First release outside of the image release process.
Main changes are:
- Introduction of code based package selection (performance increase)
- SQLite-VEC replacement of weaviate (performance / stability increase)
What's Changed
- Add apiBase to autocomplete model by @eleftherias in #24
- Set pull policy to always in the compose file by @jhrozek in #38
- Non-Functional Requirements by @lukehinds in #40
- Implement Basic CI by @lukehinds in #48
- Run make format by @jhrozek in #65
- Implement provider interface and OpenAI and Anthropic providers by @jhrozek in #66
- mock uvicorn.run in CLI serve command tests by @lukehinds in #72
- Dependabot by @lukehinds in #71
- Bump actions/checkout from 3 to 4 by @dependabot in #73
- Bump softprops/action-gh-release from 1 to 2 by @dependabot in #74
- Bump actions/setup-python from 4 to 5 by @dependabot in #75
- Bump litellm from 1.52.14 to 1.52.15 by @dependabot in #78
- Bump actions/cache from 3 to 4 by @dependabot in #79
- Keep the code coverage high by @jhrozek in #80
- Module prompt by @lukehinds in #81
- Create github action for syncing and exporting vector DB by @yrobla in #69
- Add embedding model by @ptelang in #84
- Add inferencing models by @ptelang in #85
- requires-python was breaking make test by @jhrozek in #88
- Add inference code by @ptelang in #82
- Fix linting errors in CI by @lukehinds in #89
- Bump actions/checkout from 3 to 4 by @dependabot in #92
- Change the imports to absolute instead of relative by @aponcedeleonch in #86
- Specify the provider in the URL to properly route traffic by @aponcedeleonch in #96
- Include .gitattributes file for git lfs by @aponcedeleonch in #98
- Bump bandit from 1.7.10 to 1.8.0 by @dependabot in #99
- Bump litellm from 1.52.15 to 1.52.16 by @dependabot in #100
- feat: modify embedding method to use embedding class by @yrobla in #101
- Add input processing pipeline + codegate-version pipeline step by @jhrozek in #91
- Update config to add singleton instance and add inference unit tests by @ptelang in #105
- Update llama.cpp related code to use openai format by @ptelang in #107
- Add normalizer instead of abusing LiteLLM adapter by @jhrozek in #106
- Add a forgotten file by @jhrozek in #112
- feat: create Dockerfile for shipping codegate as image by @yrobla in #113
- Add a FIM pipeline to Providers by @aponcedeleonch in #102
- Make the readme more fun by @lukehinds in #125
- Vllm provider by @lukehinds in #124
- On-the-fly secret scanning by @lukehinds in #119
- Add formatting step to CI by @poppysec in #120
- If codegate is detected in the message, change the system prompt by @jhrozek in #117
- Bump ruff from 0.8.0 to 0.8.1 by @dependabot in #126
- Bump python from 3.12-slim to 3.13-slim by @dependabot in #127
- Normalize and denormalize llamacpp streaming reply by @jhrozek in #121
- fix: Logging module always producing JSON by @aponcedeleonch in #129
- Code snippet extraction pipeline step by @jhrozek in #130
- Add FIM functionalty for VLLM provider by @aponcedeleonch in #132
- Bump pytest from 8.3.3 to 8.3.4 by @dependabot in #138
- Bump weaviate-client from 4.9.4 to 4.9.5 by @dependabot in #137
- Bump dawidd6/action-download-artifact from 6 to 7 by @dependabot in #139
- Ollama provider by @lukehinds in #135
- Respond with JSON if the request is non-stream by @aponcedeleonch in #149
- feat: enable weaviate usage in codegate by @yrobla in #128
- Split the im_start/im_end tags that VLLM is using into individual messages by @jhrozek in #131
- Remove non-instruct qwen model by @ptelang in #151
- Use pipelines in Ollama provider by @aponcedeleonch in #152
- fix: remove internal weaviate_data folder by @yrobla in #153
- Wire up secrets pipeline by @lukehinds in #154
- Delete .github/workflows/release.yml by @lukehinds in #155
- Update prompts to fix rag by @ptelang in #157
- Database schema and sqlc configs by @lukehinds in #136
- Bump litellm from 1.53.1 to 1.53.2 by @dependabot in #164
- fix: update weaviate EmbeddedOptions import path by @lukehinds in #159
- Convert async _close_models in LlamaCppInferenceEngine by @lukehinds in #158
- Fix llamacpp streaming completion by @ptelang in #163
- Add an output pipeline that deobfuscated secrets by @jhrozek in #162
- feat: replace models with lfs pointer files, and fix testing by @yrobla in #166
- fix: directly add minillm model into the repo by @yrobla in #169
- feat: enable image builds for ci by @yrobla in #168
- Record the output of the LLM in the DB by @aponcedeleonch in #165
- fix: use regular workers for image builds by @yrobla in #171
- Normalize key
messagesfor all providers by @aponcedeleonch in #170 - Silencing SQLAlchemy logs by @aponcedeleonch in #172
- Avoid DB conflicts when schema change by @aponcedeleonch in #173
- Make weaviate conform with codegate logging by @lukehinds in #174
- Bump weaviate-client from 4.9.5 to 4.9.6 by @dependabot in #184
- Bump aiosqlite from 0.19.0 to 0.20.0 by @dependabot in #183
- Bump docker/build-push-action from 6.7.0 to 6.10.0 by @dependabot in #180
- Bump docker/metadata-action from 5.5.1 to 5.6.1 by @dependabot in #179
- Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #178
- Bump fastapi from 0.115.5 to 0.115.6 by @dependabot in #182
- Bump litellm from 1.53.2 to 1.53.3 by @dependabot in #181
- Added initial dashboard functionality by @aponcedeleonch in #175
- Add a modifying output pipeline step, use it to decorate code snippets by @jhrozek in #177
- update dependencies to fix docker images by @yrobla in #189
- Disable codegate system prompt by @jhrozek in #191
- Disable tools until we handle them properly by @jhrozek in #190
- Implement the /models endpoint for the VLLM provider by @jhrozek in #188
- Tune context and prompts by @ptelang in #200
- Record alerts as part of the pipeline by @aponcedeleonch in #197
- Obfuscate text in all messages, not just the last user one + display feedback on the secrets we obfuscated by @jhrozek in #193
- Add backup import packages by @yrobla in #203
- Add cryptocurrency wallet related regular expressions by @poppysec in #199
- feat: enable restore from previous backups by @yrobla in #204
- fix: remove backup folder before taking it again by @yrobla in #206
- Remove regular expressions for secret variable names by @poppysec in #210
- The Wallet Mnemonic regex is catching too many strings by @jhrozek in #208
- feat: expose an entrypoint to restore from backup by @yrobla in #211
- Further removal of overbroad regex by @poppysec in #212
- Add CORS Middleware to FastAPI by @aponcedeleonch in #213
- Extract packages in both input and output using the LLM the user called with by @jhrozek in #214
- Warn about malicious, deprecated or archived packages in output snippets by @jhrozek in #215
- Add FE code to Docker image by @aponcedeleonch in #207
- Warn less loudly about leaked secrets that were already redacted by @jhrozek in #220
- Add word "ecosystem" to the context by @ptelang in #226
- Modify storageclient to singleton pattern by @ptelang in #223
- Use
defin FastAPI dashboard calls. by @aponcedeleonch in #222 - Fix backup by @yrobla in #230
- feat: add alerts sse notification endpoint by @peppescg in #227
- feat: allow to expose models base path and model name from cli by @yrobla in #231
- fix: download git models before publishing image by @yrobla in #232
- Reformat alerts on found packages by @aponcedeleonch in #235
- fix: deal with weaviate multiple network issues by @yrobla in #237
- Bump node from 20.18-slim to 23.3-slim by @dependabot in #229
- feat: allow to expose vllm_url as parameter in Docker by @yrobla in #240
- Generate snippet message only in case of bad packages are found by @ptelang in #236
- Filter Weaviate-matched objects by @ptelang in #233
- Add reponse format parameter to LLM chat completion call by @ptelang in #234
- fix: override translate method to return ChatCompletionRequest by @yrobla in #242
- fix: allow to disable the take/restore backup from import by @yrobla in #238
- feat: allow to parameterize urls in docker image by @yrobla in #245
- Implement no-stream handling for llamacpp by @ptelang in #251
- Add context message when no bad packages are found by @ptelang in #250
- FIM pipeline refactoring for Copilor by @jhrozek in #248
- fix: do not enclose urls with quotes by @yrobla in #255
- Modify package filtering to use to case insensitve matching by @ptelang in #256
- Add quotes around packages in the list by @ptelang in #258
- Use ollama python client for completion by @aponcedeleonch in #241
- Modify package extract prompt to clarify package is named entity by @ptelang in #259
- fix: lowercase the packages found in snippets by @yrobla in #260
- Update system prompt to perform security analysis by @ptelang in #264
- feat: add mountpoints for weaviate_data and models_path by @yrobla in #271
- Bump llama-cpp-python from 0.3.4 to 0.3.5 by @dependabot in #267
- Bump node from 23.3-slim to 23.4-slim by @dependabot in #266
- do not mount weaviate_data by @yrobla in #273
- Add regex for detecting AWS secret access key by @ptelang in #276
- feat: infer ecosystem from the user's query by @yrobla in #272
- Make sure we can speak with ollama localhosted from container by @aponcedeleonch in #275
- fix: correct urls for reporting packages by @yrobla in #277
- Move secret encryption step to the top of input processing by @ptelang in #278
- fix: copy default models to exposed volume on entrypoint by @yrobla in #283
- Link dashboard in message returned to the chat by @aponcedeleonch in #286
- fix: use node LTS version in Dockerfile by @peppescg in #287
- feat: import packages from external artifact by @yrobla in #288
- Create a
codegate_volumedirectory. by @aponcedeleonch in #284 - feat: replace all data with just dummy data by @yrobla in #289
- CoPilot Implementation by @lukehinds in #268
- Bad merge , my bad by @lukehinds in #293
- fix: fix formatting issues by @yrobla in #294
- fix: fix all tests in main branch by @yrobla in #295
- fix: only show output about secrets redacted for the last message by @yrobla in #292
- Adds cli command to generate certificate by @aponcedeleonch in #291
- Bump node from 22-slim to 23-slim by @dependabot in #299
- Fix Unit Tests by @lukehinds in #298
- start_serving should be False by @lukehinds in #304
- We were using the non existent self.headers by @lukehinds in #308
- Send Generic Proxy Name by @lukehinds in #306
- Help proxy startup standout in logs by @lukehinds in #305
- fix(FE): update nginx conf for serving all routes by @peppescg in #309
- Improve SSL security of target connections by @lukehinds in #303
- Use tempdir rather then leave certs directory in place after running tests by @stackloke2e in #312
- Add FIM processing for Copilot by @jhrozek in #311
- Add copilot headers/auth for extracting package/ecosystem by @ptelang in #314
- Copilot chats are sent through an input pipeline by @jhrozek in #315
- Remove internal inference url by @lukehinds in #313
- Push to stacklok/codegate and sign / scan by @lukehinds in #317
- Deconstruct the streaming reply into chunks and send them back individually by @jhrozek in #316
- Inspect all user messages for malicious packages by @ptelang in #318
- Pipe the Copilot output chunks through the output pipeline by @jhrozek in #319
- Fix Image Build by @lukehinds in #320
- Notify about the number of secrets redacted since the last assistant message instead by @jhrozek in #321
- Fix port in message to match the documented port. by @aponcedeleonch in #324
- Bump ruff from 0.8.2 to 0.8.3 by @dependabot in #325
- Bump litellm from 1.54.1 to 1.55.0 by @dependabot in #326
- Bump weaviate-client from 4.9.6 to 4.10.1 by @dependabot in #327
- Bump docker/build-push-action from 5 to 6 by @dependabot in #328
- fix: readd tests that were added at cli command by @yrobla in #307
- Add logic to check if certs exist for generate_certs by @lukehinds in #334
- Modify the prompt to clarify that user's message can contain multiple… by @ptelang in #336
- Style updates for developer docs and README by @danbarr in #338
- Placeholder needed for UI Cert Download by @lukehinds in #341
- Copilot DB integration. Keep DB objects in context to record at the end. by @aponcedeleonch in #331
- Add Project MD files by @lukehinds in #347
- Pass in copilot extra headers when analyzing output packages by @jhrozek in #346
- Allows certificate download via the dashboard by @lukehinds in #352
- Create models directory under codegate_volume by @ptelang in #342
- A hotfix for the FIM pipeline by @jhrozek in #353
- simplify signature initialization for optimization by @lukehinds in #354
- Fix FIM pipeline with copilot by @jhrozek in #362
- Improve logging by @lukehinds in #370
- Reduce from info to debug by @lukehinds in #368
- Cancel the processing_task on connection_lost and on exception by @jhrozek in #375
- Cache FIM entries in memory to avoid repeated writes to DB by @aponcedeleonch in #372
- A temporary workaround to make Anthropic FIM working with Continue by @jhrozek in #377
- Avoid caching FE code at docker build by @aponcedeleonch in #378
- Add null check for output string before JSON parsing by @ptelang in #382
- Obfuscate secrets before sending a snippet out for analysis by @jhrozek in #332
- Update readme, contrib, and security guides by @danbarr in #386
- fix: do not instantiate dbreader on each call by @yrobla in #391
- fix: do not try to send buffer data if it is empty by @yrobla in #393
- Refine caching non-copilot FIM calls by @aponcedeleonch in #392
- Fixup minor string inconsistencies by @danbarr in #397
- Fix codegate-version support and pipeline error by @ptelang in #396
- docs: update README.md by @eltociear in #403
- Replace unpinned actions with pinned action by @stacklok-cloud-staging in #404
- feat: add custom logger that includes the origin by @yrobla in #406
- Fix a typo in mappings by @jhrozek in #407
- Bump uvicorn from 0.32.1 to 0.34.0 by @dependabot in #356
- Bump pytest-asyncio from 0.24.0 to 0.25.0 by @dependabot in #357
- Bump weaviate-client from 4.10.1 to 4.10.2 by @dependabot in #359
- Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in #412
- Bump actions/checkout from 4.1.7 to 4.2.2 by @dependabot in #413
- Bump pydantic-settings from 2.6.1 to 2.7.0 by @dependabot in #360
- Bump litellm from 1.55.0 to 1.55.4 by @dependabot in #414
- Remove unused cert_gen.py by @jhrozek in #410
- Fix confusing debug messages by @jhrozek in #409
- fix: FIM not caching correctly non-python files by @aponcedeleonch in #408
- Add initial set of integration tests by @ptelang in #411
- Add secret type and context lines to secret alert by @aponcedeleonch in #422
- fix: wrap provider error codes into HTTP Exceptions by @yrobla in #421
- Remove the need for secrets at Docker build by @aponcedeleonch in #426
- Add custom handler of exceptions by @aponcedeleonch in #425
- Tune the system prompts to extract package names or ecosystems by @jhrozek in #428
- improve TLS handling with SNI support and cert caching by @lukehinds in #432
- feat(doc): add codegate-ui documentation by @peppescg in #427
- Run filter using the specified packages/ecosystem by @ptelang in #434
- Revert "Remove the need for secrets at Docker build" by @lukehinds in #435
- Animated gif by @lukehinds in #441
- Bump click from 8.1.7 to 8.1.8 by @dependabot in #443
- Bump jinja2 from 3.1.4 to 3.1.5 by @dependabot in #448
- sqlite-vec vectorization database by @lukehinds in #438
- Clean up test duplication by @lukehinds in #447
- Bump litellm from 1.55.8 to 1.55.11 by @dependabot in #449
- Bump numpy from 2.2.0 to 2.2.1 by @dependabot in #452
- Remove package/ecosystem extraction using llm by @ptelang in #444
- Remove mistaken added DB file by @lukehinds in #450
- Update README.md by @lukehinds in #460
- Add system prompt only in case bad packages or secrets are found by @ptelang in #456
- Add rust package extraction and python aliased-import extraction by @ptelang in #458
- Automate sqlite-vec vector DB generation for images by @lukehinds in #455
- Vec port by @lukehinds in #465
- Fix import packages by @lukehinds in #466
- Change to image publish on release by @lukehinds in #467
- Fork with the correct arch in place by @lukehinds in #468
- Align flags with main app and rename files archive by @lukehinds in #469
New Contributors
- @eleftherias made their first contribution in #24
- @jhrozek made their first contribution in #38
- @lukehinds made their first contribution in #40
- @dependabot made their first contribution in #73
- @yrobla made their first contribution in #69
- @ptelang made their first contribution in #84
- @aponcedeleonch made their first contribution in #86
- @poppysec made their first contribution in #120
- @peppescg made their first contribution in #227
- @stackloke2e made their first contribution in #312
- @danbarr made their first contribution in #338
- @eltociear made their first contribution in #403
- @stacklok-cloud-staging made their first contribution in #404
Full Changelog: https://github.com/stacklok/codegate/commits/v0.1.0
Contributors
jhrozek, yrobla, and 10 other contributors
Assets 2
1
Join discussion