Add theme configuration options to control visibility of Licenses and API links in the footer. Also add authentication token to vault version API requests in build workflow to prevent rate limiting issues.
Move ShowFooterPoweredBy from static setting to dynamic theme configuration, allowing admins to toggle the "Powered by GitCaddy Server" footer message through the admin panel without restarting the server.
Implement critical production readiness features for AI integration: per-request provider config, admin dashboard, workflow inspection, and plugin framework foundation.
Per-Request Provider Config:
- Add ProviderConfig struct to all AI request types
- Update queue to resolve provider/model/API key from cascade (repo > org > system)
- Pass resolved config to AI sidecar on every request
- Fixes multi-tenant issue where all orgs shared sidecar's hardcoded config
Admin AI Dashboard:
- Add /admin/ai page with sidecar health status
- Display global operation stats (total, 24h, success/fail/escalated counts)
- Show operations by tier, top 5 repos, token usage
- Recent operations table with repo, operation, status, duration
- Add GetGlobalOperationStats model method
Workflow Inspection:
- Add InspectWorkflow client method and types
- Implement workflow-inspect queue handler
- Add notifier trigger on workflow file push
- Analyzes YAML for syntax errors, security issues, best practices
- Returns structured issues with line numbers and suggested fixes
Plugin Framework (Phase 5 Foundation):
- Add external plugin config loading from app.ini
- Define ExternalPlugin interface and manager
- Add plugin.proto contract (Initialize, Shutdown, HealthCheck, OnEvent, HandleHTTP)
- Implement health monitoring with auto-restart for managed plugins
- Add event routing to subscribed plugins
- HTTP proxy support for plugin-served routes
This completes Tasks 1-4 from the production readiness plan and establishes the foundation for managed plugin lifecycle.
Adds bulk delete functionality to admin packages page, allowing deletion of multiple packages and all their versions at once. Includes confirmation dialog, success/warning flash messages showing count of deleted packages and versions, and proper error handling. Adds new locale strings for delete action, confirmation prompt, and result messages.
Add ability to bulk set packages as private or public in both admin and repository package views. Includes new bulk action buttons, visibility grouping in repository view, and corresponding backend handlers for processing visibility changes. Admin can manage all packages while repository owners can manage their own packages.
Adds standalone blog post view at /blog/:id with full content rendering, comments, reactions, and OpenGraph metadata. Implements optional "Blogs" link in site header navigation (configurable in admin settings). Enforces repository access permissions on standalone view. Loads repo owners for avatar fallback on explore page. Includes SEO-friendly URLs and social media sharing support.
Adds comprehensive blog post system for repositories with draft/public/published status, featured images, tags, and subscriptions. Includes database models, migrations, CRUD operations, email notifications, explore page, and full UI templates for creating, editing, and viewing blog posts.
- Add theme.hide_explore_button configuration option
- Add admin UI toggle in Site Administration > Configuration > Theme
- Conditionally hide Explore button from header navigation when enabled
- Separate from hide_explore_users (which only hides the Users tab)
- Useful for private instances that don't want to expose the Explore feature
Implement complete subscription monetization system for repositories with Stripe and PayPal integration. Includes:
- Database models and migrations for monetization settings, subscription products, and user subscriptions
- Payment provider abstraction layer with Stripe and PayPal implementations
- Admin UI for configuring payment providers and viewing subscriptions
- Repository settings UI for managing subscription products and tiers
- Subscription checkout flow and webhook handlers for payment events
- Access control to gate repository code behind active subscriptions
Include loaded plugin details (name, version, description) in /api/v2/version response when plugins are enabled. Also add page class to AI learning admin templates for consistent styling.
Add yellow "Limited" badge to repository listings across admin panel, organization home, pinned repos, and shared repo lists. Uses eye icon to distinguish limited repos from private (lock) and public repos.
Replace POST form with link-action button for canceling all waiting jobs. Update backend to check both query params and form fields for label parameter to support both approaches.
Add "Cancel All" button to waiting jobs view to cancel all waiting/blocked jobs at once, with optional label filtering. Improve individual job cancellation to preserve label filter in redirect URL and provide better error feedback.
Enhance waiting jobs view with waiting duration display, stuck job indicators (>30 min), and matching runner detection to identify orphaned jobs. Add ability to cancel waiting/blocked jobs directly from the queue view. Show which runners can satisfy each job's label requirements.
Adds a new page to view all waiting/blocked jobs for a specific runner label. This helps administrators identify which jobs are queued for particular runner labels and diagnose runner capacity issues.
Implements public package discovery page in the Explore menu. Shows public and global packages with pagination, filtering by type, and search. Adds admin setting to enable/disable the packages tab. Updates package search to support PublicOrGlobal filter for showing packages that are either public OR global. Includes new locale strings and templates.
Implements system-wide global secrets (OwnerID=0, RepoID=0) that can only be managed by admins. Global secrets are available to all workflows with lowest precedence (repo > org > global). Adds admin UI routes and templates for managing global secrets. Updates secret model to support three-tier hierarchy and proper precedence ordering.
Add is_global flag to packages allowing them to be accessible at root URLs without owner prefix. Include database migration, package settings UI, admin bulk operations, and automatic repository matching. This enables cleaner package URLs for organization-wide packages.
Adds a Site Admin page to view loaded plugins with:
- Plugin name, version, description
- Features (Database, Web UI, API, Repository, Licensed)
- License status for licensed plugins
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add workflow filter to clear-cancelled, clear-failed, clear-running, clear-old-success
- Add any option to AI Learning runner type filter
- Fix ServerStats int64 types for FileSize template function
- Add CPULoad field with platform-specific implementations
- Fix actions list template with conditional button visibility
- Use Gitea styled modal dialogs for all clear buttons
🤖 Generated with Claude Code
- Add AI Learning admin section for viewing/editing error patterns
- Add server status tiles to admin dashboard (CPU load, memory, disk)
- Auto-refresh dashboard tiles using HTMX
- Fix error template text (GitCaddy Server)
- Dark mode compatibility for all new UI elements
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix lint errors in AI learning MCP tools (interface{} -> any, append pattern)
- Update OAuth realm names from Gitea to GitCaddy
- Update User-Agent strings to GitCaddy
- Update default git user.name, mailer X-Mailer header
- Update API docs descriptions
- Update template comments and swagger descriptions
- Keep Gitea attribution in footer and as OAuth provider option
🤖 Generated with Claude Code
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Hide Explore Users toggle checkbox to theme settings
- Move Help URL setting inside Theme Configuration section
- Fix closing div tag placement
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rebrand:
- Binary renamed to gitcaddy-server
- Default AppName: GitCaddy
- New favicon and homepage logo
- Updated licenses.txt with MarketAlly copyright
- Footer: Powered by GitCaddy Server (Based on Gitea)
Homepage:
- Title: GitCaddy
- Tagline: Steeped in your workflow
- AI-Native Platform, Deploy Anywhere, Lightning Fast, Open Source
New Features:
- Explore Organizations tile cards display option
- Pinned repos show DisplayTitle if set
Fixes:
- Pages renamed to Landing Page in settings
Environment Variables (backward compatible):
- GITCADDY__ prefix (GITEA__ still supported)
- GITCADDY_WORK_DIR, GITCADDY_CUSTOM
- Add repository display title field shown in header and explore listings
- Add license settings page with predefined license types
- Auto-create LICENSE.md when license type is selected
- Show license in repo sidebar with link to LICENSE.md
- Add API header link option in theme settings
- Default explore/organizations sort to alphabetical
- Show org DisplayName only in /explore/organizations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add customizable homepage title and tagline via admin theme settings
- Add ability for site admins to pin organizations to homepage
- Add pinned organization display format option (condensed/regular)
- Hide promotional text when pinned organizations are displayed
- Add database migration for is_homepage_pinned column
- Add custom site icon support for favicon and navbar
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The "autofocus" was abused or misbehaved:
1. When users visit a page but they are not going to change a field,
then the field shouldn't get "autofocus"
* the "auth" / "user" page: in most cases, users do not want to change
the names
* see also the GitHub's "settings" page behavior.
2. There shouldn't be duplicate "autofocus" inputs in most cases, only
the first one focuses
3. When a panel is shown, the "autofocus" should get focus
* "add ssh key" panel
This PR fixes all these problems and by the way remove duplicate
"isElemHidden" function.
Fix#880
Design:
1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This PR uniform all temporary directory usage so that it will be easier
to manage.
Relate to #31792
- [x] Added a new setting to allow users to configure the global
temporary directory.
- [x] Move all temporary files and directories to be placed under
os.Temp()/gitea.
- [x] `setting.Repository.Local.LocalCopyPath` now will be
`setting.TempPath/local-repo` and the customized path is removed.
```diff
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[repository.local]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Path for local repository copy. Defaults to TEMP_PATH + `local-repo`, this is deprecated and cannot be changed
-;LOCAL_COPY_PATH = local-repo
```
- [x] `setting.Repository.Upload.TempPath` now will be
`settting.TempPath/uploads` and the customized path is removed.
```diff
;[repository.upload]
-;;
-;; Path for uploads. Defaults to TEMP_PATH + `uploads`
-;TEMP_PATH = uploads
```
- [x] `setting.Packages.ChunkedUploadPath` now will be
`settting.TempPath/package-upload` and the customized path is removed.
```diff
;[packages]
-;;
-;; Path for chunked uploads. Defaults it's `package-upload` under `TEMP_PATH` unless it's an absolute path.
-;CHUNKED_UPLOAD_PATH = package-upload
```
- [x] `setting.SSH.KeyTestPath` now will be
`settting.TempPath/ssh_key_test` and the customized path is removed.
```diff
[server]
-;;
-;; Directory to create temporary files in when testing public keys using ssh-keygen,
-;; default is the system temporary directory.
-;SSH_KEY_TEST_PATH =
```
TODO:
- [ ] setting.PprofDataPath haven't been changed because it may need to
be kept until somebody read it but temp path may be clean up any time.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#33966
```
;; User must sign in to view anything.
;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
;; for example: block anonymous AI crawlers from accessing repo code pages.
;; The "expensive" mode is experimental and subject to change.
;REQUIRE_SIGNIN_VIEW = false
```
Add a "No data available" message to be displayed when the list has no
data. This improves the user experience by providing clear feedback in
an empty state.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
