Skip to content
Open
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
180297b
[MISC] Decommission prompt-service, old tools, and SDK1 prompt module…
harini-venkataraman May 19, 2026
2e1bc54
[MISC] Remove prompt-service from tox.ini env_list
harini-venkataraman May 20, 2026
7bdff5a
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] May 20, 2026
4774926
UN-2888 [FIX] Add hook for setting default triad for invited users (#…
pk-zipstack May 19, 2026
fd6e3e7
UN-3465 [FIX] Wrap set_user_organization in transaction.atomic (#1954)
chandrasekharan-zipstack May 19, 2026
c3c729d
UN-3386 [FEAT] Add Prompt Studio HITL change indicator plugin slot (#…
vishnuszipstack May 19, 2026
de78b7a
Add a dedicated OpenAI-compatible LLM adapter (#1895)
jimmyzhuu May 19, 2026
c1a42aa
ReverseMerge: V0.163.4 hotfix (#1980)
pk-zipstack May 21, 2026
a7a035a
UN-3476 [FIX] Revert atomic wrap on set_user_organization (#1977)
chandrasekharan-zipstack May 21, 2026
0619756
Merge remote-tracking branch 'origin/main' into feat/phase5-decommiss…
harini-venkataraman May 21, 2026
093a6b4
Restore text_extractor tool removed in Phase 5 decommission
harini-venkataraman May 26, 2026
13cfe5b
Restore classifier tool removed in Phase 5 decommission
harini-venkataraman Jun 1, 2026
db834ba
Merge origin/main into feat/phase5-decommission-old-components
harini-venkataraman Jun 12, 2026
55f873a
Remove unit-prompt-service group from test rig manifest
harini-venkataraman Jun 12, 2026
0b5508b
Merge branch 'main' into feat/phase5-decommission-old-components
harini-venkataraman Jun 12, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 2 additions & 14 deletions .github/workflows/docker-tools-build-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,9 @@ on:
service_name:
description: "Tool to build"
required: true
default: "tool-structure" # Provide a default value
default: "tool-sidecar" # Provide a default value
Comment thread
harini-venkataraman marked this conversation as resolved.
type: choice
options: # Define available options
- tool-classifier
- tool-structure
- tool-text-extractor
- tool-sidecar
add_latest_tag:
description: "Also tag as 'latest'"
Expand Down Expand Up @@ -58,16 +55,7 @@ jobs:
- name: Set build configuration
id: build-config
run: |
if [ "${{ github.event.inputs.service_name }}" == "tool-classifier" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=./tools/classifier/Dockerfile" >> $GITHUB_OUTPUT
elif [ "${{ github.event.inputs.service_name }}" == "tool-structure" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=./tools/structure/Dockerfile" >> $GITHUB_OUTPUT
elif [ "${{ github.event.inputs.service_name }}" == "tool-text-extractor" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=./tools/text_extractor/Dockerfile" >> $GITHUB_OUTPUT
elif [ "${{ github.event.inputs.service_name }}" == "tool-sidecar" ]; then
if [ "${{ github.event.inputs.service_name }}" == "tool-sidecar" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> $GITHUB_OUTPUT
fi
Comment on lines +60 to 69

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify this workflow no longer embeds GitHub expression templates directly in shell conditionals.
rg -n -C2 '\$\{\{\s*github\.event\.inputs\.service_name\s*\}\}' .github/workflows/docker-tools-build-push.yaml
# Expected after fix: only appears in YAML fields (e.g., run-name/tags), not inside shell branching logic.

Repository: Zipstack/unstract

Length of output: 1382


🏁 Script executed:

rg -n -C2 '\$\{\{\s*github\.event\.inputs\.service_name\s*\}\}' .github/workflows/docker-tools-build-push.yaml
# Expected: no occurrences inside the bash branching logic; `${{ github.event.inputs.service_name }}` should be assigned to an env var or used in non-branching YAML fields.

Repository: Zipstack/unstract

Length of output: 1382


Harden service_name branching and fail closed for unknown values.

In .github/workflows/docker-tools-build-push.yaml (lines 59-64), bash if/elif branches embed ${{ github.event.inputs.service_name }} directly and there’s no default else/* to reject unsupported values, so the step can leave $GITHUB_OUTPUT unset for unexpected inputs. Use an env var + case whitelist with an explicit exit 1 for unknown values.

Suggested patch
       - name: Set build configuration
         id: build-config
+        env:
+          SERVICE_NAME: ${{ github.event.inputs.service_name }}
         run: |
-          if [ "${{ github.event.inputs.service_name }}" == "tool-sidecar" ]; then
-            echo "context=." >> $GITHUB_OUTPUT
-            echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> $GITHUB_OUTPUT
-          elif [ "${{ github.event.inputs.service_name }}" == "tool-text-extractor" ]; then
-            echo "context=." >> $GITHUB_OUTPUT
-            echo "dockerfile=./tools/text_extractor/Dockerfile" >> $GITHUB_OUTPUT
-          fi
+          case "$SERVICE_NAME" in
+            tool-sidecar)
+              echo "context=." >> "$GITHUB_OUTPUT"
+              echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> "$GITHUB_OUTPUT"
+              ;;
+            tool-text-extractor)
+              echo "context=." >> "$GITHUB_OUTPUT"
+              echo "dockerfile=./tools/text_extractor/Dockerfile" >> "$GITHUB_OUTPUT"
+              ;;
+            *)
+              echo "Unsupported service_name: $SERVICE_NAME" >&2
+              exit 1
+              ;;
+          esac
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [ "${{ github.event.inputs.service_name }}" == "tool-sidecar" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=./tools/structure/Dockerfile" >> $GITHUB_OUTPUT
echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> $GITHUB_OUTPUT
elif [ "${{ github.event.inputs.service_name }}" == "tool-text-extractor" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=./tools/text_extractor/Dockerfile" >> $GITHUB_OUTPUT
elif [ "${{ github.event.inputs.service_name }}" == "tool-sidecar" ]; then
echo "context=." >> $GITHUB_OUTPUT
echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> $GITHUB_OUTPUT
fi
- name: Set build configuration
id: build-config
env:
SERVICE_NAME: ${{ github.event.inputs.service_name }}
run: |
case "$SERVICE_NAME" in
tool-sidecar)
echo "context=." >> "$GITHUB_OUTPUT"
echo "dockerfile=docker/dockerfiles/tool-sidecar.Dockerfile" >> "$GITHUB_OUTPUT"
;;
tool-text-extractor)
echo "context=." >> "$GITHUB_OUTPUT"
echo "dockerfile=./tools/text_extractor/Dockerfile" >> "$GITHUB_OUTPUT"
;;
*)
echo "Unsupported service_name: $SERVICE_NAME" >&2
exit 1
;;
esac
🧰 Tools
🪛 zizmor (1.25.2)

[error] 59-59: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 62-62: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-tools-build-push.yaml around lines 59 - 65, Replace
direct inline checks of ${{ github.event.inputs.service_name }} with a single
env variable (e.g., SERVICE_NAME) and a case whitelist that sets GITHUB_OUTPUT
keys (context and dockerfile) for known services ("tool-sidecar",
"tool-text-extractor") and otherwise prints an error and exits non‑zero to fail
closed; update the branch that currently echoes "context" and "dockerfile" to
use the values chosen in the case for SERVICE_NAME, and ensure unknown values
trigger an explicit exit 1 so $GITHUB_OUTPUT is never left unset for invalid
inputs.

Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/production-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,6 @@ jobs:
backend,
frontend,
platform-service,
prompt-service,
runner,
worker-unified,
x2text-service,
Expand Down Expand Up @@ -225,7 +224,7 @@ jobs:
id: summary
run: |
# Initialize variables
TOTAL_SERVICES=7
TOTAL_SERVICES=6
OVERALL_RESULT='${{ needs.build-and-push.result }}'
SUCCESS_COUNT=0
FAILED_COUNT=0
Expand Down Expand Up @@ -316,7 +315,7 @@ jobs:
echo "|---------|--------|" >> $GITHUB_STEP_SUMMARY

# Define services in order
for service in backend frontend platform-service prompt-service runner worker-unified x2text-service; do
for service in backend frontend platform-service runner worker-unified x2text-service; do

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are removing the tools, we should remove the runner as well

if [ -f "build-status/${service}.json" ]; then
STATUS=$(jq -r '.status' "build-status/${service}.json")
if [ "$STATUS" = "success" ]; then
Expand Down
2 changes: 0 additions & 2 deletions backend/backend/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,6 @@ def get_required_setting(setting_key: str, default: str | None = None) -> str |
FLIPT_BASE_URL = os.environ.get("FLIPT_BASE_URL", "http://localhost:9005")
PLATFORM_HOST = os.environ.get("PLATFORM_SERVICE_HOST", "http://localhost")
PLATFORM_PORT = os.environ.get("PLATFORM_SERVICE_PORT", 3001)
PROMPT_HOST = os.environ.get("PROMPT_HOST", "http://localhost")
PROMPT_PORT = os.environ.get("PROMPT_PORT", 3003)
PROMPT_STUDIO_FILE_PATH = os.environ.get(
"PROMPT_STUDIO_FILE_PATH", "/app/prompt-studio-data"
)
Expand Down
4 changes: 0 additions & 4 deletions backend/sample.env
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,6 @@ UNSTRACT_RUNNER_API_TIMEOUT=240 # (in seconds) 2 mins
UNSTRACT_RUNNER_API_RETRY_COUNT=5 # Number of retries for failed requests
UNSTRACT_RUNNER_API_BACKOFF_FACTOR=3 # Exponential backoff factor for retries

# Prompt Service
PROMPT_HOST=http://unstract-prompt-service
PROMPT_PORT=3003

#Prompt Studio
PROMPT_STUDIO_FILE_PATH=/app/prompt-studio-data

Expand Down
16 changes: 0 additions & 16 deletions docker/compose.debug.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
# 5678 - backend
# 5679 - runner
# 5680 - platform-service
# 5681 - prompt-service
# 5682 - worker-file-processing-v2
# 5683 - worker-callback-v2
# 5684 - worker-api-deployment-v2
Expand Down Expand Up @@ -65,21 +64,6 @@ services:
--graceful-timeout 5 unstract.platform_service.run:app"
]

prompt-service:
ports:
- "5681:5681"
command: [
"uv run python -Xfrozen_modules=off -m debugpy --listen 0.0.0.0:5681 .venv/bin/gunicorn
--bind 0.0.0.0:3003
--workers 1
--threads 2
--worker-class gthread
--log-level debug
--timeout 900
--access-logfile -
--graceful-timeout 5 unstract.prompt_service.run:app"
]

#########################################################################################################
# V2 Workers with debugpy
# Using --pool=threads for debugpy compatibility (prefork doesn't work well with debugpy)
Expand Down
20 changes: 0 additions & 20 deletions docker/docker-compose.build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,31 +20,11 @@ services:
build:
dockerfile: docker/dockerfiles/tool-sidecar.Dockerfile
context: ..
tool-structure:
image: unstract/tool-structure:${VERSION}
build:
dockerfile: tools/structure/Dockerfile
context: ..
tool-text_extractor:
image: unstract/tool-text_extractor:${VERSION}
build:
dockerfile: tools/text_extractor/Dockerfile
context: ..
tool-classifier:
image: unstract/tool-classifier:${VERSION}
build:
dockerfile: tools/classifier/Dockerfile
context: ..
platform-service:
image: unstract/platform-service:${VERSION}
build:
dockerfile: docker/dockerfiles/platform.Dockerfile
context: ..
prompt-service:
image: unstract/prompt-service:${VERSION}
build:
dockerfile: docker/dockerfiles/prompt.Dockerfile
context: ..
x2text-service:
image: unstract/x2text-service:${VERSION}
build:
Expand Down
20 changes: 0 additions & 20 deletions docker/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ services:
- minio
- minio-bootstrap
- platform-service
- prompt-service
- x2text-service
volumes:
- prompt_studio_data:/app/prompt-studio-data
Expand Down Expand Up @@ -151,25 +150,6 @@ services:
labels:
- traefik.enable=false

prompt-service:
image: unstract/prompt-service:${VERSION}
container_name: unstract-prompt-service
restart: unless-stopped
depends_on:
- db
- minio
- minio-bootstrap
- rabbitmq
ports:
- "3003:3003"
env_file:
- ../prompt-service/.env
labels:
- traefik.enable=false
extra_hosts:
# "host-gateway" is a special string that translates to host docker0 i/f IP.
- "host.docker.internal:host-gateway"

x2text-service:
image: unstract/x2text-service:${VERSION}
container_name: unstract-x2text-service
Expand Down
101 changes: 0 additions & 101 deletions docker/dockerfiles/prompt.Dockerfile

This file was deleted.

67 changes: 0 additions & 67 deletions docker/dockerfiles/prompt.Dockerfile.dockerignore

This file was deleted.

32 changes: 0 additions & 32 deletions docker/sample.compose.override.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -138,38 +138,6 @@ services:
- action: rebuild
path: ../platform-service/uv.lock

#########################################################################################################
# Prompt Service (memory optimized: 1 worker, 2 threads)
prompt-service:
image: unstract/prompt-service:${VERSION}
build:
dockerfile: docker/dockerfiles/prompt.Dockerfile
context: ..
entrypoint: ["bash", "-c"]
command: [
"uv run python -Xfrozen_modules=off .venv/bin/gunicorn
--bind 0.0.0.0:3003
--workers 1
--threads 2
--worker-class gthread
--log-level debug
--timeout 900
--access-logfile -
--graceful-timeout 5 unstract.prompt_service.run:app"
]
develop:
watch:
- action: sync+restart
path: ../prompt-service/
target: /app
ignore: [.venv/, __pycache__/, "*.pyc", .pytest_cache/, .mypy_cache/, node_modules/]
- action: sync+restart
path: ../unstract/
target: /unstract
ignore: [.venv/, __pycache__/, "*.pyc", .pytest_cache/, .mypy_cache/]
- action: rebuild
path: ../prompt-service/uv.lock

#########################################################################################################
# X2Text Service
x2text-service:
Expand Down
Loading
Loading