- Update USER_BLOCKED from 401 to 403 and simplify description
- Update GENERAL_RESOURCE_BLOCKED from 401 to 403
Rationale: 403 Forbidden is the correct HTTP status for authorization
failures where the user is authenticated but not permitted access.
401 Unauthorized is for authentication failures.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Optimize updateDocument() calls across the codebase to pass only changed
attributes as sparse Document objects rather than full documents. This is
more efficient because updateDocument() internally performs array_merge().
Changes:
- Updated 58 files to use sparse Document objects
- Added Performance Patterns section to AGENTS.md with optimization guidelines
- Applied pattern to Workers, Functions, Sites, Teams, VCS modules
- Updated app/controllers/api files (account, users, messaging)
- Updated app infrastructure files (realtime, general, init/resources, shared/api)
Exceptions maintained:
- Migration files (need full document updates by design)
- Cases with 6+ attributes (marginal benefit)
- Complex nested relationship logic
Stale in-memory project documents in ScheduleBase (and request-scoped
copies in api.php/general.php) were overwriting current DB state when
updateProjectAccess triggered. Because Database::updateDocument uses
array_merge with the passed document taking priority, cached projects
missing recent OAuth provider changes would silently disable them.
Now fetches a fresh project document from the DB before writing, so only
accessedAt is updated without clobbering other fields.
Introduce a generic event bus (Utopia\Bus) with typed events, listener
base class, Span instrumentation, and coroutine dispatch. Replace all
direct queueForExecutions and inline execution usage calls with
ExecutionCompleted event and dedicated listeners (Log, Usage).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Move teams API to Modules
* lint
* Move team prefs & logs API to Modules (#11359)
* Move team prefs & logs API to Modules
* format
* missin desc
* Move team memberships API to Modules (#11362)
* Move team memberships API to Modules
* fix config dir
* Cloud parity
* params
* Cloud conflicts
* refactor
* prop
* refactor
* set teamId
* feedback
* feedback 2
* fix url-encoding
- Updated versions for several dependencies in composer.lock, including utopia-php/database (5.3.3), utopia-php/detector (0.2.4), utopia-php/dns (1.6.5), utopia-php/framework (0.33.40), utopia-php/queue (0.15.6), and utopia-php/storage (1.0.1).
- Improved error logging in app/http.php and app/controllers/general.php to handle null routes gracefully, ensuring that the HTTP method and request URI are logged correctly even when the route is not defined.
loks0n
Chirag Aggarwal
eldadfux
Matej Bačo
fogelito
Hemachandar
Jake Barnby
Prem Palanisamy
copilot-swe-agent[bot]
ArnabChatterjee20k
Atharva Deosthale
Damodar Lohani
Matej Bačo