Conversation
|
Click here to review and test in web IDE: |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
olexii4
force-pushed
the
AI_widget
branch
3 times, most recently
from
147736e to
dd23665
Compare
olexii4
force-pushed
the
AI_widget
branch
7 times, most recently
from
7a2dae5 to
c0f7621
Compare
olexii4
force-pushed
the
AI_widget
branch
8 times, most recently
from
cb23caf to
e756cf0
Compare
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1505 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1505", name: che-dashboard}]}}]" |
olexii4
force-pushed
the
AI_widget
branch
3 times, most recently
from
73b403a to
183e6c5
Compare
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1505 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1505", name: che-dashboard}]}}]" |
1 similar comment
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1505 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1505", name: che-dashboard}]}}]" |
Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
…al render Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
The setupCommand (e.g. creating ~/.gemini config dir) was joined with && to the critical symlink/PATH commands. When $HOME is read-only (e.g. Go toolset container), the setup failure prevented the symlink from being created, leaving the AI tool binary missing from PATH. Wrap setupCommand in a best-effort block so symlink and PATH setup always execute regardless of setup failures. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
…and test cleanup - Guard fetchAiProviderKeyStatus to skip when no AI providers/tools exist - Implement updateOutdatedAiTools() to auto-update stale AI tool injectors before workspace start (tag priority: next > latest > semver) - Fix bulk delete of AI provider keys (modal now accepts array of providers) - Replace personal image references with dummy names in tests - Add unit tests for updateOutdatedAiTools and prepareDevfile AI injection Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
…cleanup commands Init containers now clean their own files before copying, handling image updates naturally. removeAiToolFromWorkspace no longer adds postStart cleanup commands. sanitizeStaleAiTools now also removes orphaned tool commands (install/symlink/run/cleanup) whose injector component no longer exists in the spec. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
…Line Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
The frontend no longer base64-encodes the API key via btoa() before posting it to the backend. The backend is responsible for encoding when creating the Kubernetes Secret. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Kubernetes Secret `data` expects base64-encoded values, but the API key now arrives as plain text after removing frontend btoa() encoding. Switch to `stringData` so Kubernetes handles base64 encoding automatically. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
The onSelect callback was called inside the setState() updater function and read this.state.expandedId instead of prevState. Move the side effect to the setState callback to ensure it runs after state is committed and reads the correct values. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
When removing an AI tool, a cleanup postStart command is added to remove stale binaries from the shared PVC on the next workspace start. sanitizeStaleAiTools now preserves cleanup commands (they must run at least once) while still removing orphaned install/symlink/run commands. Also adds missing ai-registry mock in workspaceCreationTimeCheck to fix CI failure. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Wrap cleanup commands in `nohup sh -c '...' &` so they never block or freeze workspace startup. Each tool's cleanup runs independently and in parallel. If removal fails the command retries on next start. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Since cleanup postStart commands run in the background, by the next workspace start they have already executed. sanitizeStaleAiTools now removes orphaned cleanup-* commands automatically, so they do not accumulate in the spec even if the tool is never re-added. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
- Restrict toolId schema to K8s-label-safe characters (remove : and @) - Sanitize all non-label-safe chars in toSanitizedProviderId - Fix stuck isLoading when tools array is empty in refreshKeyStatus - Combine sanitize + update AI tools into a single PATCH on start - Batch double setState in AiSelector.handleToggle - Use providerId comparison instead of reference equality in List - Add onError fallback to provider icon <img> tags - Avoid redundant getProvider() calls in Gallery render Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Replace all occurrences of the specific AI agent name in code comments with a generic "AI Assistant" identifier. Assisted-by: AI Assistant Signed-off-by: Oleksii Orel <oorel@redhat.com>
When sanitizeStaleAiTools removes the injected-tools volume (because no recognized injectors remain), also remove the injected-tools volume mount and PATH env override from editor containers. Without this, the DevWorkspace operator rejects the spec with "unable to find volume mount injected-tools in devfile volume components". Assisted-by: AI Assistant Signed-off-by: Oleksii Orel <oorel@redhat.com>
Cleanup commands added by removeAiToolFromWorkspace were removed by sanitizeStaleAiTools before they could execute on cold start. Add a pending-cleanup annotation so the cleanup command survives one start cycle, executes during postStart, then gets removed on the next start. Also add a comment explaining why $(PATH) substitution cannot be used in the editor container env. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
JSON.parse can return primitives or arrays, not just objects. Add a runtime type guard before casting to Record<string, unknown> to prevent potential property access on non-object values. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Add tests for AiConfig selectors, fetchAiRegistry API client, AiSelectorDocsLink component, and AiSelectorErrorBoundary component to bring global function coverage back above the 85% threshold. Assisted-by: Claude Opus 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
The PATCH in startWorkspace only sent /spec/template, so annotation changes from sanitizeStaleAiTools were lost. This caused cleanup commands to never be removed and stale tool binaries to persist on the shared volume across restarts. Also adds tests for AddEditModal and DeleteModal to restore function coverage above the 85% threshold. Assisted-by: Claude Sonnet 4.5 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Assisted-by: Claude Sonnet 4.5 Signed-off-by: Oleksii Orel <oorel@redhat.com>
Assisted-by: Claude Sonnet 4.5 Signed-off-by: Oleksii Orel <oorel@redhat.com>
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1505 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1505", name: che-dashboard}]}}]" |
|
I have a few questions:
|
Adds tags support to AiProviderDefinition and renders a 'Tech-Preview' badge on AI provider cards in the 'Choose an AI Provider' widget, mirroring the existing badge pattern on devfile sample cards. - Add tags?: string[] to AiProviderDefinition (common package) - Pass tags from AiProviderGallery to AiProviderEntry - Render Tech-Preview badge in CardHeader.actions when tag is present - Add tests covering badge visibility with and without the tag Assisted-by: Claude Sonnet 4.6 Signed-off-by: Oleksii Orel <oorel@redhat.com>
|
Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1505 (linux/amd64, linux/arm64) kubectl patch commandkubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1505", name: che-dashboard}]}}]" |
@dmytro-ndp, here is my take on this: Q1 — Should we support Codex CLI, Copilot CLI, or other tools? This PR introduces only the injection mechanism — it does not ship, bundle, or endorse any specific AI CLI. The responsibility for which tools are available rests entirely with the cluster administrator who deploys the Any CLI can be supported — Codex CLI, Copilot CLI, or anything else — as long as an admin publishes a ConfigMap with the corresponding provider/tool entry and a container image that performs the injection. The current reference registry at github.com/olexii4/che-ai-tool-images (Gemini, Claude Code, OpenCode) exists solely to validate the mechanism and is not meant to be exhaustive. Q2 — Do we need agreements with AI CLI owners to show their tile in the Dashboard? No formal agreement is required on Che's side, for two reasons:
That said, administrators adding a specific tool to their registry take on the ToS responsibility for that tool. A couple of things worth flagging:
Q3 — Will team-wide API keys covering several accounts be supported? Not in this implementation — and doing it properly is non-trivial. The current design injects the API key as a per-workspace environment variable sourced from a per-user Kubernetes Secret. Each user manages their own key. A shared team key would require a cluster-level Secret readable across user namespaces, which creates real problems:
Beyond that, AI providers issue keys at the individual or organisation level and offer no built-in per-seat partitioning, so tracking who consumed what is impossible without an intermediary. The right path for team-wide keys would be a proxy gateway — something like LiteLLM — that holds the master key server-side, enforces per-user quotas, and hands short-lived scoped tokens to individual workspaces. That is a separate, substantial feature and out of scope for this PR. @ibuziuk WDYT? |
7 participants
What does this PR do?
Adds an AI Selector widget to the Create Workspace page and integrates AI tool management across the dashboard, allowing users to pick an AI tool (e.g. Gemini CLI, Claude Code, OpenCode), save their API key, and have the tool automatically injected into workspaces.
Type Definitions
Two separate types model the AI feature:
AiProviderDefinition— provider metadata (id, name, publisher, description, icon, docs URL). Icons and descriptions live on the provider, not on individual tools.AiToolDefinition— injection details (providerId as FK to provider, tag, binary, pattern, injectorImage, envVarName). TheproviderIdfollowsvendor/productconvention (e.g.anthropic/claude,google/gemini).Create Workspace — AI Provider Selector
User Preferences — AI Providers Keys
Workspace Details — Overview Tab
AiToolFormGroupsection displaying the currently injected AI tool (or "None").Workspaces List — AI Provider Column
AI Tool Injection into DevWorkspace
addAiToolToWorkspace()creates an init container from the tool'sinjectorImage, a sharedinjected-toolsvolume, and DevWorkspace lifecycle commands:applycommand runs the injector init container.execcommand symlinks the binary into PATH and optionally runssetupCommand.init(single binary copy) andbundle(full runtime directory with symlink).Screenshot/screencast of this PR
What issues does this PR fix or reference?
fixes eclipse-che/che#23796
Is it tested? How?
Setting up the AI Tool Registry
The dashboard reads AI tool definitions from a Kubernetes ConfigMap at runtime. To enable the AI widgets you need to create this ConfigMap:
When no ConfigMap is found, the dashboard returns an empty registry and all AI-related UI elements are hidden automatically. To remove all AI tools:
oc delete configmap ai-tool-registry -n "${CHE_NAMESPACE:-eclipse-che}"Manual testing steps
defaultAiProviderin the CheCluster CR, the "Use a Default AI Provider" panel should display the resolved provider name (e.g. "The default AI provider "Gemini" configured by your administrator will be used.").che.eclipse.org/ai-provider-id,controller.devfile.io/mount-to-devworkspace,controller.devfile.io/watch-secret) and annotation (controller.devfile.io/mount-as: env). Update and delete the key. Verify the "Key configured" badge updates on the Create Workspace gallery cards.which gemini). Verify the API key env var is set (e.g.echo $GEMINI_API_KEY).ai-tool-registryConfigMap and verify that the AI Provider Selector on the Create Workspace page, the AI Provider(s) column in the Workspaces List, and the AI Providers Keys tab in User Preferences are all hidden.gemini— verify the Gemini CLI starts (or prints its help/version output), confirming the AI tool binary was injected into PATH.claude— verify the Claude Code CLI is available.geminiandclaudecommands are available. Check the Workspaces List — the "AI Provider(s)" column should show icons for both tools.Release Notes
Docs PR
eclipse-che/che-docs#3062