QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-25 09:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,736 Commits 461 Branches 545 Tags
135579b8e1bb68f08b27604fa642ce6996463f62
Commit Graph

958 Commits

Author SHA1 Message Date
Amin Ghadersohi
135579b8e1 fix(mcp): add type annotations to test fixtures and parameters 
Address code review feedback: add explicit type annotations
to all new test function parameters and fixture return types.
 2026-05-08 11:42:45 -04:00
Amin Ghadersohi
b9aee62f5f fix(mcp): wire composite verifier and add ApiKey permission sync 
Wire CompositeTokenVerifier into create_default_mcp_auth_factory,
add _api_key_passthrough detection in _resolve_user_from_jwt_context,
create ApiKey permissions in create_custom_permissions, and update
test_auth_api_key with pass-through and non-matching prefix tests.
 2026-05-08 11:42:45 -04:00
Amin Ghadersohi
7ad0b5e3f8 fix(mcp): create ApiKey permissions on init and support API keys with JWT auth 
Two fixes for MCP API key authentication:

1. superset init now creates ApiKey FAB permissions (can_list, can_create,
   can_get, can_delete) when FAB_API_KEY_ENABLED=True. Previously, because
   Superset uses AppBuilder(update_perms=False), FAB skipped permission
   creation during blueprint registration and superset init never picked
   them up, causing 403 errors on /api/v1/security/api_keys/.

2. CompositeTokenVerifier allows API key tokens (e.g. sst_...) to coexist
   with JWT auth on the MCP transport layer. Previously, when
   MCP_AUTH_ENABLED=True, the JWTVerifier rejected all non-JWT Bearer
   tokens at the transport layer before they could reach the Flask-level
   _resolve_user_from_api_key() handler. The composite verifier detects
   API key prefixes and passes them through with a marker claim, letting
   the existing auth priority chain handle validation.
 2026-05-08 11:42:45 -04:00
Richard Fogaca Nienkotter
549aff7cf9 fix(mcp): clarify chart preview URL metadata (#39731) 2026-04-29 12:37:40 -03:00
Daniel Vaz Gaspar
c7c9a17d6b fix(mysql): fallback to pymysql when MySQLdb is not installed in get_datatype() (#39729) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-29 14:40:39 +01:00
Amin Ghadersohi
4b42f82f13 fix(mcp): restore typed ChartConfig in tool schemas for LLM visibility (#39732) 2026-04-28 19:46:57 -04:00
Richard Fogaca Nienkotter
d0abb66fdf fix(mcp): default chart previews to ascii (#39719) 2026-04-28 13:30:39 -03:00
Amin Ghadersohi
6947881ba7 fix(mcp): classify user errors as WARNING, system errors as ERROR (#39634) 
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-28 08:55:17 -04:00
Mehmet Salih Yavuz
3f28f5d012 fix(mcp): surface structured errors for generate_chart validation failures (#39484) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-28 11:13:53 +03:00
Amin Ghadersohi
7774ec7e3c fix(mcp): database filter columns, timeseries SQL, and unsaved chart datasource name (#39636) 2026-04-27 13:41:06 -04:00
Evan Rusackas
2026a1de6a fix(i18n): Fix menu bar translations not updating on language change (#34565) 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Claude <claude@anthropic.com>
 2026-04-24 22:49:03 -07:00
Amin Ghadersohi
ad20285dd6 fix(mcp): sanitize chart config errors and accept field name aliases (#39606) 2026-04-24 21:30:43 -04:00
Richard Fogaca Nienkotter
57e563b177 fix(mcp): redact dashboard data model metadata (#39632) 2026-04-24 17:37:15 -03:00
Beto Dealmeida
edf4d03218 chore: bump rison to 2.0.0 (#39529) 2026-04-24 15:52:42 -04:00
Enzo Martellucci
d7941ccfec fix(mcp): surface XSS sanitization in chart/dashboard names instead of silently stripping (#39491) 2026-04-24 14:59:20 +02:00
Richard Fogaca Nienkotter
d79eb5842a fix(mcp): protect data-model metadata from dashboard viewers (#39599) 
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 09:40:39 -03:00
Luiz Otavio
970b5bcf75 fix(cross-filter): correctly cast adhoc column types when cross filtering (#39577) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-24 08:26:46 -03:00
Amin Ghadersohi
7c4f87615b fix(mcp): correct method name in API key auth (extract_api_key_from_request) (#39437) 2026-04-23 23:33:23 -04:00
Elizabeth Thompson
f0d521dfc2 fix(reports): poll for spinner absence instead of snapshotting loading elements (#39579) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-23 22:03:43 -03:00
Amin Ghadersohi
012bf52c8c fix(mcp): resolve $ref by inlining definitions in compact schema (#39562) 2026-04-23 17:58:06 -04:00
Richard Fogaca Nienkotter
0d50fd676b fix(mcp): hide user directory metadata from responses (#39576) 
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-23 17:35:08 -03:00
Enzo Martellucci
dae79a6cba fix(mcp): surface validation errors in generate_chart instead of empty response (#39522) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 21:50:02 +02:00
Michael S. Molina
362e5bf45e fix(jinja): drill-to-detail respects remove_filter=True in Jinja templates (#39594) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-23 16:11:13 -03:00
Amin Ghadersohi
b1b6a057d8 fix(mcp): unwrap ToolResult payload before truncation in ResponseSizeGuardMiddleware (#39578) 
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com>
 2026-04-23 12:35:13 -04:00
Joao Amaral
e10918307c fix(db): Add MariaDB DDL fix for NOCYCLE syntax (#37582) 2026-04-22 19:01:20 -04:00
Vitor Avila
5af17c7976 fix(OpenSearch): OpenSearch dialect for sqlglot (#39538) 2026-04-22 12:17:15 -03:00
Amin Ghadersohi
e6853894ab chore(mcp): extract shared chart helpers and ASCII rendering into separate modules (#39438) 2026-04-21 20:10:49 -04:00
Gabriel Torres Ruiz
919daabe54 fix(mcp): clear stale query_context in update_chart so filters and row_limit are applied (#39413) 2026-04-21 14:34:21 -03:00
Amin Ghadersohi
29806780dc chore(mcp): remove dead parse_request decorator and utility code (#39498) 2026-04-21 11:16:06 -04:00
Vitor Avila
191337e08d fix(db oauth2): Improve OAuth2 flow (#39499) 2026-04-21 11:54:52 -03:00
Brian Schreder
a222dab781 feat(dashboard): pre-filter time grain (#38922) 2026-04-21 10:35:24 -04:00
Maxime Beauchemin
151d7d76da fix(charts): set g.form_data for metric() Jinja macro on GET chart data endpoint (#39347) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-20 19:36:03 -07:00
Beto Dealmeida
11607dde04 feat(sqllab): syntax validation for sqlite-based DB engine specs (#38698) 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-04-20 18:29:51 -04:00
Beto Dealmeida
6535fdd556 chore: simplify Trino's OAuth detection (#39496) 2026-04-20 18:08:48 -04:00
Beto Dealmeida
5fb89b865d fix(oauth2): silence lock acquisition errors on token refresh (#39463) 
Co-authored-by: Beto Dealmeida <beto@preset.io>
 2026-04-20 18:08:33 -04:00
Amin Ghadersohi
6948e73ec7 feat(mcp): add get_chart_sql tool and expose chart filters in get_chart_info (#38700) 2026-04-20 17:50:10 -04:00
Maxime Beauchemin
c4cf03f899 fix(import): import tags during CLI native asset import (#39495) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-20 13:59:51 -07:00
Amin Ghadersohi
5cff657812 fix(mcp): default XY chart x-axis to dataset primary datetime column (#39421) 
Co-authored-by: codeant-ai-for-open-source[bot] <244253245+codeant-ai-for-open-source[bot]@users.noreply.github.com>
 2026-04-20 11:14:54 -04:00
Alexandru Soare
0857611a4e fix(mcp): Add defensive validator for ColumnInfo.is_nullable (#39365) 2026-04-20 13:50:31 +03:00
Geidō
51ea2c297d fix(dataset): calculated columns in virtual datasets fail when used as dynamic aggregation filter dimensions (#39004) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 13:44:53 +03:00
Gabriel Torres Ruiz
2e0d482ccf fix(mcp): support explicit query_mode in TableChartConfig (#39412) 2026-04-16 18:53:25 -03:00
Gabriel Torres Ruiz
e5b3a9c25d fix(mcp): replace inputSchema with parameters_hint in search_tools results by default (#39411) 2026-04-16 18:53:10 -03:00
Gabriel Torres Ruiz
c289731212 fix(mcp): prevent LLM from creating new dashboard instead of adding chart to existing one (#39353) 2026-04-16 18:52:53 -03:00
Mehmet Salih Yavuz
69f062b804 feat(mcp): add a preview flow to mcp chart updates (#39383) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-16 20:31:02 +03:00
Luiz Otavio
0b419a07f5 fix: add comments to SQL clause validation (#39167) 2026-04-16 09:19:39 -03:00
Amin Ghadersohi
e7b9fb277e fix(mcp): always push fresh app context per tool call to prevent g.user race (#39385) 2026-04-15 20:48:21 -04:00
Gabriel Torres Ruiz
18d6feb499 feat(mcp): add create_virtual_dataset tool to save SQL queries as datasets (#39279) 2026-04-15 13:04:32 -03:00
Beto Dealmeida
84f7b4a973 fix: do_ping takes a connection, not engine (#39013) 2026-04-15 11:10:24 -04:00
Alexandru Soare
ffcc6e8b63 fix(MCP): fix MCP logs (#39159) 2026-04-15 15:57:04 +03:00
Amin Ghadersohi
680cef0ee0 fix(mcp): strip json_metadata and position_json from get_dashboard_info response (#39101) 2026-04-09 17:30:57 -04:00