* feat: log user suspension to activity when rate limit reached
- Add AUTH_FAIL action to activity constants
- Log to directus_activity table when user gets suspended after exceeding login attempt limit
- Includes user ID, IP, user agent, origin and descriptive comment for audit trail
- Only logs when accountability context is available (web requests)
* feat: add github username to contributors for CLA
* build: add changeset
* fix: use UPDATE action
* feat: remove @directus/constants scope
* refactor: clean up code formating
* feat: add revision for activity update
* refactor: fix linter
* fix: remove local db
* fix: inject full user for revision and remove activity comment
* Update .changeset/four-doodles-give.md
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* init
* initial tool
* cleanup
* prefer server over mcpserver
* add admin tool check
* type defineTool
* update ping tool
* improve tool handling
* update tool definition
* rework typres and add initial tool
* add schema to input
* add schema to handler opts
* add system prompt
* rename defineTool types
* Update tool.ts
* handle zod errors
* return correct format
* fix tool list
* prefer names from tool definition
* continue items improv
* return zod as schema output
* pass data down from zod parse
* handle no input schema tool
* update response format
* add handler note
* Ensure collection exists before access
* prefer name in tool file
* remove redundant message
* fix type issue and typo
* sanitize query
* add singleton support
* add remaining item tool commands
* support validate schema
* remove single actions and deleteByQuery
* fix toarray import
* updated tool types
* add back missing rpc message import
* remove unnecessary input schema
* updated tool registration
* separate schema
* removed partial
* remove tool name prefix on schema
* file tool wip
* pass down correct collection for folders/files
* fix global list
* add base64 asset retrieval support
* enable files tool
* add multi tool result type support
* add schema tool
* add missing file schema to files tool
* add create singleton support
* fixed system tool missing inputSchema
* inputschema is not optional
* initial flows tools
* forgot to push the index
* fix closing the connection
* Update server.ts
* format
* revert
* inputSchema is not optional
* add notification handler
* fix tool handlers
* simplified express handler and fixed non-closing get requests from inspector
* add comment
* changed sse error code
* small tweaks
* auto sanitize query
* utilize relevant file/folder service over generic item
* prefer admin flag over explicit check
* add base description
* updated flows
* improve overview command
* dont include invalid field properties
* fix typings for schema overview
* add note to schema overview
* add schema overview interface choices
* reorg
* remove util and default opt out of mcp prevent delete
* fixed unreturned code paths
* fix service typing
* prevent delete should be opt in
* fix import
* fmt
* fix query
* added flows tool test
* added some tool util funcs for better testing
* return deleted keys on item delete
* add item tool tests
* Update items.test.ts
* fix delete for schema tool
* add schema tests
* export the transport class
* make handleRequest async
* await the handleREquest function
* reverted misleading async change
* Added awaiting to server tests
* added some files tests
* fmt
* fix mcp file test types
* move collection, field and relation to their own tools
* Add prompts
* enable trigger flow
* improve prompts
* test wip
* add prompts to build
* remove invalid args for schema tools
* finish collection and field tests
* finish relation tests
* add catalog for mcp sdk
* prefer zod builtin for json schema conversion
* Do not use custom types in json schema
* fix data extraction and validation process
* do not allow additional properties
* MCP -> Schema Tool and Prompt Updates (#25617)
* separate system prompt description and system prompt
* stop duplicating field names to save context
* fetch only collections list first - add keys to fetch detailed schema
* updated schema prompt
* add repeater support for schema tool
* add collection item dropdown support
* items prompt
* long form prompts (need to tighten and condense)
* simplified query schema
* fmt
* Improve typings
* add basic prompt support and add type file
* add query support
* Finalize prompt support
* remove outdata env values
* MCP settings page (#25687)
* Render MCP in all caps
* Bootstrap AI settings page
* Add migration for mcp settings
* Add translations for mcp settings
* Setup fields in system data
* Add more translations
* Add use-collection-validation composable
* Bootstrap mcp prompts validation interface
* Finish settings page
* Add changeset
* Run formatter and resolve stylelint warning
* remove changeset
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* remove unnecessary object strict changes
* revert import ordering
* designate specific file per tool
* default delete to disabled
* account for empty messages
* remove custom type for relation item
* MCP -> Schema Tool -> Add support for relationships (#25693)
* rough in relations for schema detail
* Update schema.ts
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* cleanup schemas
* MCP Settings -> Improvements (#25696)
* add sidebar component for consistency
* add the translations we can for mcp prompts schema
* fix icon for collection
* set proper order
* clean up interaction
* handle edge case where ai prompts collection is deleted but value still saved in settings
* Ignore AI settings in general settings (#25698)
* add system prompt override
* allow disabling system prompt
* add import from url option to files tool
* remove legacy type arg
* add url to result
* add url to flows
* add endpoint for read
* add url display to prompt
* add changeset
* fmt
* Do not utilize custom type in file import
* Improve appearance of v-notice components (in the MCP settings) (#25714)
* add indentContent prop to v-notice for improved alignment of slot content and change appearance of the button inside the v-notice
* add snapshot
* fix mcp system prompt note display
* Add dynamic mimetype and audio support
* Allow disabling mcp feature via env
* update changeset
* MCP -> Update Settings Labels and Notes (#25725)
* update copy for settings labels and descriptions
* add divider
* suggestions from mtkg team
* use success notice when validated
* update validation success msg
* add top notice
* just the endpoint and nothing but the endpoint
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* fix systemPrompt to system_prompt
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* utilize flow service for definition and limit to manual flows
* remove unnecessary check
* fmt
* ensure json expected fields are json
* Update folder tests
* prefer test
* add asset tool tests
* improve mcp test typing for folder and asset
* update collection tests
* prefer plural tool naming
* update field tests
* remove create action for files
* update file tests
* update flow tests
* update item tests
* update operation tests
* update relation tests
* add system tests
* Update trigger flow tests
* reorg asset error test to error handling
* add admin accountability for relation tests
* update schema tests
* prefer test over it
* add admin check
* prefer aftereach for clear mock
* improve protocol error
* MCP -> Possible Relations Tool Fix (#25754)
* remove extra try catch and switch to zod v4 built in errors
* replace custom schemas
* replace schemas
* resolve typing and format
* prefer discriminate union for actions
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* add json rpc error for invalid prompt
* prefer non protocol for tools and fix protocal errors for prompts
* promptsCollection should be optional
* fix server issues
* update server tests
* fix useCollectionValidation tests
* Remove remaining file create artifacts
* Remove custom types to allow proper validation
* restrict access to non public
* adjust schema tool to be non admin
* fix schema tool tests
* add non admin tool check in tests
* allow either field or data.field for relation create
* 405 to indicate no stream support
* ensure system accountability is not admin
* MCP Prompt Cleanup (#25745)
* asset-tool prompt
* trim files prompt
* remove tags example
* remove create from files prompt
* cleanup collection
* cleanup items
* add missing examples to operations
* add xml structure to improve comprehension
* flows and operations improvements
* remove create action from files tool
* fix query schema
* remove reused ref for OpenAI support
* update fields
* cleanup collections
* detailed field example
* cleanup folder
* update relations
* unconfuse folders and collection folders
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* fmt
* FlowItemInputSchema should be partial
* Fix operation tool input schema
* Fix schema tool tests
* MCP -> Improve collections tool prompts (#25781)
* Fix collection <> folder issue
* improve system fields handling
* Add asset downscaling
* fmt
* Add tool title annotation and prefix name with `directus`
* Fix tests for updated naming
* improve asset tests
* Update title to correct location
* Improve `inputSchema` for LLM ingestion (#25789)
* do not use top level unions
* support multi field create
* update prompt
* support transaction al calls on fieldsService methods
* cleanup
---------
Co-authored-by: bryantgillespie <hey@bryantgillespie.com>
* update field tests
* fix relations prompt
* Do not skip internal collections as long as permissions allow
* Update api/src/services/server.ts
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* Update app.ts
Co-Authored-By: Brainslug <br41nslug@users.noreply.github.com>
* whoops
* revert ws changes
---------
Co-authored-by: Brainslug <tim@brainslug.nl>
Co-authored-by: Bryant Gillespie <bryant@hireclockwork.com>
Co-authored-by: Rijk van Zanten <rijkvanzanten@me.com>
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
Co-authored-by: bryantgillespie <hey@bryantgillespie.com>
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* migration for requiring 2fa flow
* establish the flow
* update types and schemas
* hide require_2fa field from admin
* fix checkbox and endpoints
* working flow
* use existing tfa methods and endpoints instead of creating new ones
* send user to tfa setup if require2FA flag is truthy
* add translations
* Allow OAuth users to enter OTP on login page
* autofocus on OTP field to clarify flow
* adjust openid driver to handle OTP
* use OTP for selected provider
* add last provider to localStorage
* force oauth user to add email address before enabling 2FA
* allow user to cancel 2fa setup
* move redirect to oauth drivers so that it only happens on next login
* translations
* changeset
* should not allow user to cancel 2fa setup if being enforced by role
* refactor to allow tfa setup statuses instead of using a boolean
* send oauth users with role-based 2fa enforcement through the same setup flow as users requesting 2fa themselves
* remove field for tfa_status since it is not needed in the app
* fix state issue with user tfa status checkbox
* fix typescript complaint
* remove email requirement for oauth users
* go back to using boolean for setup status
* fix bool checks and force automatic logout
* replace changeset
* get password requirement from authenticated user instead of trusting the request
* Update api/src/controllers/users.ts
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* Update api/src/services/tfa.ts
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* deal with access to own provider field
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* give update permissions to require_tfa_setup by default
* replace instaces of "default" with existing constants
* fix incorrect redirect url for oauth users with tfa enabled
* cleanup
* Update .changeset/twenty-sloths-wait.md
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* remove duplicate redirect and cookie handling
* add request and cancel tfa endpoints to sdk
* make OTP input appear under the specific provider used, and fix input transition animation
* discard changes prior to enabling 2fa
* change verbiage of 2fa notice
* Update app/src/composables/use-tfa-setup.ts
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* Update app/src/composables/use-tfa-setup.ts
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* Update .changeset/twenty-sloths-wait.md
Co-authored-by: ian <licitdev@gmail.com>
* change 2FA to TFA in var and method names
* another vestige of unused require_password argument
* remove request_tfa_setup db field in favor of local storage for users manually requesting 2fa
* Fix build
* Update .changeset/twenty-sloths-wait.md
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
* remove unused file
---------
Co-authored-by: Alex Gaillard <alex@directus.io>
Co-authored-by: ian <licitdev@gmail.com>
Co-authored-by: Brainslug <br41nslug@users.noreply.github.com>
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* Dangerously update API deps
* Dangerously move app dependencies to pnpm-workspace
* Move all dependencies to catalog
* Sort catalog
* Pnpm update
* Use pnpm 10.14
* Update for zod breaking change
* Fix unhead breaking change
* Downgrade major api upgrades
* Downgrade app major upgrades
* Fix app tests
* Downgrade isolated-vm
* Add changeset
* Fix template in head
* Resolve unhead lang signature
* Downgrade unhead
* Downgrade keyv/redis
It uses a different redis lib under the hood which is incompatible
* Resolve import in test
* Update and move workspace root dependencies
* Update CSS for updated linter rules
* Oops
* Run formatter
* Update rule name
* Run prettier
* Move utils peer to catalog
* Add focus-trap dependency
* add override option for mailer service extensions
* added changeset
* sign cla
* optimize mailer "pooling"
* Adjust to allow smtp without pass as the default does
* Fixing format issues
* Optimize caching by following codeRabbit recommendations + formatting
* Optimize new type
* Reducing changes to FROM override only
* add unit tests
* Fixing micro format issue
* optimizations
* simplify tests
* update changeset wording
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* Make tests deterministic by dropping random
* Remove random dep
* Drop random package
* Update pnpm lock
* Update app/src/composables/use-permissions/collection/lib/is-action-allowed.test.ts
---------
Co-authored-by: Alex Gaillard <alex@directus.io>
* Update dependencies and move to catalog
* Add use-collection test
* Add 100% test coverage for use-collection
* Add tests for use-custom-selection
* Add tests for use-custom-selection
* Update workspace packages
* Make tests work with vitest 3
* Gen use-element-size tests
* Gen tests for use-filter-fields
* Gen tests for use-groupable
* Run formatter
* Run formatter some more
* Match node type to engine in package.json
* Gen tests for use-layout
* Gen tests for useSizeClass
* Gen tests for use-sync
* Add deprecation warning to useSync
* Gen tests for use-system
* Run formatter
* Update types for node type update
* Run formatter
* Add changeset
* Setup language_direction user setting
* Add option translations
* Add rtl const
* Return dir from getCurrentLanguage
* Set htmlAttrs for lang / dir
* Update tests, fix fallback
* Add test:watch script
* Add rtl transform in icon file
* Make sure the progress bar animates rtl
Devil's in the details
* Make sure sidebar animates correctly on smaller screens
* Care too much about the details
* Fix directionality on slider
* Fix drawer transitions
* Arrow alignment in settings
* Stacked drawers effect
* Full screen navigation
* Revert menu alignment
* Fix nudging on smoke click
* Add changeset
* Update app/src/components/v-menu.vue
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Format
* Format rebased work
* One more formatting quirk
* Update app/src/lang/translations/en-US.yaml
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
* Update .changeset/giant-cloths-play.md
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
* Add translation
* Remove importants
* Improve typing in get-current-language
* Update app/src/views/private/private-view.vue
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
* Update app/src/views/private/private-view.vue
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
* Fix tooltip directions
* Refactor user store to setup script
* Add language/dir to userStore
* Replace getCurrentLanguage w/ userStore
* Make html attrs reactive
* Rename language_direction to text_direction
* Appease the robot overlords
* Add text-direction to user type
* Make text-direction not nullable
* Fix arrow alignment
* fix top tooltips
* run formatter
* mirror directional icons
* Fix positioning for rtl
* Fix flow attachments
* Replace magic number with const
* Start refactoring arrows business logic
No way to properly write unit tests for these bits otherwise. Increases the surface of this PR quite a bit, but feels like a necessary evil...
* Move minMaxPoint to separate file
* Move is-point-in-panel out
* Move generateCorner to separate file
* Update docs
* Move range function out
* Move find-best-position to separate file
* Move get-points to separate file
* Move generate-path out of main fn
* Move create-line to separate file
* Rewrite docblock
* Add tests for generate arrows
* Make sure icons are only mirrored in rtl
* Add RTL for flow arrows
* Run formatter
* Remove extraneous setLanguage calls
* Fix mocks
* Fix generate test
* Fix review notes
* Fix pinia test stubbing
* Fix test runner and add coverage for rtl
* Mock global pinia in v-info test
* Remove unused imports
* Remove unused type
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Florian C. Wachmann <dev@formfcw.com>
* stream app extensions from the filesystem instead of storing them in the heap
* cleanup
* temp commit
* fmt and cleanup
* rename import and remove rollup
* fix lock file
* add EXTENSIONS_ROLLDOWN to switch between roll-up/down
* add comment
* fmt
* Update .changeset/violet-sloths-shine.md
Co-authored-by: ian <licitdev@gmail.com>
* Update api/package.json
Co-authored-by: ian <licitdev@gmail.com>
---------
Co-authored-by: ian <licitdev@gmail.com>
* fix replacing process.env.NODE_ENV on backend extensions
* use actual process.env['NODE_ENV']
* default to production to make it less of a breaking change
* Update shiny-eagles-stare.md
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
* treat all IDs as string for comparison
* Create orange-rules-train.md
* Update .changeset/orange-rules-train.md
---------
Co-authored-by: ian <licitdev@gmail.com>
* sanitize filename_disk
* removed comments
* using default uuid instead
* make sure we clean up temp files on database error
* rethrow original error
* move ops to single var
* Add missing `requireSelection` check. Fixes#25385
Should resolve the 403 error on manual flows with no selection.
* add `requireSelection` check before key permission check
* Fix type error
* add changeset
* Update famous-drinks-stare.md
* Adjust permission check to be based on targetKeys
* Ensure at least one targetKey exists before permission check
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@users.noreply.github.com>
