Pull latest from fork head#1
Open
alexlouden wants to merge 4115 commits intoBonobolabs:masterfrom
Open
Conversation
* WIP: Adding firestore:bulk-delete command. * Did clean ups. Manual testing works as expected. * Fixes and add tests. * fix test suite name * Address feedback (1). * address feedback (2). * address feedback (3). * rename bulk-delete to bulkdelete. * Address feedback and add changelog. * Add the requireAuth back for spec tests.
…9047) This commit introduces a few fixes: * Checking the status of a resumable upload by sending a PUT with a Content-Length of 0 no longer returns a 400 Bad Request and correctly returns a 308 status code if the upload is incomplete. * Resumable uploads are no longer finalized on the first chunk allowing multiple chunks to be uploaded. * Streaming uploads (uploads of unknown size) should now work correctly Co-authored-by: abhis3 <abhisun@google.com>
* Bump FDC local toolkit to v2.13.0. * Update changelog.
* feat: add new MCP tool 'core_login' This commit introduces a new MCP tool, `core_login`, to facilitate a two-step authentication process. The `core_login` tool: - Has an optional `authCode` argument. - When `authCode` is omitted, it returns a login URI and session code, prompting the user to authenticate in a browser. - When `authCode` is provided, it completes the login flow using the code. This new tool replicates the `studioPrototyper=true` login flow and is designed for use by MCP clients. Additionally, this commit includes a fix to correctly prefix core tools with `core_` instead of `firebase_`. * feat: add new MCP tool 'core_login' This commit introduces a new MCP tool, `core_login`, to facilitate a two-step authentication process. The `core_login` tool: - Has an optional `authCode` argument. - When `authCode` is omitted, it returns a login URI and session code, prompting the user to authenticate in a browser. - When `authCode` is provided, it completes the login flow using the code. This new tool replicates the `studioPrototyper=true` login flow and is designed for use by MCP clients. This commit also includes unit tests for the new tool and a fix to correctly prefix core tools with `core_` instead of `firebase_`. * Cleaning up return language * PR fixes * Wording improvements * feat: Add firebase_logout MCP tool (#9104) * feat: Add firebase_logout MCP tool This commit introduces a new MCP tool, `firebase_logout`, which allows users to log out from the Firebase CLI. The tool supports the following functionalities: - Logging out a specific user by providing their email address. - Logging out all currently authenticated users if no email is provided. - Automatically assigning a new default user if the current default user is logged out and other accounts are available. The implementation includes: - A new tool definition in `src/mcp/tools/core/firebase_logout.ts`. - Registration of the new tool in the `coreTools` array in `src/mcp/tools/core/index.ts`. - A comprehensive test suite in `src/mcp/tools/core/firebase_logout.spec.ts` to ensure correctness and cover various scenarios. * Adding log out tool * pr fix * Fix linter --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * typo * Mention tool in Auth error message * Fixing linter * Fixing linter * Fixes * format * changelog --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com>
- Importing interfaces for the Crashlytics public API - Setting appropriate return types in client responses - When retrieving native crash sessions, pruning all superfluous threads to dramatically reduce token usage. - Providing schemas for comprehensive filtering options - Consoldidating report client calls into a single method - Consolidating tool definitions and sharing schema defs
* Generalize createArchive for any directory.
* handle error * m
- Improving instructions and return values in crashlytics tools - Making interval handling more robust - Adding return messages to avoid undefined tool responses
…ager to do more than check your login status (#9133) * Tweak the connect prompt to look at gitignored files and to be less eager to do more than check your login status * Loosen prescriptiveness, ease testing proactivity, come up with multiple root causes * Respond to prompt review comments.
… in Firebase ToS (#9143) * update_environment can be used to accept Gemini ToS * changelog * Update src/mcp/tools/core/update_environment.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * m * m * m * m * m --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
- Adds `/firebase:init` prompt with placeholder guidance. - Resources are defined in `src/mcp/resources`. - Prompts and other output can "link" to resources by saying to use the `read_resources` tool with a particular URI. - Consolidates context into a single McpContext type. - Some additional refactoring and cleanup.
* Update GEMINI_TOS_ERROR * merge * m
* Expose init prompt without mcpalpha experiment * Remove import
* feat(mcp): Combine auth_get_user and auth_list_users tools Combines the `auth_get_user` and `auth_list_users` MCP tools into a single `auth_get_users` tool. This new tool has two optional arguments, `uids` and `emails`. - When no arguments are provided, it behaves like `auth_list_users`. - When either `emails` or `uids` is provided, it looks up users by the provided identifiers. Removes unused variables and ensures that `passwordHash` and `salt` fields are consistently removed from all user objects returned by the tool. * Formats * Parallelize calls * Small fixes * npm format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: Alexander Nohe <nohe@google.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| throw new Error( | ||
| `Expected ExecutionResult to have either "data" or "errors" set but none found` | ||
| ); | ||
| } |
There was a problem hiding this comment.
Bug: Validation incorrectly rejects valid null data GraphQL responses
The assertExecutionResult function uses !data && !errors to validate responses, but this incorrectly rejects { data: null } which is a valid GraphQL ExecutionResult (returned when a nullable root field resolves to null). Since !null is true, a valid response like { data: null } causes isExecutionResult to return false, which then displays an InternalErrorView instead of showing the successful null result. The check should verify property existence (e.g., 'data' in response) rather than truthiness.
* clean up iosAppUsesCrashlytics method * apply review changes
| cat "${TEMP_STDOUT}" >> "${GITHUB_OUTPUT}" | ||
| echo "EOF" >> "${GITHUB_OUTPUT}" | ||
| cat "${TEMP_STDERR}" >> "${GITHUB_OUTPUT}" | ||
| echo "EOF" >> "${GITHUB_OUTPUT}" |
There was a problem hiding this comment.
Bug: Test failure logs deleted before they can be preserved
The workflow script uses set -euo pipefail which causes immediate exit on test failure, combined with an EXIT trap that deletes the temporary log files. When npm run test fails, the script exits before reaching the lines that copy logs to gemini-artifacts/. The EXIT trap then deletes the temp files containing the test output. This means test failure logs (the most useful for debugging) are lost, while success logs are preserved—the opposite of what's typically desired for CI debugging.
* Improvments to the publish script * Preview over canary
* Allow TAR uploads to storage.
Rollback #9464 Firebase CLI will now synchronizes Cloud Scheduler's attemptDeadline with the function's timeoutSeconds for v2 scheduled functions, capped at 1800 seconds. This is a change from original attempt where we tried to expose a new configuration for scheduled function that allowed users to directly set the attemptDeadline. We don't know why they would ever drift, so we'll simplify make sure the Scheduler's timeout is in sync with functions timeout. Note that Cloud Scheduler has an attempt deadline range of [15s, 1800s], and defaults to 180s. We floor at 180s to be safe, even if the function timeout is shorter. This is because GCF/Cloud Run will already terminate the function at its configured timeout, so Cloud Scheduler won't actually wait the full 180s unless GCF itself fails to respond. Setting it shorter than 180s might cause premature retries due to network latency.
* working progress of mcp server registry * Adding mcpName to package.json * Use our actual package name * Provide the right command * Updating publish script to bump version in server.json too * Update src/mcp/server.json Co-authored-by: Michael Doyle <michael.james.doyle@gmail.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: Michael Doyle <michael.james.doyle@gmail.com>
* Docker image vulnerbaility fixes * single command, and headless jre
* Adding tests for loadCJSON * Update src/loadCJSON.spec.ts Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Format --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
| cat "${TEMP_STDOUT}" >> "${GITHUB_OUTPUT}" | ||
| echo "EOF" >> "${GITHUB_OUTPUT}" | ||
| cat "${TEMP_STDERR}" >> "${GITHUB_OUTPUT}" | ||
| echo "EOF" >> "${GITHUB_OUTPUT}" |
There was a problem hiding this comment.
Bug: Malformed GITHUB_OUTPUT format missing variable names
The workflow writes content to GITHUB_OUTPUT without specifying output variable names. The correct format for multiline outputs requires varname<<EOF on the first line, followed by content, then EOF as delimiter. The current code just appends raw file content followed by "EOF" strings, which is malformed and will cause the workflow to fail or produce no usable outputs since GitHub Actions can't parse this format.
* handle scenario where versionsList.versions is undefined * make printing tables testable * add tests * remove test:custom * make linter happy * Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Data Connect Emulator release v2.17.3 * format * address reveiw comments --------- Co-authored-by: Kushal Palesha <3357451+kushalpalesha@users.noreply.github.com>
| timeout: 1000 | ||
| recursive: true | ||
| node-options: | ||
| - no-experimental-strip-types |
There was a problem hiding this comment.
Bug: Node option incompatible with Node.js version 20
The node-options configuration includes no-experimental-strip-types, a flag that was only introduced in Node.js 22.6.0. Since the CI workflow runs tests on Node 20, 22, and 24 (per .github/workflows/node-test.yml), tests on Node 20 would fail with an unrecognized option error. Node.js exits with an error when it receives an unknown command-line flag.
* prevent deployments of Next.js apps vulnerable to CVE-2025-66478 * Update CHANGELOG to reference CVE-2025-66478 prevention in Next.js deployments (#9572) * Refactor error message for Next.js CVE-2025-66478 vulnerability check Updated the error handling to provide a more detailed and version-specific message when a vulnerable Next.js version is detected. The message now specifies the required patched versions based on the major version of Next.js, enhancing clarity for users on how to resolve the issue. * Enhance Next.js vulnerability check documentation Added references to CVE-2025-66478 and CVE-2025-55182 in the documentation for the Next.js version vulnerability check function. This provides users with direct links to relevant security advisories, improving awareness and guidance on addressing potential vulnerabilities. * format * update next.js version in webframeworks-deploy-tests * use semver for error message checks * remove unnecessary comments * Revert "update next.js version in webframeworks-deploy-tests" This reverts commit 22857f4. --------- Co-authored-by: Joe Hanley <joehanley@google.com>
Turns out you can have dependabot keep the actions up to date! Seems like an easy win :)
* Bump next to 16.0.7 for agent-evals * ESLint
* update valid Node.js engine to support 20, 22, and 24 * format --------- Co-authored-by: Joe Hanley <joehanley@google.com>
| - run: ${{ matrix.script }} | ||
| - name: Print debug logs | ||
| if: failure() | ||
| run: dir "*.log" /s/b | type |
There was a problem hiding this comment.
Bug: Windows workflow type command cannot read piped input
The Windows debug log printing command dir "*.log" /s/b | type does not work as intended. The Windows type command cannot read filenames from stdin/pipe - it only accepts filenames as command-line arguments. This command will silently produce no output or error when there are failures, defeating the purpose of printing debug logs. The correct approach would use a for loop to iterate over the files.
* Update next to match master (#9313) * Remove overrides that diverge the test configuration from the build configuration. (#9300) Co-authored-by: Jamie Rothfeder <rothbutter@google.com> * Fix misleading typing for options.json. (#9275) * feat(dataconnect): Add confirmation for Gemini schema generation (#9282) * feat(dataconnect): add confirmation for Gemini schema generation Instead of directly asking for an app description to generate a schema with Gemini, this change first asks the user to confirm if they want to use Gemini. If the user confirms, it then prompts for the app description with a default value of "an app for ${setup.projectId}". * prompts * changelog * m * feedback * typo * metrics * Update index.ts --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --------- Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: clean up monkey patching in functions emulator runtime (#9402) 1. Removed `functions.config()` Polyfill Removed initializeRuntimeConfig() from `src/emulator/functionsEmulatorRuntime.ts`. This function manually read `.runtimeconfig.json` and set `CLOUD_RUNTIME_CONFIG` env var to polyfill the logic for old clients of the Functions SDK. Functions SDK has included this feature for more than 5+ years now. 2. Removed Callable Auth Monkey Patches Removed wrapCallableHandler from src/emulator/functionsEmulatorRuntime.ts. that handled manual auth header swapping logic in src/emulator/functionsEmulator.ts. We now rely on the SDK's built-in skipTokenVerification feature shipped since 3.16.0. 3. Bumped Minimum SDK Version Increased minimum required firebase-functions version from 3.15.1 to 3.16.0 (launched 4+ years ago) in `src/emulator/functionsEmulatorRuntime.ts`. This ensures users have an SDK that supports skipTokenVerification and likely handles .runtimeconfig.json loading correctly in emulation. * BREAKING: hide functions:config:* commands by default (#9340) We'll gate all mutating functions:config:* commands behind the new `legacyRuntimeConfigCommands` experiment. We'll keep functions:config:{get,export} available for inspection. Includes some minor refactoring to align deprecation message across all surfaces. ```shell $ firebase functions:config:set FOO=bar Error: DEPRECATION NOTICE: Action required before March 2026 The functions.config() API and the Cloud Runtime Config service are deprecated. Deploys that rely on functions.config() will fail once Runtime Config shuts down in March 2026. The legacy functions:config:* CLI commands are deprecated and will be removed before March 2026. Migrate configuration to the Firebase Functions params APIs: import { defineJsonSecret } from "firebase-functions/params"; const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); To convert existing runtime config values, try the interactive migration command: firebase functions:config:export Learn more: https://firebase.google.com/docs/functions/config-env#migrate-config To run this legacy command temporarily, run the following command and try again: firebase experiments:enable legacyRuntimeConfigCommands ``` * BREAKING: Rewrite functions:config:export command (#9341) Target the new defineJsonSecret API as migration target for functions.config() usage. The new API is a simpler migration target for existing functions.config() use cases. Example flow: ```shell $ firebase functions:config:export i This command retrieves your Runtime Config values (accessed via functions.config()) and exports them as a Secret Manager secret. i Fetching your existing functions.config() from danielylee-90... ✔ Fetched your existing functions.config(). i Configuration to be exported: ⚠ This may contain sensitive data. Do not share this output. { <CONFIG> } ✔ What would you like to name the new secret for your configuration? RUNTIME_CONFIG ✔ Created new secret version projects/XXX/secrets/RUNTIME_CONFIG/versions/1 i To complete the migration, update your code: // Before: const functions = require('firebase-functions'); exports.myFunction = functions.https.onRequest((req, res) => { const apiKey = functions.config().service.key; // ... }); // After: const functions = require('firebase-functions'); const { defineJsonSecret } = require('firebase-functions/params'); const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) // Bind secret here .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); i Note: defineJsonSecret requires firebase-functions v6.6.0 or later. Update your package.json if needed. i Then deploy your functions: firebase deploy --only functions ``` * feat(firestore): return listBackupsResponse from firestore:backups:list --json (#9392) The `firestore:backups:list --json` command now returns the full `listBackupsResponse` object instead of just the `backups` array. This provides more information to the user, including a list of unreachable locations. * Break java (#9451) * error out java version below 21 * error out java version below 21 * error out java version below 21 * update formatting * Remove duplicate error message * Update CHANGELOG.md to include breaking change * update CI to java 21 * Add setup-java action to integration --------- Co-authored-by: Joe Hanley <joehanley@google.com> * Removing support for .bolt rules (#9339) * Removing support for .bolt rules * Changelog * Merging in master * Stop following symlinks when archiving directories (#9284) * Stop following symlinks when archiving directories * Update exfil PR (#9289) * Fix filter for symlinks * Fine. Preserve ordering at the cost of readability * Format * Progress on new approach * Remove unused tar path, fix up zip path to ignore symlinks, add test * More tests * Actually good for real this time ; --------- Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> * Remove --open-sesame and --close-sesame (#9532) * Lazy load commands (#9519) * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. - Added `scripts/benchmark_load.ts` to measure command load time. * Fix help command as well * Get rid of flawed benchmark test; * Clean up unused vars * Typeguards for style points * Move typeguard * Better types * CHANGELOG * More type cleanup * No anys * Fixing getCommand * Bump timeout? * 20s is better * Removing extra timing code * format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: Enforce strict timeout validation for functions (#9540) * feat: enforce strict timeout validation for functions * nit: run formatter * docs: add changelog entry for timeout validation * refactor: optimize timeout validation logic * nit: add "breaking" prefix in changelog. * bug: remove redundant timeout validation. * feat: remove obsolete parseTriggers fallback (#9521) * feat: remove obsolete parseTriggers fallback * nit: clean up conditional paths * feat(dataconnect): Update dataconnect:* commands to use flags for --service & --location (#9312) * Update Firestore Emulator to v1.20.2 (#9565) * Bump FS emulator version to 1.20.2 * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Fix test broken by merge conflict * format * Update version in server.json * Implement a `firebase init dataconnect:resolver` command. (#9493) * Implement a `firebase init dataconnect:schema` command. * Gate behind experiment flag and a few other fixes. * Add unit tests. * Fix unit tests. * Rename command to `firebase init dataconnect:resolver`. * Commit missed file. * Fix default location in Cloud Run URL. * Don't prompt for Cloud Run URL. * Remove no-op line. * Gate command at init level. * [VS Code] Fix rendering of generate query code lens (#9588) * Fix package-lock.json * Fix missing auth:import and appdistribution:testers:remove commands (#9590) * Fix missing auth:import and appdistribution:testers:remove commands * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Dont pass undefined to getCommand (#9596) * Fix --help (#9597) * Fix --help * handle firebase --help * bump fdc emulator to v3 (#9602) * FDC V3 * FDC V3 * merging --------- Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com> * lint --------- Co-authored-by: Fred Zhang <fredzqm@google.com> Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel Lee <danielylee@google.com> Co-authored-by: harshyyy21 <harshoza24@gmail.com> Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Rosalyn Tan <rosalyntan@google.com> Co-authored-by: Anthony Oleinik <48811365+antholeole@users.noreply.github.com> Co-authored-by: oleina <oleina@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Add comprehensive emulator/integration test suites and tooling, modernize sample functions to v2, and upgrade build environment to Node 20 with new builder and scripts.
Written by Cursor Bugbot for commit a5ebc25. This will update automatically on new commits. Configure here.