🦋 Changeset detected

Latest commit: 067fd9e

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Apr 7, 2026 3:05pm
agents-docs	Ready	Preview, Comment	Apr 7, 2026 3:05pm
agents-manage-ui	Ready	Preview, Comment	Apr 7, 2026 3:05pm

Preview URLs

Use these stable preview aliases for testing this PR:

• UI: https://pr-3029-ui.preview.inkeep.com
• API: https://pr-3029-api.preview.inkeep.com
• API health: https://pr-3029-api.preview.inkeep.com/health

These point to the same Vercel preview deployment as the bot comment, but they stay stable and easier to find.

@pullfrog update PR description based on changes in this PR

Updated the PR description for #3029 with a detailed summary of the ModelConfiguration refactoring — covering all 5 changed files, the slot-based auto-configuration pattern, prop simplification, inheritance computation, and extracted sub-components.

  ^{｜ View workflow run ｜ Triggered by Pullfrog ｜ Using Claude Opus ｜ 𝕏}

@claude add a changeset based on changes in this PR

Claude finished @dimaMachina's task in 48s —— View job

Adding changeset

• Analyze PR changes
• Create changeset

A changeset already exists at .changeset/refactor-model-configuration.md (added in commit ea2829b):

---
"@inkeep/agents-manage-ui": patch
---

Simplify ModelConfiguration component by removing onProviderOptionsChange and onModelChange callbacks in favor of direct form state management

No additional action needed.

TL;DR — Refactors ModelConfiguration from a heavily-parameterized component into a convention-driven one that derives its label, description, placeholder, clearability, and JSON template from the form field name path. This replaces ~10 individual props with a single inherited object and a slot-based lookup system, dramatically simplifying every call site.

Key changes

• Introduce slot-based convention system in ModelConfiguration — the component infers its role (base / structuredOutput / summarizer) from the form field name, looking up labels, descriptions, and placeholders from static maps instead of requiring callers to pass them.
• Consolidate four inherited-value props into a single inherited object — inheritedValue, inheritedProviderOptions, inheritedFallbackModels, and inheritedAllowedProviders are replaced by one typed ModelConfigurationInheritedValues prop with nullable fallbackModels and allowedProviders fields.
• Replace editorNamePrefix with React useId() — eliminates a threading prop across ModelConfiguration, AzureConfigurationSection, AllowedProvidersSection, and FallbackModelsSection in favor of stable, SSR-safe auto-generated IDs.
• Centralize JSON template resolution — the per-caller getJsonPlaceholder callback is removed; a single internal getJsonPlaceholder({ model, slot }) function handles all template variants.
• Rename options to providerOptions in model-section.tsx — aligns the getInheritance() return shape with the new ModelConfigurationInheritedValues interface across all 6 return branches.
• Extract shared inheritance variables in consumers — metadata-editor.tsx pre-computes baseInherited, structuredOutputInherited, and summarizerInherited objects, eliminating ~20 lines of chained nullish coalescing from the JSX.
• Fix duplicate React keys and hardcoded IDs — FallbackModelsSection key changed from model to `${model}-${index}`; AllowedProvidersSection radio button IDs changed from hardcoded "providers-all" / "providers-specific" to useId().
• Flatten render tree for provider options and fallback sections — Azure config, provider options editor, AllowedProvidersSection, and FallbackModelsSection are wrapped in a single Fragment under the effectiveModel guard instead of being separate sibling conditionals, reducing duplicated checks.
• Collapse GATEWAY_ROUTABLE_PROVIDERS_SET to single-line declaration — removes the multi-line new Set([…]) and explicit ReadonlySet<string> annotation in favor of a concise inline form.
• Add changeset — patch bump for @inkeep/agents-manage-ui documenting the refactor.

_{Summary ｜ 7 files ｜ 14 commits ｜ base: rm-onProviderOptionsChange-onModelChange ← rm-onProviderOptionsChange-onModelChange2}

Slot-based self-configuration for ModelConfiguration

Before: Every <ModelConfiguration> call site had to specify label, description, placeholder, canClear, editorNamePrefix, and a getJsonPlaceholder callback — repeating the same domain knowledge across three consumer files.
After: The component derives a slot from its form field name path (e.g. models.base → "base") and uses static lookup maps (MODEL_CONFIGURATION_LABELS, MODEL_CONFIGURATION_DESCRIPTIONS, MODEL_CONFIGURATION_PLACEHOLDERS) to self-configure. canClear is derived as slot !== 'base', and label / description accept optional overrides via ?? fallback.

getModelConfigurationSlot(name) splits the field path on . and maps the last segment to a ModelConfigurationSlot union type. A centralized getJsonPlaceholder({ model, slot }) function selects the correct Azure or standard template based on the model provider and slot, replacing callback props that were duplicated across six call sites.

How does JSON template selection work now?

The internal getJsonPlaceholder({ model, slot }) function checks if the model string starts with azure/ and branches on the slot to pick the right template import. This keeps all template imports consolidated in model-configuration.tsx instead of scattered across consumers.

model-configuration.tsx

Inherited values as a single typed object

Before: Four separate props (inheritedValue, inheritedProviderOptions, inheritedFallbackModels, inheritedAllowedProviders) were threaded from each consumer, with complex fallback chains inlined in JSX.
After: A single inherited?: ModelConfigurationInheritedValues prop carrying { model, providerOptions, fallbackModels, allowedProviders }. The component handles ?? undefined coercion internally so callers don't need to.

Consumer files now build the inherited object once. In metadata-editor.tsx, shared variables (model, fallbackModels, allowedProviders) are extracted from the watch data and reused across structuredOutputInherited and summarizerInherited, eliminating ~20 lines of duplicated nullish coalescing chains. project-models-section.tsx collapses its <ModelConfiguration> invocations from ~12 props each to a handful.

metadata-editor.tsx · model-section.tsx · project-models-section.tsx

Replace editorNamePrefix with useId()

Before: A string editorNamePrefix prop was passed down to generate HTML element IDs like ${editorNamePrefix}-azure-resource-name — and AllowedProvidersSection used hardcoded IDs ("providers-all", "providers-specific") that would collide when multiple instances render.
After: ModelConfiguration, AzureConfigurationSection, AllowedProvidersSection, and FallbackModelsSection each use React's useId() hook to generate stable, globally unique IDs with no prop threading or collision risk.

FallbackModelsSection also fixes its list item key from model to `${model}-${index}` — preventing React reconciliation issues when duplicate fallback model names appear — and consolidates two adjacent conditional blocks into a single ternary.

azure-configuration-section.tsx · model-configuration.tsx · models.ts

  ^{｜ View workflow run ｜ Triggered by Pullfrog ｜ Using Claude Opus ｜ 𝕏}

Ito Test Report ✅

9 test cases ran. 3 additional findings, 6 passed.

Overall, 9 test cases were executed with 6 passing and 3 failing (all Medium severity), indicating generally solid behavior but with important persistence issues still open. The key findings were that allowed-providers mode/list changes and fallback-model clears can fail to persist correctly after save/reload (including rapid toggle scenarios), while project creation and agents-route loading, model inheritance reset behavior, Azure field isolation/label targeting, mobile deep-link interruption handling, hostile providerOptions validation, and invalid URL tampering all behaved as expected without confirmed defects.

✅ Passed (6)

Category	Summary	Screenshot
Adversarial	Hostile providerOptions payload remained inert and malformed JSON submission was rejected before create completed.
Adversarial	Invalid project/agent deep links rendered 404/error states without leaking editable model data, including after back/forward navigation.
Edge	Azure one-of fields remained independent across two slots, and each Resource Name/Base URL label focused the correct in-slot input.
Edge	Mobile deep-link settings flow remained stable after refresh/back-forward; unsaved provider-options edits were not persisted and controls stayed interactive.
Happy-path	Re-validation confirmed project creation persisted and the new project's /agents route loaded successfully.
Happy-path	Re-execution verified structured/summarizer inheritance and clear-to-inherited behavior works as expected.

ℹ️ Additional Findings (3)

These findings are unrelated to the current changes but were observed during testing.

Category	Summary	Screenshot
Adversarial	🟠 Rapid provider-mode toggles can persist stale provider lists after save/reload.
Edge	🟠 Allowed providers state can diverge after save/reload when mode and list mutations are applied.
Edge	🟠 Clearing fallback models does not reliably persist an empty list after save/reload.

if (val === 'all') {
  setSpecificMode(false);
  onAllowedProvidersChange([]);
} else {

function onAllowedProvidersChange(providers: string[]) {
  allowedProvidersField.onChange(providers.length ? providers : undefined);
}

...(data.models.base.allowedProviders?.length && {
  allowedProviders: data.models.base.allowedProviders.filter(Boolean),
}),

onValueChange={(val) => {
  if (val === 'all') {
    setSpecificMode(false);
    onAllowedProvidersChange([]);
  } else {
    setSpecificMode(true);
  }
}}

function onAllowedProvidersChange(providers: string[]) {
  allowedProvidersField.onChange(providers.length ? providers : undefined);
}

...(data.models.base.allowedProviders?.length && {
  allowedProviders: data.models.base.allowedProviders.filter(Boolean),
}),

function onFallbackModelsChange(models: string[]) {
  fallbackModelsField.onChange(models.length ? models : undefined);
}

...(data.models.base.fallbackModels?.length && {
  fallbackModels: data.models.base.fallbackModels.filter(Boolean),
}),

...(data.models.structuredOutput.fallbackModels?.length && {
  fallbackModels: data.models.structuredOutput.fallbackModels.filter(Boolean),
}),

Commit: 5181496

View Full Run

Tell us how we did: Give Ito Feedback

@claude add a changeset based on changes exactly from this PR

Claude finished @dimaMachina's task in 1m 22s —— View job

Adding changeset

• Analyze PR changes
• Create changeset
• Push changes

Updated the existing changeset at .changeset/refactor-model-configuration.md to reflect the full scope of this PR:

---
"@inkeep/agents-manage-ui": patch
---

Refactor ModelConfiguration into a slot-aware component that auto-derives labels, descriptions, and JSON templates from the form field path, consolidating inherited values into a single typed object and fixing React key collisions in fallback models

| Branch

Ito Test Report ❌

14 test cases ran. 1 failed, 1 additional finding, 12 passed.

Across a unified run of 14 test cases, 12 passed and 2 failed, with broad confirmation that default-model and sub-agent settings persist correctly across save/reload, inheritance and inherited-to-explicit transitions behave as expected, slot-aware labels/templates render correctly, and rapid toggles/submits, navigation stress, malformed JSON recovery (non-Azure flow), and mobile sidepane editing remained stable.
The two key defects were a Critical authorization gap that lets viewer/read-only users perform project and agent mutations when the management bypass secret is enabled (effective system-level privilege escalation) and a High-severity Azure configuration bug where malformed providerOptions text is passed to unguarded JSON.parse and crashes the settings UI into the error boundary.

❌ Failed (1)

Category	Summary	Screenshot
Adversarial	⚠️ Azure provider options flow can crash settings via unguarded JSON parsing of editor text.

function handleProviderOptionsStringChange(nextValue = '') {
  onProviderOptionsChange(nextValue);
}

{effectiveModel.startsWith('azure/') && (
  <AzureConfigurationSection
    providerOptions={effectiveProviderOptions}
    onProviderOptionsChange={handleProviderOptionsStringChange}
    disabled={disabled || isUsingInheritedOptions}
  />
)}

const providerOptionsObj =
  typeof providerOptions === 'string'
    ? JSON.parse(providerOptions || '{}')
    : providerOptions || {};

✅ Passed (12)

Category	Summary	Screenshot
Adversarial	Deep-link refresh and repeated back/forward navigation preserved a stable, usable sub-agent editor with no visible corruption.
Adversarial	Rapid repeated submits on project and agent saves ended in one coherent persisted configuration after reload checks.
Edge	Malformed provider options JSON did not crash the UI; after correction to valid JSON, the form remained usable and save-ready.
Edge	Rapid provider toggles, mutation, and reload preserved intended allowed-provider and fallback state without UI corruption.
Edge	Rapid fallback add/cancel/remove/edit flows settled to a valid persisted state with no phantom rows after reload.
Edge	Sidepane remained usable at 390x844; model and JSON edits saved and persisted after reload.
Logic	Slot-specific labels, descriptions, and placeholders render correctly for base, structured output, and summarizer model sections.
Logic	Provider option templates correctly vary by slot and Azure vs non-Azure model selection.
Logic	Inherited provider options were cleared correctly when transitioning from inherited to explicit selection of the same effective model, and reload preserved the clean explicit state.
Happy-path	Explicit model/provider options persisted after save+reload, and inherited->explicit same-model transition cleared stale provider options.
Happy-path	Edited project default models (including Azure/non-Azure slot changes), saved successfully, and reloaded with persisted values intact.
Happy-path	Sub-agent structured-output override persisted after save/reload, clear-to-inherited restoration worked, and Azure-to-non-Azure transition behavior remained consistent.

ℹ️ Additional Findings (1)

These findings are unrelated to the current changes but were observed during testing.

Category	Summary	Screenshot
Adversarial	🚨 Read-only permission boundary is bypassed, allowing viewer-level mutation of project and agent settings.

const defaultHeaders: HeadersInit = {
  'Content-Type': 'application/json',
  ...options.headers,
  ...(cookieHeader && { Cookie: cookieHeader }),
  ...(process.env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET && {
    Authorization: `Bearer ${process.env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET}`,
  }),
};

// 1. First, check if it's the bypass secret
if (
  env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET &&
  token === env.INKEEP_AGENTS_MANAGE_API_BYPASS_SECRET
) {
  logger.info({}, 'Bypass secret authenticated successfully');

  // Set system user context for bypass authentication
  c.set('userId', 'system');

if (userId === 'system' || userId.startsWith('apikey:')) {
  await next();
  return;
}

Commit: 067fd9e

View Full Run

Tell us how we did: Give Ito Feedback

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 7 days if no further activity occurs.

If this PR is still relevant:

• Rebase it on the latest main branch
• Add a comment explaining its current status
• Request a review if it's ready

Thank you for your contributions!