ulysses/routes
Syed Ali Jaseem e3e37ce526
fix(sessions): scope enrichment queries by owner, add LIMIT to auto_sort (#3350)
GET /api/sessions fired full-table scans against sessions, documents, and
gallery_images on every call. Added DbSession.owner == user (line 265),
Document.owner == user (line 283), GalleryImage.owner == user (line 289),
and .limit(2000) to auto_sort_sessions (line 1013). All follow the existing
owner-scoping pattern at lines 700 and 1230. No behaviour change — the
response was already correct; this eliminates the over-fetch.
2026-06-07 21:32:21 +02:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
admin_wipe_routes.py Admin: wipe gallery albums with images 2026-06-02 20:35:57 +09:00
api_token_routes.py Codex Agent integration: HTTP surface + plugin bundle + Settings UI 2026-06-03 22:49:09 +09:00
assistant_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
auth_routes.py fix: avoid double bcrypt on login by using create_session_trusted (#3236) 2026-06-07 15:10:53 +02:00
backup_routes.py fix: restore backup import after skills migration (#2980) 2026-06-06 21:46:32 +01:00
calendar_routes.py fix(notes): handle time-first due_date phrases in parse_due_for_user (#3319) 2026-06-07 19:15:38 +02:00
chat_helpers.py Scope auxiliary LLM endpoints by owner (#2996) 2026-06-07 14:47:44 +02:00
chat_routes.py fix(agent): enforce guide-only tool policy (#3088) 2026-06-06 18:48:24 -06:00
cleanup_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
codex_routes.py fix(auth): gate api tokens from user routes (#2992) 2026-06-07 12:55:01 +02:00
compare_routes.py fix(compare): stop blind mode leaking model identities via session names (#1318) 2026-06-04 04:39:01 +01:00
contacts_routes.py Harden DAV outbound URL validation (#2819) 2026-06-05 13:22:21 +02:00
cookbook_helpers.py fix(cookbook): scan persisted HF cache paths (#3189) 2026-06-07 18:19:47 +02:00
cookbook_routes.py Fix/windows llama cpp serve and test upstream (#2669) 2026-06-05 14:53:33 +02:00
copilot_routes.py feat(provider): add GitHub Copilot provider with device-flow auth (#1480) 2026-06-04 21:13:14 +02:00
diagnostics_routes.py Fix email-thread HTML injection, attachment path traversal, and missing authz (#475) 2026-06-01 22:20:17 +09:00
document_helpers.py fix: _resolve_user_upload_path crashes on a non-dict resolve_upload result (#1715) 2026-06-03 13:34:33 +09:00
document_routes.py fix: port main-only fixes to dev (#2761 sharpen auth, #2762 doc version 404) (#3303) 2026-06-07 17:19:24 +02:00
editor_draft_routes.py Ignore invalid editor draft payloads (#1533) 2026-06-03 14:07:03 +09:00
email_helpers.py fix(email): decode headers without injected spaces (#2433) 2026-06-07 16:56:20 +02:00
email_pollers.py fix: quote IMAP mailbox arguments (#2170) 2026-06-05 16:00:20 +02:00
email_routes.py fix(email): scope AI caches by owner (#2695) 2026-06-05 02:21:50 +02:00
embedding_routes.py fix: split Chroma embedding lanes (#3046) 2026-06-06 03:17:19 -06:00
emoji_routes.py Harden emoji SVG proxy responses (#2842) 2026-06-05 10:31:58 +02:00
font_routes.py Keep compact font family names together (#1263) 2026-06-03 14:24:30 +09:00
gallery_helpers.py fix: gallery records raw instead of display dimensions for EXIF-rotated photos (#1667) 2026-06-03 14:23:04 +09:00
gallery_routes.py fix: port main-only fixes to dev (#2761 sharpen auth, #2762 doc version 404) (#3303) 2026-06-07 17:19:24 +02:00
history_routes.py Scope model helper endpoint resolution (#3007) 2026-06-07 12:40:23 +02:00
hwfit_routes.py Merge remote-tracking branch 'origin/main' into visual-pr-playground 2026-06-03 16:49:10 +09:00
mcp_routes.py feat(mcp): add Streamable HTTP transport with OAuth 2.0 (#1033) 2026-06-05 02:40:52 +02:00
memory_routes.py Scope vision model resolution by owner (#3009) 2026-06-07 12:39:02 +02:00
model_routes.py feat(platform): Add support for APFEL as part of the dependencies and models for the Cookbook. (#2657) 2026-06-07 17:28:02 +02:00
note_routes.py Harden note reminder dispatch ownership (#2999) 2026-06-07 12:52:27 +02:00
personal_routes.py fix: TOCTOU race in personal file delete + IndexError on whitespace cmd (#2228) 2026-06-07 16:44:26 +02:00
prefs_routes.py Persist user prefs atomically (#1840) 2026-06-04 03:55:22 +01:00
preset_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
research_routes.py Scope auxiliary LLM endpoints by owner (#2996) 2026-06-07 14:47:44 +02:00
search_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
session_routes.py fix(sessions): scope enrichment queries by owner, add LIMIT to auto_sort (#3350) 2026-06-07 21:32:21 +02:00
shell_routes.py fix(cookbook): don't 500 the packages panel when an optional package crashes on import (#2618) 2026-06-07 18:14:43 +02:00
signature_routes.py Constrain signature uploads to PNG data (#2844) 2026-06-05 13:17:43 +02:00
skills_routes.py feat(skills): import SKILL.md bundles from public GitHub URLs (#2576) 2026-06-05 19:48:23 +02:00
stt_routes.py fix(uploads): bound direct upload reads 2026-06-04 00:32:50 +01:00
task_routes.py Scope auxiliary LLM endpoints by owner (#2996) 2026-06-07 14:47:44 +02:00
tts_routes.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
upload_routes.py Scope vision model resolution by owner (#3009) 2026-06-07 12:39:02 +02:00
vault_routes.py Keep Bitwarden unlock password off argv (#1311) 2026-06-03 02:13:51 +09:00
webhook_routes.py feat: add OpenCode Zen and Go as provider options (#26) 2026-06-07 16:43:00 +02:00
workspace_routes.py feat: Add workspace: confine agent tools to a folder (#1103) 2026-06-05 00:06:37 +02:00