Tags: HolmesGPT/holmesgpt
Tags
docs: document LITELLM_MODEL_COST_MAP_URL for firewalled environments (… …#2054) ## Summary Documents `LITELLM_MODEL_COST_MAP_URL` and Robusta's mirror of LiteLLM's model catalog (`model_prices_and_context_window.json`). Customers whose egress firewalls block `raw.githubusercontent.com` cannot let LiteLLM refresh its model catalog (which determines per-model context windows, max output tokens, and pricing). The fix is purely operational — LiteLLM already honors `LITELLM_MODEL_COST_MAP_URL`, and Robusta now serves a mirror of the file at `https://api.robusta.dev/litellm/model_prices_and_context_window.json` with TTL caching and a stale fallback. Setting the env var via `additionalEnvVars` in Helm is all it takes. For fully self-hosted Robusta installs where the relay itself also cannot reach GitHub, the relay's `LITELLM_MODEL_COST_MAP_UPSTREAM_URL` can be pointed at Robusta's mirror to chain the lookup — documented inline. Relay-side endpoint: [robusta-dev/relay#533](robusta-dev/relay#533) (ROB-3898). ## Test plan - [ ] Render `docs/reference/environment-variables.md` locally and confirm the new section renders correctly - [ ] Verify the linked relay endpoint returns valid JSON once #533 is merged and deployed - [ ] Confirm `LITELLM_MODEL_COST_MAP_URL=https://api.robusta.dev/litellm/model_prices_and_context_window.json` works end-to-end from a HolmesGPT pod that cannot reach `raw.githubusercontent.com` --- _Generated by [Claude Code](https://claude.ai/code/session_01PmQBah9A7u3u4zDbyjmJ1C)_ <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added guidance for a new configuration variable to override the default LiteLLM model cost map URL. * Documented using an alternative mirror (with caching/fallback behavior) when direct downloads are restricted. * Included a Helm example showing how to set the configuration for deployments. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/HolmesGPT/holmesgpt/pull/2054?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Claude <noreply@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com>
Add GitLab MCP server integration for Holmes (#2037) ## Summary Adds a new GitLab MCP (Model Context Protocol) server addon to Holmes, enabling AI-powered investigation of GitLab projects, merge requests, issues, pipelines, and code. This complements the existing GitHub MCP integration and supports both GitLab Cloud (gitlab.com) and self-hosted GitLab instances. ## Key Changes - **Documentation** (`docs/data-sources/builtin-toolsets/gitlab-mcp.md`): Comprehensive guide covering: - Prerequisites and GitLab Personal Access Token (PAT) setup - Configuration for Holmes CLI, Holmes Helm Chart, and Robusta Helm Chart - Self-hosted GitLab support with SSL/TLS options (custom CA bundles and verification bypass) - Configuration reference table with all available options - Tool exposure customization via `toolsets` and `tools` parameters - Troubleshooting and common use cases - **Helm Templates**: - `deployment.yaml`: Kubernetes Deployment, Service, and ConfigMap for the GitLab MCP server - Wraps `@zereight/mcp-gitlab` via supergateway - Supports custom CA certificates for self-signed certificates - Configurable resource limits and health checks - `networkpolicy.yaml`: NetworkPolicy restricting ingress to Holmes pods only - `_helpers.tpl`: LLM instructions template with detailed investigation guidance for GitLab-specific scenarios (code issues, configuration changes, pipeline failures) - **Helm Values** (`values.yaml`): New `mcpAddons.gitlabMcp` section with: - Authentication via Kubernetes secret (GitLab PAT) - API URL configuration (defaults to gitlab.com, customizable for self-hosted) - Feature toggles: wiki, milestone, and pipeline tools - Project scoping options (projectId, allowedProjectIds) - Tool exposure controls (toolsets, tools) - SSL/TLS configuration (verifySsl, caCert) - Resource requests/limits, node selectors, tolerations, affinity - Custom LLM instructions override - **Integration**: Updated `toolset-config.yaml` to include GitLab MCP in the conditional check for generating the toolset ConfigMap - **Documentation Index**: Added GitLab MCP to navigation and integration listings ## Implementation Details - Follows the same pattern as the existing GitHub MCP addon for consistency - Supports both read-only and read-write modes via `config.readOnly` - Provides flexible tool exposure through `toolsets` (groups) and `tools` (hard allowlist) parameters - Includes comprehensive LLM instructions that guide the AI to investigate code, correlate failures with commits, and proactively suggest fixes - Supports self-hosted GitLab with proper SSL/TLS handling (preferred: custom CA bundles; fallback: verification bypass) - Uses supergateway to bridge stdio-based MCP server to SSE for Holmes consumption https://claude.ai/code/session_01RiDeMf7GMvXarTgPpyDUfF <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added GitLab (MCP) integration to access projects, merge requests, issues, and CI/CD pipelines. * Deployable via Helm/Kubernetes with configurable auth, TLS options, network policy support, resource/scheduling controls, and customizable server instructions. * **Documentation** * Comprehensive GitLab (MCP) documentation added, plus README/nav updates covering installation, configuration (including self‑hosted TLS), testing, and troubleshooting. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/HolmesGPT/holmesgpt/pull/2037?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Claude <noreply@anthropic.com> Signed-off-by: Arik Alon <alon.arik@gmail.com> Co-authored-by: Claude <noreply@anthropic.com>
ROB-3821: Add additional_env_froms support to Holmes Helm chart (#2028) ## Summary - Adds an `additional_env_froms` value to the Holmes Helm chart, rendered as `envFrom` on the Holmes container. - Mirrors the existing `runner.additional_env_froms` field in the Robusta chart so the same Secret / ConfigMap can be projected into both pods. - Lets users share credentials such as `ROBUSTA_UI_TOKEN` or `SLACK_TOKEN` between the Robusta runner and Holmes without restating each key under `additional_env_vars`. Defaults to `[]`, so this is a no-op for existing installations. ### Example \`\`\`yaml additional_env_froms: - secretRef: name: holmes-secrets \`\`\` ## Test plan - [ ] \`helm template\` with \`additional_env_froms: []\` (default) renders no \`envFrom\` block on the Holmes container. - [ ] \`helm template\` with a populated \`additional_env_froms\` list renders the entries under \`envFrom\` on the Holmes container. - [ ] Deploy with a \`secretRef\` entry and verify the projected env vars appear inside the Holmes pod (\`kubectl exec ... -- env\`). > Note: I couldn't find a pre-existing GitHub issue discussing this — happy to link one if there's an internal ticket beyond ROB-3821 that should be referenced. 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Support for injecting additional environment sources (ConfigMaps and Secrets) into Holmes pod deployments via new Helm configuration, enabling shared secrets/configs without duplicating individual entries. * **Documentation** * Added configuration comments explaining the new `additional_env_froms` option and usage examples for envFrom entries. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/HolmesGPT/holmesgpt/pull/2028) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Roi Glinik <groi.tech@gmail.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Enable private channels and add auth for realtime subscriptions (#2012) ## Summary Updated realtime channel configurations to use private channels with authentication and disabled presence, improving security for conversations worker subscriptions. ## Key Changes - **Authentication for realtime connections**: Added explicit authentication using the logged-in test user's access token in integration tests before subscribing to channels. This ensures RLS policies that gate on `is_account_user_role` and cluster permissions can properly resolve. - **Private channel configuration**: Changed all realtime channel subscriptions from public (`private: False`) to private (`private: True`) across: - `realtime_manager.py` - both pgchanges and broadcast subscriptions - Integration tests - conversations worker and broadcast health check tests - **Disabled presence tracking**: Added `"presence": {"enabled": False}` to all channel configurations to reduce unnecessary overhead. ## Implementation Details - The authentication fix addresses an issue where channels running as anonymous users were being rejected by Supabase with WebSocket code 1006 - Channel configuration is now consistent across all realtime subscriptions in the codebase - Private channels require proper authentication, which is now explicitly handled in test setup https://claude.ai/code/session_01BgVPhmz6YvnNvs13GqJq1L <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Real-time channels now use private-mode configuration with presence disabled for all subscription types. * Real-time connections are authenticated using the current user session token before channel join. * **Tests** * Integration tests updated to authenticate WebSocket realtime connections and subscribe to private broadcast channels. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Claude <noreply@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com>
ROB-3465 k8s mcp addon (#1992) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Kubernetes MCP server addon for model-context protocol integration * Toggleable RBAC mode and explicit k8sRBAC setting * Optional ServiceAccount creation with annotation and imagePullSecrets support; token automount disabled by default * Configurable MCP deployment options (image, resources, kubeconfig/secret, OAuth, extra args) * NetworkPolicy to restrict MCP ingress to the MCP service * Read-only / disable-destructive controls for Kubernetes operations * Customizable LLM instruction templates for the Kubernetes MCP <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Roi Glinik <groi.tech@gmail.com>
Add GitHub Copilot AI provider support (#1883) Fixes #1872 ## Summary This PR adds support for GitHub Copilot as an AI provider in HolmesGPT, enabling users to leverage their GitHub Copilot subscription for AI-powered diagnostics. ## Key Changes - **New documentation**: Added comprehensive GitHub Copilot provider guide (`docs/ai-providers/github-copilot.md`) covering: - Prerequisites and authentication via OAuth device flow - Required IDE-identifying headers configuration - Setup instructions for Holmes CLI, Holmes Helm Chart, and Robusta Helm Chart - Links to additional resources - **LLM validation logic**: Updated `holmes/core/llm.py` to handle GitHub Copilot's unique authentication model: - Added special case handling for `github_copilot` provider in `check_llm()` function - Skips standard API key validation since GitHub Copilot uses OAuth device flow instead of traditional API keys - LiteLLM handles token lifecycle internally - **Navigation update**: Added GitHub Copilot to the AI providers documentation navigation menu ## Implementation Details GitHub Copilot requires IDE-identifying headers (`Editor-Version`, `Editor-Plugin-Version`, `Copilot-Integration-Id`, `User-Agent`) on every API request. These can be configured via the `EXTRA_HEADERS` environment variable or the `extra_headers` field in model list configuration. The authentication flow uses LiteLLM's OAuth device flow, which prompts users to authorize via a GitHub URL on first run and caches the token locally for subsequent requests. https://claude.ai/code/session_01C2dTg3wn9MVt3UaqUBj8aE <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a GitHub Copilot setup guide (subscription requirements, required IDE headers, CLI/Helm/Robusta examples) and new navigation entry. * Clarified model list location resolution and CLI setup instructions. * **New Features** * Added GitHub Copilot as a supported provider with its auth flow and related error messaging. * Introduced per-user model-list override with server/default path resolution taking precedence. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Claude <noreply@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com>
[ROB-0000] Add optional extraVolumes, extraVolumeMounts, extraInitCon… …tainers, an… (#1958) …d additionalEnvVars to AWS MCP helm chart Allows users to customize the AWS MCP pod with custom CA bundles, sidecar volumes, and environment variables without forking the chart. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * AWS MCP deployments now support expanded pod customization options: * Custom environment variables * Additional volumes and volume mounts * Init containers for initialization tasks * Enables flexible configuration management for multi-account and custom deployment scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: avi@robusta.dev <avi@robusta.dev> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ROB-3703: Improve Data source configuration flow (#1912) ## Changes - **URL Parsing**: Fix UUID extraction to handle optional dashes and format IDs correctly as dashed UUIDs required by Notion API - **Authentication**: Correct header access from `toolset.internet_config.additional_headers` instead of `toolset.additional_headers` - **API Version**: Add required `Notion-Version: 2022-06-28` header to requests - **Error Handling**: Add JSON validation and better error logging for API responses - **Block Type Support**: Expand support for multiple Notion block types: - Headings (heading_1, heading_2, heading_3) - Lists (bulleted_list_item, numbered_list_item) - Other blocks (quote, callout, toggle, to_do) - **Refactoring**: Rename `parse_notion_content()` to `parse_notion_content_from_dict()` and use consolidated parsing logic with block type constants <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Notion import now renders more block types: multi-level headings, numbered lists, quotes, callouts, toggles, and to-dos with checkboxes. * Connector/config schemas include richer user-facing metadata (name, description, icon, docs anchor) and return nested metadata per config. * Added new managed Prometheus connector options (Coralogix, Google, Grafana Cloud) for alternate endpoints. * **Bug Fixes** * Improved Notion URL handling, request headers, JSON validation, clearer error reporting, and skipping of unsupported/empty blocks. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: alonelish <alon.elish@gmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Avi <97387909+Avi-Robusta@users.noreply.github.com>
[ROB-2694] Oauth (#1900) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Full OAuth support for MCP servers: PKCE/browser CLI flows, authorization-code callback, per-user/conversation token caching, background refresh, dynamic tool loading after auth, and token persistence options (memory/disk/DB). * **Bug Fixes** * Improved tool lookup, registration and replacement behavior; clearer tool-change logging. * **Documentation** * Added OAuth setup guide with CLI and Helm examples and browser-accessibility notes. * **Tests** * Extensive unit/integration tests and Kubernetes fixtures for MCP OAuth flows. * **Chores** * Added a `manual` pytest marker and CI-aware skipping of manual tests. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: avi@robusta.dev <avi@robusta.dev> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rebrand Azure OpenAI to Azure AI Foundry (#1922) This PR updates all references to "Azure OpenAI Service" to "Azure AI Foundry" across the codebase and documentation, reflecting Microsoft's rebranding of the service. ## Summary Azure OpenAI Service has been rebranded to Azure AI Foundry. This change updates all user-facing documentation, configuration examples, and internal references to use the new name while maintaining full backward compatibility with existing configurations. ## Key Changes - **Documentation**: - Renamed `docs/ai-providers/azure-openai.md` to `docs/ai-providers/azure-ai-foundry.md` - Converted old `azure-openai.md` to a redirect stub to preserve external links - Updated all references in installation guides, multi-provider docs, and navigation files - **Code Updates**: - Updated comments and docstrings in `holmes/core/llm.py`, `holmes/core/azure_token.py`, and `holmes/common/env_vars.py` to reference "Azure AI Foundry" - Updated error messages and logging in `tests/llm/utils/classifiers.py` - **Configuration & Setup**: - Updated CLI installation guide to reference "Azure AI Foundry" - Updated Kubernetes installation examples - Updated contributing guidelines with new service name - **Navigation & Metadata**: - Updated `docs/ai-providers/.nav.yml` and `mkdocs.yml` to point to new documentation file - Updated `docs/ai-providers/index.md` to reference Azure AI Foundry ## Implementation Details - The old `azure-openai.md` file is preserved as a redirect page using HTML meta refresh to avoid breaking external links - All environment variables (`AZURE_API_KEY`, `AZURE_API_BASE`, etc.) remain unchanged for backward compatibility - The actual API integration and functionality remain identical; this is purely a naming update https://claude.ai/code/session_014a8UZvSnBVz9cbFizEL9De <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Rebranded Azure provider references from "Azure OpenAI" to "Azure AI Foundry" across all documentation and configuration guides. * Added comprehensive Azure AI Foundry setup documentation including authentication methods, Kubernetes integration, and troubleshooting steps. * Updated navigation and quick-start guides to reflect the new provider branding. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Claude <noreply@anthropic.com> Co-authored-by: Claude <noreply@anthropic.com>
PreviousNext