Check against the glossary table above; the glossary wins. |
| "The German translation is a bit long but still fits on my screen." | It won't fit on every user's screen. Design for +35% expansion; test in a narrow viewport. |
| "I renamed `{userName}` to `{nomeUtente}` so the Italian reads naturally." | Variables are code. The runtime has no `{nomeUtente}` in scope — it renders as literal text. Revert. |
| "Capitalizing `Anda` / `您` / `Sie` looks over-formal." | It's Plane's register in those languages. Deviating breaks brand voice across the product. |
## Adding a locale not documented here
When you add a language whose script, plural rules, punctuation, or register defaults aren't covered above:
1.**Plural rules** — Look up the target language in the Unicode CLDR Language Plural Rules chart. Note every required keyword (`zero`, `one`, `two`, `few`, `many`, `other`). Add a row to the CLDR table above.
2.**Script & transliteration** — Identify the script family. Latin → preserve DNT verbatim. Non-Latin → decide per-script: transliterate common-noun feature names phonetically (Cyrillic / Devanagari / Greek / Thai), keep brand marks in Latin. For RTL scripts (Arabic, Hebrew, Persian, Urdu) set `dir="rtl"` at the root and ensure Latin tokens remain LTR inside RTL context; preserve `‏`/`‎` markers if present.
3.**Punctuation & spacing** — Consult the Microsoft Style Guide for the locale (canonical authority on SaaS-style product punctuation). Add a row to the Per-Locale Punctuation & Spacing table.
4.**Register** — Default to the formal "you" and whatever honorific/polite register the Microsoft guide prescribes for B2B SaaS. Add a row to the Tone & Register table.
5.**Text expansion** — Look up typical expansion in Andiamo / Eriksen / W3C text-size tables; add a row to the Text Expansion Budget.
6.**DNT glossary** — Add a column (or row entries) for the new locale across the DNT tables. Specify forbidden literal translations (the words an LLM would produce if uninstructed). Example: if adding Arabic, the forbidden rendering for `Plane` includes `طائرة`; for `Epic` includes `ملحمة`; for `Sticky` includes `ملاحظة`.
7.**Commit this file in the same PR** that introduces the locale. The skill must stay ahead of the codebase — empty per-locale rows guarantee inconsistent translations in future PRs.
description:Guidelines for using modern TypeScript features (v5.0-v5.8)
applyTo:"**/*.{ts,tsx,mts,cts}"
---
# TypeScript Coding Guidelines & Modern Features (v5.0 - v5.8)
When writing TypeScript code, prioritize using modern features and best practices introduced in recent versions (up to 5.8).
## Global Themes Across 5.x
1.**Standard decorators are here; legacy decorators are legacy.**
New TC39-compliant decorators landed in 5.0 and were extended in 5.2 (metadata). Old `experimentalDecorators`-style behavior is still supported but should be treated as legacy.
2.**Type system is more precise and less noisy.**
Major work went into narrowing, control flow analysis, error messages, and new helpers like `NoInfer`, inferred predicates, and better `undefined`/`never`/uninitialized checks.
3.**Module / runtime interop has been modernized.**
Options like `--moduleResolution bundler`, `--module nodenext`/`node18`, `--rewriteRelativeImportExtensions`, `--erasableSyntaxOnly`, and `--verbatimModuleSyntax` are about playing nicely with ESM, Node 18+/22+, direct TypeScript execution, and bundlers.
4.**The standard library keeps tracking modern JS.**
Support for new ES features (iterator helpers, `Object.groupBy`/`Map.groupBy`, new Set/ES2024 APIs) shows up as type declarations and sometimes extra checks (regex syntax checking, etc.).
When generating or refactoring code, prefer these newer idioms, and avoid patterns that conflict with updated checks.
## Modern Features to Utilize
### Type System & Inference
- **`const` Type Parameters (5.0)**: Use `const` type parameters for more precise literal inference.
```typescript
declare function names<const T extends string[]>(...names: T): void;
```
- **`@satisfies` Operator (5.0)**: Use `satisfies` to validate types without widening them.
- **Inferred Type Predicates (5.5)**: Allow TypeScript to infer type predicates for functions that filter arrays or check types, reducing the need for explicit `is` return types.
- **`NoInfer` Utility (5.4)**: Use `NoInfer<T>` to block inference for specific type arguments when you want them to be determined by other arguments.
- **Narrowing**:
- **Switch(true) (5.3)**: Utilize narrowing in `switch(true)` blocks.
- **Boolean Comparisons (5.3)**: Rely on narrowing from direct boolean comparisons.
- **Closures (5.4)**: Trust preserved narrowing in closures when variables aren't modified after the check.
- **Constant Indexed Access (5.5)**: Use constant indices to narrow object/array properties.
### Syntax & Control Flow
- **Decorators (5.0)**: Use standard ECMAScript decorators (Stage 3).
- **`using` Declarations (5.2)**: Use `using` for explicit resource management (Disposable pattern) instead of manual cleanup.
```typescript
using resource = new Resource();
```
- **Import Attributes (5.3/5.8)**: Use `with { type: "json" }` for import attributes. Avoid the deprecated `assert` syntax.
- **`switch` Exhaustiveness**: Rely on TypeScript's exhaustiveness checking in switch statements.
### Modules & Imports
- **`verbatimModuleSyntax` (5.0)**: Respect this flag by using `import type` explicitly when importing types to ensure they are erased during compilation.
- **Type-Only Imports with Extensions (5.2)**: You can use `.ts`, `.mts`, `.cts` extensions in `import type` statements.
- **`resolution-mode` (5.3)**: Use `import type { Type } from "mod" with { "resolution-mode": "import" }` if needed for specific module resolution contexts.
- **JSDoc `@import` (5.5)**: Use `@import` tags in JSDoc for cleaner type imports in JS files if working in a mixed codebase.
### Standard Library & Built-ins
- **Iterator Helpers (5.6)**: Use new iterator methods (map, filter, etc.) if targeting modern environments.
- **Set Methods (5.5)**: Utilize new `Set` methods like `union`, `intersection`, etc., when available.
- **`Object.groupBy` / `Map.groupBy` (5.4)**: Use these standard methods for grouping instead of external libraries like Lodash when appropriate.
- **`Promise.withResolvers` (5.7)**: Use `Promise.withResolvers()` for creating promises with exposed resolve/reject functions.
### Configuration & Tooling
- **`--moduleResolution bundler` (5.0)**: Assume this resolution strategy for modern web projects (Vite, Next.js, etc.).
- **`--erasableSyntaxOnly` (5.8)**: Be aware of this flag; avoid TypeScript-specific syntax that cannot be simply erased (like `enum`s or `namespaces`) if the project aims for maximum compatibility with tools like Node.js's `--strip-types`. Prefer `const` objects or unions over `enum`s if requested.
## Specific Coding Patterns
### Arrays & Collections
- Use **Copying Array Methods (5.2)** (`toSorted`, `toSpliced`, `with`) for immutable array operations.
- **TypedArrays (5.7)**: Be aware that TypedArrays are now generic over `ArrayBufferLike`.
### Classes
- **Parameter Decorators (5.0/5.2)**: Use modern standard decorators.
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name:Checkout repository
uses:actions/checkout@v3
uses:actions/checkout@v6
# Initializes the CodeQL tools for scanning.
- name:Initialize CodeQL
uses:github/codeql-action/init@v2
uses:github/codeql-action/init@v4
with:
languages:${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name:Autobuild
uses:github/codeql-action/autobuild@v2
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
- Teardown: `docker compose -f docker-compose-test.yml down -v`
See `apps/api/tests/RUNNING_TESTS.md` for the full walkthrough and troubleshooting; see `apps/api/tests/TESTING_GUIDE.md` for test conventions and fixtures.
@@ -4,7 +4,7 @@ Thank you for showing an interest in contributing to Plane! All kinds of contrib
## Submitting an issue
Before submitting a new issue, please search the [issues](https://github.com/makeplane/plane/issues) tab. Maybe an issue or discussion already exists and might inform you of workarounds. Otherwise, you can give new informplaneation.
Before submitting a new issue, please search the [issues](https://github.com/makeplane/plane/issues) tab. Maybe an issue or discussion already exists and might inform you of workarounds. Otherwise, you can give new information.
While we want to fix all the [issues](https://github.com/makeplane/plane/issues), before fixing a bug we need to be able to reproduce and confirm it. Please provide us with a minimal reproduction scenario using a repository or [Gist](https://gist.github.com/). Having a live, reproducible scenario gives us the information without asking questions back & forth with additional questions like:
@@ -15,20 +15,40 @@ Without said minimal reproduction, we won't be able to investigate all [issues](
You can open a new issue with this [issue form](https://github.com/makeplane/plane/issues/new).
### Naming conventions for issues
When opening a new issue, please use a clear and concise title that follows this format:
- For bugs: `🐛 Bug: [short description]`
- For features: `🚀 Feature: [short description]`
- For improvements: `🛠️ Improvement: [short description]`
- For documentation: `📘 Docs: [short description]`
**Examples:**
-`🐛 Bug: API token expiry time not saving correctly`
-`📘 Docs: Clarify RAM requirement for local setup`
-`🚀 Feature: Allow custom time selection for token expiration`
This helps us triage and manage issues more efficiently.
## Projects setup and Architecture
### Requirements
-Node.js version v16.18.0
-Docker Engine installed and running
- Node.js version 20+ [LTS version](https://nodejs.org/en/about/previous-releases)
- Python version 3.8+
- Postgres version v14
- Redis version v6.2.7
- **Memory**: Minimum **12 GB RAM** recommended
> ⚠️ Running the project on a system with only 8 GB RAM may lead to setup failures or memory crashes (especially during Docker container build/start or dependency install). Use cloud environments like GitHub Codespaces or upgrade local RAM if possible.
### Setup the project
The project is a monorepo, with backend api and frontend in a single repo.
The backend is a django project which is kept inside apiserver
The backend is a django project which is kept inside apps/api
1. Clone the repo
@@ -50,6 +70,17 @@ chmod +x setup.sh
docker compose -f docker-compose-local.yml up
```
4. Start web apps:
```bash
pnpm dev
```
5. Open your browser to http://localhost:3001/god-mode/ and register yourself as instance admin
6. Open up your browser to http://localhost:3000 then log in using the same credentials from the previous step
That’s it! You’re all set to begin coding. Remember to refresh your browser if changes don’t auto-reload. Happy contributing! 🎉
## Missing a Feature?
If a feature is missing, you can directly _request_ a new one [here](https://github.com/makeplane/plane/issues/new?assignees=&labels=feature&template=feature_request.yml&title=%F0%9F%9A%80+Feature%3A+). You also can do the same by choosing "🚀 Feature" when raising a [New Issue](https://github.com/makeplane/plane/issues/new/choose) on our GitHub Repository.
@@ -60,19 +91,157 @@ If you would like to _implement_ it, an issue with your proposal must be submitt
To ensure consistency throughout the source code, please keep these rules in mind as you are working:
- All features or bug fixes must be tested by one or more specs (unit-tests).
- We use [Eslint default rule guide](https://eslint.org/docs/rules/), with minor changes. An automated formatter is available using prettier.
## Need help? Questions and suggestions
Questions, suggestions, and thoughts are most welcome. We can also be reached in our [Discord Server](https://discord.com/invite/A92xrEGCge).
- We lint with [OxLint](https://oxc.rs/docs/guide/usage/linter) using the shared `.oxlintrc.json` and format with [oxfmt](https://oxc.rs/docs/guide/usage/formatter) using `.oxfmtrc.json`.
## Ways to contribute
- Try Plane Cloud and the self hosting platform and give feedback
- Add new integrations
- Add or update translations
- Help with open [issues](https://github.com/makeplane/plane/issues) or [create your own](https://github.com/makeplane/plane/issues/new/choose)
- Share your thoughts and suggestions with us
- Help create tutorials and blog posts
- Request a feature by submitting a proposal
- Report a bug
- **Improve documentation** - fix incomplete or missing [docs](https://docs.plane.so/), bad wording, examples or explanations.
## Contributing to language support
This guide is designed to help contributors understand how to add or update translations in the application.
### Understanding translation structure
#### File organization
Translations are organized by language in the locales directory. Each language has its own folder containing JSON files for translations. Here's how it looks:
```
packages/i18n/src/locales/
├── en/
│ ├── core.json # Critical translations
│ └── translations.json
├── fr/
│ └── translations.json
└── [language]/
└── translations.json
```
#### Nested structure
To keep translations organized, we use a nested structure for keys. This makes it easier to manage and locate specific translations. For example:
```json
{
"issue":{
"label":"Work item",
"title":{
"label":"Work item title"
}
}
}
```
### Translation formatting guide
We use [IntlMessageFormat](https://formatjs.github.io/docs/intl-messageformat/) to handle dynamic content, such as variables and pluralization. Here's how to format your translations:
#### Examples
- **Simple variables**
```json
{
"greeting": "Hello, {name}!"
}
```
- **Pluralization**
```json
{
"items": "{count, plural, one {Work item} other {Work items}}"
}
```
### Contributing guidelines
#### Updating existing translations
1. Locate the key in `locales/<language>/translations.json`.
2. Update the value while ensuring the key structure remains intact.
3. Preserve any existing ICU formats (e.g., variables, pluralization).
#### Adding new translation keys
1. When introducing a new key, ensure it is added to **all** language files, even if translations are not immediately available. Use English as a placeholder if needed.
2. Keep the nesting structure consistent across all languages.
3. If the new key requires dynamic content (e.g., variables or pluralization), ensure the ICU format is applied uniformly across all languages.
### Adding new languages
Adding a new language involves several steps to ensure it integrates seamlessly with the project. Follow these instructions carefully:
1. **Update type definitions**
Add the new language to the TLanguage type in the language definitions file:
```ts
// packages/i18n/src/types/language.ts
export type TLanguage = "en" | "fr" | "your-lang";
```
1. **Add language configuration**
Include the new language in the list of supported languages:
To verify that all tracked Python files contain the correct copyright header for **Plane Software Inc.** for the year **2023**, run this command from the repository root:
Meet [Plane](https://dub.sh/plane-website-readme). An open-source software development tool to manage issues, sprints, and product roadmaps with peace of mind. 🧘♀️
Meet [Plane](https://plane.so/), an open-source project management tool to track issues, run ~sprints~ cycles, and manage product roadmaps without the chaos of managing the tool itself. 🧘♀️
> Plane is still in its early days, not everything will be perfect yet, and hiccups may happen. Please let us know of any suggestions, ideas, or bugs that you encounter on our [Discord](https://discord.com/invite/A92xrEGCge) or GitHub issues, and we will use your feedback to improve in our upcoming releases.
> Plane is evolving every day. Your suggestions, ideas, and reported bugs help us immensely. Do not hesitate to join in the conversation on [Forum](https://forum.plane.so) or raise a GitHub issue. We read everything and respond to most.
## ⚡ Installation
## 🚀 Installation
The easiest way to get started with Plane is by creating a [Plane Cloud](https://app.plane.so) account where we offer a hosted solution for users.
Getting started with Plane is simple. Choose the setup that works best for you:
If you want more control over your data, prefer to self-host Plane, please refer to our [deployment documentation](https://docs.plane.so/docker-compose).
- **Plane Cloud**
Sign up for a free account on [Plane Cloud](https://app.plane.so)—it's the fastest way to get up and running without worrying about infrastructure.
Prefer full control over your data and infrastructure? Install and run Plane on your own servers. Follow our detailed [deployment guides](https://developers.plane.so/self-hosting/overview) to get started.
`Instance admin` can configure instance settings using our [God-mode](https://docs.plane.so/instance-admin) feature.
`Instance admins` can configure instance settings with [God mode](https://developers.plane.so/self-hosting/govern/instance-admin).
- **Issues**: Quickly create issues and add details using a powerful rich text editor that supports file uploads. Add sub-properties and references to problems for better organization and tracking.
## 🌟 Features
- **Cycles**:
Keep up your team's momentum with Cycles. Gain insights into your project's progress with burn-down charts and other valuable features.
- **Work Items**
Efficiently create and manage tasks with a robust rich text editor that supports file uploads. Enhance organization and tracking by adding sub-properties and referencing related issues.
- **Modules**: Break down your large projects into smaller, more manageable modules. Assign modules between teams to track and plan your project's progress easily.
- **Cycles**
Maintain your team’s momentum with Cycles. Track progress effortlessly using burn-down charts and other insightful tools.
- **Views**: Create custom filters to display only the issues that matter to you. Save and share your filters in just a few clicks.
- **Modules**
Simplify complex projects by dividing them into smaller, manageable modules.
- **Pages**: Plane pages, equipped with AI and a rich text editor, let you jot down your thoughts on the fly. Format your text, upload images, hyperlink, or sync your existing ideas into an actionable item or issue.
- **Views**
Customize your workflow by creating filters to display only the most relevant issues. Save and share these views with ease.
- **Analytics**: Get insights into all your Plane data in real-time. Visualize issue data to spot trends, remove blockers, and progress your work.
- **Pages**
Capture and organize ideas using Plane Pages, complete with AI capabilities and a rich text editor. Format text, insert images, add hyperlinks, or convert your notes into actionable items.
- **Drive** (_coming soon_): The drive helps you share documents, images, videos, or any other files that make sense to you or your team and align on the problem/solution.
- **Analytics**
Access real-time insights across all your Plane data. Visualize trends, remove blockers, and keep your projects moving forward.
## 🛠️ Quick start for contributors
## 🛠️ Local development
> Development system must have docker engine installed and running.
See [CONTRIBUTING](./CONTRIBUTING.md)
Setting up local environment is extremely easy and straight forward. Follow the below step and you will be ready to contribute -
## ⚙️ Built with
1. Clone the code locally using:
```
git clone https://github.com/makeplane/plane.git
```
2. Switch to the code folder:
```
cd plane
```
3. Create your feature or fix branch you plan to work on using:
```
git checkout -b <feature-branch-name>
```
4. Open terminal and run:
```
./setup.sh
```
5. Open the code on VSCode or similar equivalent IDE.
6. Review the `.env` files available in various folders.
Visit [Environment Setup](./ENV_SETUP.md) to know about various environment variables used in system.
7. Run the docker command to initiate services:
```
docker compose -f docker-compose-local.yml up -d
```
You are ready to make changes to the code. Do not forget to refresh the browser (in case it does not auto-reload).
Thats it!
## ❤️ Community
The Plane community can be found on [GitHub Discussions](https://github.com/orgs/makeplane/discussions), and our [Discord server](https://discord.com/invite/A92xrEGCge). Our [Code of conduct](https://github.com/makeplane/plane/blob/master/CODE_OF_CONDUCT.md) applies to all Plane community chanels.
Ask questions, report bugs, join discussions, voice ideas, make feature requests, or share your projects.
If you believe you have found a security vulnerability in Plane, we encourage you to responsibly disclose this and not open a public issue. We will investigate all legitimate reports.
Explore Plane's [product documentation](https://docs.plane.so/) and [developer documentation](https://developers.plane.so/) to learn about features, setup, and usage.
Email squawk@plane.so to disclose any security vulnerabilities.
## ❤️ Community
## ❤️ Contribute
Join the Plane community on [GitHub Discussions](https://github.com/orgs/makeplane/discussions) and our [Forum](https://forum.plane.so). We follow a [Code of conduct](https://github.com/makeplane/plane/blob/master/CODE_OF_CONDUCT.md) in all our community channels.
There are many ways to contribute to Plane, including:
Feel free to ask questions, report bugs, participate in discussions, share ideas, request features, or showcase your projects. We’d love to hear from you!
- Submitting [bugs](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%F0%9F%90%9Bbug&projects=&template=--bug-report.yaml&title=%5Bbug%5D%3A+) and [feature requests](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%E2%9C%A8feature&projects=&template=--feature-request.yaml&title=%5Bfeature%5D%3A+) for various components.
- Reviewing [the documentation](https://docs.plane.so/) and submitting [pull requests](https://github.com/makeplane/plane), from fixing typos to adding new features.
- Speaking or writing about Plane or any other ecosystem integration and [letting us know](https://discord.com/invite/A92xrEGCge)!
- Upvoting [popular feature requests](https://github.com/makeplane/plane/issues) to show your support.
## 🛡️ Security
If you discover a security vulnerability in Plane, please report it responsibly instead of opening a public issue. We take all legitimate reports seriously and will investigate them promptly. See [Security policy](https://github.com/makeplane/plane/blob/master/SECURITY.md) for more info.
To disclose any security issues, please email us at security@plane.so.
## 🤝 Contributing
There are many ways you can contribute to Plane:
- Report [bugs](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%F0%9F%90%9Bbug&projects=&template=--bug-report.yaml&title=%5Bbug%5D%3A+) or submit [feature requests](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%E2%9C%A8feature&projects=&template=--feature-request.yaml&title=%5Bfeature%5D%3A+).
- Review the [documentation](https://docs.plane.so/) and submit [pull requests](https://github.com/makeplane/docs) to improve it—whether it's fixing typos or adding new content.
- Talk or write about Plane or any other ecosystem integration and [let us know](https://forum.plane.so)!
- Show your support by upvoting [popular feature requests](https://github.com/makeplane/plane/issues).
Please read [CONTRIBUTING.md](https://github.com/makeplane/plane/blob/master/CONTRIBUTING.md) for details on the process for submitting pull requests to us.
This document outlines the security protocols and vulnerability reporting guidelines for the Plane project. Ensuring the security of our systems is a top priority, and while we work diligently to maintain robust protection, vulnerabilities may still occur. We highly value the community’s role in identifying and reporting security concerns to uphold the integrity of our systems and safeguard our users.
This document outlines security procedures and vulnerabilities reporting for the Plane project.
## Reporting a vulnerability
If you have identified a security vulnerability, submit your findings to [security@plane.so](mailto:security@plane.so).
Ensure your report includes all relevant information needed for us to reproduce and assess the issue. Include the IP address or URL of the affected system.
At Plane, we safeguarding the security of our systems with top priority. Despite our efforts, vulnerabilities may still exist. We greatly appreciate your assistance in identifying and reporting any such vulnerabilities to help us maintain the integrity of our systems and protect our clients.
To ensure a responsible and effective disclosure process, please adhere to the following:
To report a security vulnerability, please email us directly at security@plane.so with a detailed description of the vulnerability and steps to reproduce it. Please refrain from disclosing the vulnerability publicly until we have had an opportunity to review and address it.
- Maintain confidentiality and refrain from publicly disclosing the vulnerability until we have had the opportunity to investigate and address the issue.
- Refrain from running automated vulnerability scans on our infrastructure or dashboard without prior consent. Contact us to set up a sandbox environment if necessary.
- Do not exploit any discovered vulnerabilities for malicious purposes, such as accessing or altering user data.
- Do not engage in physical security attacks, social engineering, distributed denial of service (DDoS) attacks, spam campaigns, or attacks on third-party applications as part of your vulnerability testing.
## Out of Scope Vulnerabilities
## Out of scope
While we appreciate all efforts to assist in improving our security, please note that the following types of vulnerabilities are considered out of scope:
We appreciate your help in identifying vulnerabilities. However, please note that the following types of vulnerabilities are considered out of scope:
- Vulnerabilities requiring man-in-the-middle (MITM) attacks or physical access to a user’s device.
- Content spoofing or text injection issues without a clear attack vector or the ability to modify HTML/CSS.
- Issues related to email spoofing.
- Missing DNSSEC, CAA, or CSP headers.
- Absence of secure or HTTP-only flags on non-sensitive cookies.
- Attacks requiring MITM or physical access to a user's device.
- Content spoofing and text injection issues without demonstrating an attack vector or ability to modify HTML/CSS.
- Email spoofing.
- Missing DNSSEC, CAA, CSP headers.
- Lack of Secure or HTTP only flag on non-sensitive cookies.
## Our commitment
## Reporting Process
At Plane, we are committed to maintaining transparent and collaborative communication throughout the vulnerability resolution process. Here's what you can expect from us:
If you discover a vulnerability, please adhere to the following reporting process:
- **Response Time** <br/>
We will acknowledge receipt of your vulnerability report within three business days and provide an estimated timeline for resolution.
- **Legal Protection** <br/>
We will not initiate legal action against you for reporting vulnerabilities, provided you adhere to the reporting guidelines.
- **Confidentiality** <br/>
Your report will be treated with confidentiality. We will not disclose your personal information to third parties without your consent.
- **Recognition** <br/>
With your permission, we are happy to publicly acknowledge your contribution to improving our security once the issue is resolved.
- **Timely Resolution** <br/>
We are committed to working closely with you throughout the resolution process, providing timely updates as necessary. Our goal is to address all reported vulnerabilities swiftly, and we will actively engage with you to coordinate a responsible disclosure once the issue is fully resolved.
1. Email your findings to security@plane.so.
2. Refrain from running automated scanners on our infrastructure or dashboard without prior consent. Contact us to set up a sandbox environment if necessary.
3. Do not exploit the vulnerability for malicious purposes, such as downloading excessive data or altering user data.
4. Maintain confidentiality and refrain from disclosing the vulnerability until it has been resolved.
5. Avoid using physical security attacks, social engineering, distributed denial of service, spam, or third-party applications.
When reporting a vulnerability, please provide sufficient information to allow us to reproduce and address the issue promptly. Include the IP address or URL of the affected system, along with a detailed description of the vulnerability.
## Our Commitment
We are committed to promptly addressing reported vulnerabilities and maintaining open communication throughout the resolution process. Here's what you can expect from us:
- **Response Time:** We will acknowledge receipt of your report within three business days and provide an expected resolution date.
- **Legal Protection:** We will not pursue legal action against you for reporting vulnerabilities, provided you adhere to the reporting guidelines.
- **Confidentiality:** Your report will be treated with strict confidentiality. We will not disclose your personal information to third parties without your consent.
- **Progress Updates:** We will keep you informed of our progress in resolving the reported vulnerability.
- **Recognition:** With your permission, we will publicly acknowledge you as the discoverer of the vulnerability.
- **Timely Resolution:** We strive to resolve all reported vulnerabilities promptly and will actively participate in the publication process once the issue is resolved.
We appreciate your cooperation in helping us maintain the security of our systems and protecting our clients. Thank you for your contributions to our security efforts.
We appreciate your help in ensuring the security of our platform. Your contributions are crucial to protecting our users and maintaining a secure environment. Thank you for working with us to keep Plane safe.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.