feat: add workspace sync export#2859
Conversation
daryllimyt
added
ui
This comment has been minimized.
This comment has been minimized.
|
@cubic review |
|
@codex review |
@daryllimyt I have started the AI code review. It will take a few minutes to complete. |
|
✅ No security or compliance issues detected. Reviewed everything up to 92dfbb2. Security Overview
Detected Code ChangesThe diff is too large to display a summary of code changes. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 01a64afffa
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
21 issues found across 56 files
Confidence score: 2/5
- The highest-risk issue is in
tracecat/workspace_sync/adapters/secret_metadata.py: broad exception handling during import can default failed decryptions to empty values, which can silently overwrite existing secrets and cause data loss. Fail fast on decryption/import errors and abort the write path before merging. tracecat/workspace_sync/adapters/agent_preset.pyhas state-faithfulness regressions: import currently mutates an existing version row and omits exported execution fields, so historical/pinned versions can change behavior unexpectedly. Restore snapshot-style version creation and map all exported execution fields on import before merge.tracecat/workspace_sync/adapters/case_dropdown.pyignores spec metadata on create and writes hardcoded defaults, which breaks round-trip sync and can silently alter dropdown behavior after pull. Apply the imported metadata fields on create/update so sync remains deterministic.tracecat/workflow/store/router.pynow drops explicit 404 handling for missing workspaces, so clients may receive a 500 for a domain not-found case and handle errors incorrectly. Reinstate the 404 mapping (and related test coverage) to de-risk API behavior before merging.
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
![zeropath-ai[bot]](https://avatars.githubusercontent.com/in/921241?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 20 files (changes from recent commits).
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 76730f150e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
This stack of pull requests is managed by Graphite. Learn more about stacking. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: df8385177d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| try: | ||
| table = await table_service.get_table_by_name(spec.name) | ||
| except TracecatNotFoundError: |
There was a problem hiding this comment.
If a table already has a sync mapping and the Git spec keeps the same source_id but changes name, this lookup misses the mapped local table, creates a second table, and _upsert_mapping then repoints the existing source mapping to the new table while leaving the old one behind. Pulling a table rename from Git should resolve by WorkspaceSyncResourceMapping.source_id first and call the table rename path instead of creating by name.
Useful? React with 👍 / 👎.
| for skill in skills: | ||
| source_id = unique_source_id(skill.name, reserved=reserved) | ||
| reserved.add(source_id) |
There was a problem hiding this comment.
After a skill has been exported once, operations such as restoring a version can change skill.name; recomputing source_id from that mutable name makes the next export miss the existing mapping and insert another row for the same local_id, which violates uq_workspace_sync_mapping_local. Load existing WorkspaceSyncResourceMapping rows by local skill ID here as the agent preset/table adapters do before falling back to unique_source_id.
Useful? React with 👍 / 👎.
- Add POST /workflows/sync/export/preview endpoint and preview_export_workspace service that count the resources a push would commit via a read-only projection, without mutating sync mappings - Redesign the push dialog: source -> branch -> pull request flow strip with a live resource count, stacked message/branch fields, rebalanced footer, and a clickable "View PR" toast action; shorten the title to "Push <resource>" - Resolve agent presets by stable source id on import and guard against slug collisions - Skip opening a pull request when the target branch has no commits ahead of the base branch - Only show the pull preview message on failure; keep the agent preset slug stable when editing an existing preset - Add export-preview unit test and agent preset acceptance-contract coverage; regenerate the frontend client
daryllimyt
force-pushed
the
codex/simpler-git-sync
branch
from
df83851 to
92dfbb2
Compare
|
Found 8 test failures on Blacksmith runners: Failures
|
1 participant
Summary
Impact
Workspace-level Git sync can now project supported workspace resources into a repository-backed spec and pull supported resources back into a workspace. Workspace push UI now uses a PR-only path for the new workspace sync surfaces, reducing the chance users bypass review from those flows.
Validation
pnpm -C frontend exec biome check --write src/components/settings/workspace-sync-settings.tsx src/components/workspace-sync/resource-sync-actions.tsxpnpm -C frontend run typecheckuv run pytest tests/unit/test_workspace_sync_service.py tests/unit/test_workspace_sync_acceptance_contract.py tests/unit/test_workflow_store_service.py tests/unit/test_workflow_sync_service.py -q(blocked locally: PostgreSQL on localhost:5432 was not running; all collected tests errored during DB fixture setup before test logic ran)Notes
qa-reports/workspace-sync-pr-only-qa-2026-06-16.html;qa-reports/remains untracked as a PR-only/local artifact.Summary by cubic
Adds workspace-level Git sync with a provider‑neutral service, PR‑only exports, and new preview endpoints for export counts and pull diffs. Updates the push flow with branch targeting, live resource counts, a unified diff viewer, and a toast link to the PR; expands resource coverage.
Bug Fixes
Migration
workspace_sync_resource_mappingwith RLS.Written for commit 92dfbb2. Summary will update on new commits.