add the option of deleting an existing index during onboarding#2
Draft
add the option of deleting an existing index during onboarding#2
Conversation
Docs: Link to MCP README
Co-authored-by: Mendon Kissling <59585235+mendonk@users.noreply.github.com>
Docs: Grab bag configuration changes
…angflow-ai#979) * close one before opening the other * makes the animations uniform
feat: no tui cli wizard
# Conflicts: # src/tui/screens/config.py
feat: configurable FRONTEND_PORT + unified config
TUI config clean up
chore: uvx for doclilng-serve
refactor: migrate sidebar panel to use shadcn
Issues - langflow-ai#938 Summary Hardens .env file handling in EnvManager to prevent cleartext secrets from being exposed via insecure file permissions. All .env file writes now use os.open with 0o600 mode to restrict access to the file owner only, and adds fsync to ensure data durability. Also removes trailing whitespace throughout the file. Security Hardening - Replace `open()` with `os.open(..., 0o600)` + `os.fdopen()` for all .env file writes, ensuring owner-only (read/write) permissions on creation - Add `os.chmod(self.env_file, 0o600)` when overwriting pre-existing .env files to retroactively restrict permissions - Add `f.flush()` + `os.fsync()` calls to the main `save_env_file()` write path to guarantee data is durably written to disk Logging Improvements - Elevate `OPENRAG_VERSION` update error from `logger.debug` to `logger.error` so failures surface in standard log output Code Cleanup - Remove redundant `import os` statement in `ensure_version_in_env()` (already imported at module level) - Strip trailing whitespace on blank lines throughout the file
Issues - langflow-ai#938 Summary Two code paths in EnvManager left .env files with uncontrolled permissions after writing them. This commit adds the missing chmod calls so that every path — legacy migration, backup creation, and new-file creation — always results in owner-only (0o600) access, preventing cleartext secret exposure to other OS users. A new unit test target is also added to the Makefile for faster feedback on unit-only test runs. Security Fixes - Apply os.chmod(0o600) to the migrated .env after shutil.copy2 in the legacy migration branch (__init__), which previously inherited the source file's permissions. - Apply os.chmod(0o600) to the timestamped backup file created in save_env_file before the new .env is written, ensuring the backup is also protected. Tests - Add tests/unit/test_env_manager.py with 168 lines of unit tests covering all three affected code paths: - TestSaveEnvFilePermissions: new file creation, overwrite of a permissive existing file, and backup file permissions. - TestEnsureOpenragVersionPermissions: update of an existing permissive file and creation of a new file. - TestLegacyMigrationPermissions: migrated file receives 0o600 after copy. - All tests use pytest tmp_path and unittest.mock; no running infrastructure required. Tests are skipped on Windows (Unix permission model only). Build / Developer Experience - Add test-unit Makefile target (uv run pytest tests/unit/ -v) for running unit tests in isolation without triggering integration tests. - Register test-unit in .PHONY and add it to the help_test output.
…angflow-ai#984) * updated env example, docker compose and helm charts to include new variables * Update docs with openrag_version correct behavior * Update docs/docs/get-started/upgrade.mdx Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * updated upgrade.mdx * Update docs/docs/reference/configuration.mdx Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * Update .env.example Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * Update docs/docs/reference/configuration.mdx Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com> * change documents path place on example * removed duplicate lines --------- Co-authored-by: April I. Murphy <36110273+aimurphy@users.noreply.github.com>
…tible with langflow - 1.7.0.dev21
…aiGH-938-cleartext-opensearch-password-storage fix(security): Clear-text storage of sensitive information
…rgeve_fix_helm_chart_feb6
…working OpenRag flows
…art_feb6 feat: Helm chart changes to import Flow and document samples files from git
…ting_index_in_onboarding
add delete_existing parameter to init_index_when_ready
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.