v4 Phase 4 wrap-up: Marketplace + Identity scaffolds #27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… OAuth support - Introduced a new feature allowing users to send faxes via email attachments to a designated gateway address. - Implemented inbound fax reception as email attachments to a configured mailbox. - Established OAuth-only mail access to enhance security, with no raw passwords stored. - Developed a plugin architecture for email providers (Gmail, Outlook) and added necessary database schema for email processing. - Created detailed processing workflows for both outbound and inbound fax operations, including email monitoring and status notifications. - Added comprehensive security controls and risk mitigation strategies, including rate limiting and PHI detection for future HIPAA compliance. This commit lays the groundwork for a robust Email-to-Fax service, focusing on non-HIPAA use cases while preparing for future compliance enhancements.
…ve email-to-fax plan - Added a critical note emphasizing the importance of staying in the auto-tunnel branch for V4 and the multiphase V4 plan. - Removed the email-to-fax plan document to streamline project documentation and focus on current features.
- Introduced a detailed implementation plan for Phase 1 of the v4 project, outlining the incremental approach to building the foundational platform architecture. - Defined a six-week timeline with specific goals for each week, starting with the SecurityCore foundation and progressing through enhanced logging, message systems, trait enhancements, plugin management, and background workers. - Emphasized the importance of maintaining zero breaking changes while enabling future plugin development and enhanced security monitoring.
…r V4 - Revised AGENTS.md to reflect the ongoing V4 migration, emphasizing the plugin-first architecture and the importance of using the auto-tunnel branch. - Added a comprehensive migration checklist to ensure adherence to new coding patterns and practices, including the use of the plugin manager and trait checks. - Streamlined the document by removing outdated sections and enhancing clarity on the project's goals and requirements for the Admin Console. - Introduced new sections on provider-specific critical notes and common anti-patterns to guide developers in maintaining best practices during the transition.
…ompatibility (200 vs 202)
…greps via env; add health monitor stub; reference secrets in compose
…s + health monitor stub
…inbound/provider name checks in Inbound, Diagnostics; trait-gate settings and scripts; TunnelSettings sinch detection by traits
…helpers and active traits; refactor SetupWizard/ProviderSetupWizard/Scripts/Diagnostics/Inbound to trait-gating; purge active.outbound references
Co-authored-by: Faxbot Agent <bot@faxbot.local>
* PR7: send-side idempotency (Idempotency-Key) + canonical FAX_* events * fix: remove stray idempotency block under secrets check (caused return outside function) --------- Co-authored-by: Faxbot Agent <bot@faxbot.local>
Co-authored-by: Faxbot Agent <bot@faxbot.local>
…plan; anchor to auto-tunnel
…in base; manager identity support; identity/sqlalchemy shim stub (no behavior change). (#10) Co-authored-by: Faxbot Agent <bot@faxbot.local>
* P2-01/02/05: async DB helper, CSRF middleware (flagged), IdentityPlugin base; manager identity support; identity/sqlalchemy shim stub (no behavior change).
* P2-02: Add identity/sqlalchemy manifest; fix shim import paths to align with app.* package. No behavior change.
* P2-03/04: Add peppered session utilities and gated /auth endpoints (login/logout/refresh). Fail-fast secrets only when sessions enabled. No behavior change with flag off.
* P2-02: Identity provider test_connection via async DB engine; extend /admin/providers/{id}/test to call identity provider (no behavior change for default).
* P2-09: Add /admin/ui-config endpoint with ETag caching (safe; require_admin).
* P2-UI: Admin Console consumes /admin/ui-config; shows Sessions/CSRF flags; routes pass docsBase from uiConfig fallback.
* P2-07: Permission grammar helpers and demo guarded route (/admin/permissions/check) using canonical permissions mapped from API-key scopes. Non-breaking.
* P2-UI: Fetch user traits; disable Terminal/Scripts tabs per traits; minor role chips remain via ui-config. Non-breaking UI gating.
* P2-UI: Read-only mode for Settings when user lacks role.admin; disable Provider Setup Wizard button; add disabled support to ResponsiveSettingItem; inbound/outbound selects + apply/restart/save now greyed out when read-only.
* P2-UI: Read-only gating for API Keys and Plugins. Disable create/rotate/revoke/install/activate/configure when user lacks role.admin; pass readOnly from App based on user traits.
* P2-Identity: Implement async SQLAlchemy provider (users + password auth) with dev-only DDL init; integrate with in-memory sessions for create/validate. No behavior change unless sessions enabled.
* P2-Identity: Dev-only admin endpoint to create identity users (/admin/identity/dev/create-user), gated by FAXBOT_DEV_IDENTITY_INIT. Safe for local testing; no prod impact.
* CI greps: enforce async identity code (no db.query), single IdentityPlugin impl, and CSRF middleware presence.
* P2-UI: Extend read-only gating (ScriptsTests, OutboundSmokeTests, TunnelSettings) using user traits; P2-Smoke: add scripts/smoke/session_csrf_smoke.sh for cookie+CSRF dev testing.
---------
Co-authored-by: Faxbot Agent <bot@faxbot.local>
- Diagnostics.tsx: Add missing 'active' and 'registry' destructures from useTraits - Inbound.tsx: Remove unused 'active' variable, replace with 'hasTrait'; remove unused 'thirdParty' object - ScriptsTests.tsx: Add missing 'hasTrait' destructure from useTraits - Settings.tsx: Remove unused 'registry' from destructure and unused 'activeOutbound' variable - SetupWizard.tsx: Define missing 'basicOnly' and 'hasOAuth' variables based on auth methods These fixes resolve all TypeScript strict mode violations that were causing CI build failures.
- Fix db folder vs db.py import conflicts by renaming db/ to database/ - Add HierarchicalConfigProvider with encryption, caching, and audit trail - Implement HierarchicalRateLimiter middleware with per-endpoint limits - Add complete admin config API endpoints (/admin/config/v4/*) - Create ConfigurationManager React UI with hierarchy visualization - Update all import references across codebase - Add comprehensive event system for diagnostics and monitoring This completes PR21 implementation with full hierarchical configuration system supporting User → Group → Department → Tenant → Global → Default resolution order with Redis caching and Fernet encryption. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…onfig - Add ConfigGlobal, ConfigTenant, ConfigUser, ConfigAudit models - Add CanonicalEventDB model for event persistence - Add CacheManager with Redis backend and local fallback - All files now compile without missing import errors This resolves the import errors that were blocking CI validation. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
* fix(admin-ui): fix TypeScript build errors in ConfigurationManager component - Remove unused React import - Remove unused Accordion-related imports - Remove unused ExpandMoreIcon import - Remove unused safeKeys variable (use setter only) - Remove unused useTraits import and usage - Fix hasConfigAccess to not use non-existent traits.has method This completes the admin UI build fixes for the feat/pr16-config-manager branch. * PR16: Add initial ConfigurationManager component (read-only) - Created ConfigurationManager.tsx with hierarchical config display - Added v4 config API endpoints (effective, hierarchy, safe-keys, flush-cache) - Implemented basic HierarchicalConfigProvider with env/default fallback - Added CacheManager with in-memory storage - Wired ConfigurationManager into Admin Console Settings tab - UI displays config sources, hierarchy levels, and masked secrets Note: This is the minimal read-only implementation per Phase 3 runbook. Full database-backed hierarchy and editing capabilities will be added in subsequent PRs (PR17-21). * PR16: Implement comprehensive ConfigurationManager with database support Major enhancements to hierarchical configuration system: Backend Improvements: - Added database models for hierarchical config (global, tenant, department, group, user levels) - Implemented ConfigEncryption class with Fernet encryption for sensitive values - Enhanced HierarchicalConfigProvider with full database-backed resolution - Added Redis caching with automatic memory fallback - Created migration script for config tables - Added validation framework for safe configuration keys - Implemented masked value handling for audit trail Frontend Enhancements: - Enhanced ConfigurationManager UI with category-based organization - Added search and filter functionality for configuration keys - Improved hierarchy visualization with source badges - Added cache statistics display - Implemented proper masking for sensitive values - Added comprehensive key coverage (30+ config keys across 8 categories) Infrastructure: - Added required dependencies (cryptography, redis, sse-starlette) - Updated anyio to 4.11.0 to resolve dependency conflicts - Prepared foundation for SSE diagnostics and circuit breakers This establishes the full framework for Phase 3 configuration management. PR17 will add write capabilities for safe keys, followed by SSE diagnostics, circuit breakers, and rate limiting in subsequent PRs. --------- Co-authored-by: Faxbot Agent <bot@faxbot.local> Co-authored-by: Claude <noreply@anthropic.com>
* PR13: add hierarchical config models + Alembic migration (global/tenant/department/group/user + audit) * PR14: add CacheManager + HierarchicalConfigProvider and wire optional bootstrap (no UI/API yet); add deps (cryptography, redis, sse-starlette) * PR15: add v4 admin config endpoints (read-only) under /admin/config/v4; effective, hierarchy, safe-keys, flush-cache * PR18: canonical events emitter + admin diagnostics SSE/recent and main wiring * fix(admin-ui): repair TS errors in Diagnostics/Inbound/ScriptsTests/SetupWizard (missing useTraits destructures, remove unused, recompute auth flags) * fix: admin UI build (add missing traits vars, remove unused, recompute flags); bump anyio to satisfy sse-starlette * feat: enhance admin diagnostics with real-time event streaming and provider health management; add recent events endpoint with filtering options and database persistence for events --------- Co-authored-by: Faxbot Agent <bot@faxbot.local> Co-authored-by: Claude <noreply@anthropic.com>
- Downgrade sse-starlette from 2.2.1 to 1.8.2 - FastAPI 0.112.2 requires starlette<0.39.0, sse-starlette 2.2.1 requires >=0.41.3 - Version 1.8.2 is compatible with FastAPI's starlette requirement 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Models directory was missing __init__.py file - This caused OpenAPI generation to fail with "no module named 'app.models.events'" - Added proper package initialization with common imports 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove dynamic table creation in _ensure_dlq_table() function - Use proper SQLAlchemy model definition in WebhookDLQ class - Add proper indexes to WebhookDLQ model using __table_args__ - Import all models in db.py for proper registration - Resolves: Table 'webhook_dlq' is already defined error 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…e definition - SQLAlchemy was detecting webhook_dlq table as already defined - Add extend_existing=True to __table_args__ to allow redefinition - This resolves the "Table 'webhook_dlq' is already defined" error 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Rename models.py to schemas.py to avoid namespace conflict - Update import in main.py from .models to .schemas - This resolves "cannot import name 'FaxJobOut' from 'app.models'" error - models/ package now cleanly contains SQLAlchemy database models - schemas.py contains Pydantic request/response models 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
added 30 commits
October 4, 2025 20:30
CRITICAL MISSING FEATURE: HumbleFax has native email-to-fax that wasn't documented! Added comprehensive documentation for: - Email-to-fax sending (number@humblefax.com) - Email forwarding for received faxes - Quick start guide with real examples - Dual notification system (email + Faxbot webhook) - Supported file formats and features - Setup instructions for email forwarding Users can now: 1. Send faxes by emailing number@humblefax.com 2. Receive faxes as email PDF attachments 3. Use both email AND API methods This dramatically improves usability for HumbleFax users who don't know about this convenient native feature.
…in UI Backend fixes: - Add __init__.py to api/app/services/ and api/app/routers/ directories (required for proper module imports) - Add __init__.py to api/app/monitoring/ directory - Fix circular import in routers by moving require_admin to auth.py - Fix import paths in admin_diagnostics.py (app.services.events not api.app.services.events) - Fix import paths in admin_providers.py (app.auth not api.app.auth) - Add admin authentication to all events and provider health endpoints - Initialize ProviderHealthMonitor in app.state on startup - Add traceback logging for router mount failures Router endpoints now working: - /admin/diagnostics/events/types ✅ - /admin/diagnostics/events/recent ✅ - /admin/diagnostics/events/sse ✅ - /admin/providers/health ✅ This resolves the 404 errors in the Event Stream and Provider Health Status sections of the Diagnostics page.
EventSource API cannot send custom headers, so the SSE endpoint needs to accept the API key as a query parameter. Added admin_auth_query dependency that checks both query param (X-API-Key) and header as fallback. This fixes the 401 Unauthorized error in the Event Stream UI component.
Moved _get_mac_hex() and _developer_bypass_ok() helper functions from main.py to auth.py so the require_admin() function can properly check dev mode bypass. This allows DEVELOPER_UNLOCK=true to work for the new diagnostic routers, fixing 401 errors in dev environments.
- Emit FAX_QUEUED event when fax is created and queued - Emit FAX_SENT/FAX_DELIVERED/FAX_FAILED events based on provider response - Pass plugin_manager to ProviderHealthMonitor so it can discover configured providers - Events now appear in the Event Stream SSE in admin UI - Provider health will now show configured providers (sinch, humblefax, etc) This makes the Event Stream and Provider Health Status functional in diagnostics.
CRITICAL HIPAA FIX: - Fixed phone masking in event emission to show ONLY last 4 digits - Changed from to[:8] + '***' (shows first 8) to proper masking - Now shows: *******4567 instead of +1555555*** Provider Health Fix: - Added lazy discovery of providers in /admin/providers/health endpoint - Initialize circuit breakers for active_outbound() and active_inbound() - Provider Health Status now shows configured providers (sinch, humblefax) This resolves the HIPAA compliance violation and makes Provider Health functional.
- Added test_fax_number to Settings model (from TEST_FAX_NUMBER env var) - Exposed test_fax_number in /admin/config endpoint - Updated Diagnostics.tsx to load and use TEST_FAX_NUMBER - Updated OutboundSmokeTests.tsx to load and use TEST_FAX_NUMBER - Show helpful error when TEST_FAX_NUMBER not configured - Display configured test number in UI instead of fake +15555550123 This ensures smoke tests work with real providers (Sinch, HumbleFax, etc) instead of failing with fake numbers. Users configure their own test-capable fax number via TEST_FAX_NUMBER environment variable.
- Fixed EventStream to use toLocaleString() with milliseconds instead of date-fns format() - Removed unused date-fns import - All timestamps now show in user's local timezone - Format: Oct 06, 22:47:27.123 (24-hour, local time with ms precision) This ensures Event Stream, Provider Health, Jobs, and all other components show timestamps in the server's local timezone, not UTC.
…te in-UI doc links; normalize setup links to /setup/*; security/inbound/storage/mcp to canonical pages
…rial formatting; verified links; auto‑tunnel notes
…nbound via Plugin Manager; verified provider links
…are inbound; Material tips
…API Keys, Plugin Builder pages with Material tabs/admonitions
…rdening with HIPAA posture notes
…shooting with Material tabs/admonitions
…OutboundSmokeTests - Add test fax number input field directly in the test panels - Users can now configure TEST_FAX_NUMBER without leaving the UI - Fixes violation of GUI-first mandate - no more .env editing required - Error messages now guide users to configure in the same panel - Uses setConfigValue API to persist changes to environment level
…sible notes across Go‑Live, Setup, Networking, Apps, Admin, Getting Started
- Add TextField import to Diagnostics.tsx and OutboundSmokeTests.tsx - Fix TypeScript parameter type annotations for onChange handlers - UI now builds successfully and test fax number configuration works end-to-end
…tasklists with icons
- Copy exact phone validation logic from Send Fax tab to test number inputs - Auto-format US numbers as user types: (555) 123-4567 - Normalize to E.164 format before saving and sending: +15551234567 - Prevents '400 to must be E.164 or digits only' errors - Users can paste any format and it gets handled properly - Same UX as Send Fax tab for consistency
- Add same phone validation logic as Send Fax tab to ScriptsTests.tsx - Update both 'Test to number' and 'To number (optional)' fields - Auto-format US numbers: 3033769234 → (303) 376-9234 - Normalize to E.164 before sending: (303) 376-9234 → +13033769234 - Add helper text and type='tel' for mobile keyboards - Prevents E.164 validation errors in all test scenarios
…ctionality - Fix webhook processor to emit WEBHOOK_RECEIVED, WEBHOOK_VERIFIED, WEBHOOK_FAILED events - Fix webhook processor to use correct JOB_STATUS_CHANGED event type (was FAX_STATUS_CHANGED) - Add CONFIG_CHANGED events when settings are updated via hierarchical config provider - Add CONFIG_CHANGED events when admin settings are updated via /admin/settings endpoint - Fix missing json import in events.py - Make update_admin_settings async to support event emission - EventStream should now show all event types instead of just Fax Queued/Sent
…ate UI links to avoid latest alias breakage
…ross repo (readme, security, sdks)
…amically to true latest; keep gh-pages latest redirect dynamic and alias in versions.json
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This merges the Phase 4 work from auto-tunnel into development.
Highlights
No legacy routes renamed; v3 APIs intact. Callbacks keep 202 semantics. Admin remains API‑key login.