@directus/api 33.3.0 → 34.0.0

package/dist/ai/tools/schema.d.ts

@@ -272,13 +272,13 @@ export declare const FlowItemInputSchema: z.ZodObject<{
         active: "active";
         inactive: "inactive";
     }>>;
-    trigger: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+    trigger: z.ZodOptional<z.ZodEnum<{
         operation: "operation";
         schedule: "schedule";
         event: "event";
         webhook: "webhook";
         manual: "manual";
-    }>, z.ZodNull]>>;
+    }>>;
     options: z.ZodOptional<z.ZodUnion<readonly [z.ZodRecord<z.ZodString, z.ZodAny>, z.ZodNull]>>;
     operation: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNull]>>;
     operations: z.ZodOptional<z.ZodArray<z.ZodObject<{
@@ -297,10 +297,10 @@ export declare const FlowItemInputSchema: z.ZodObject<{
     }, z.core.$strip>>>;
     date_created: z.ZodOptional<z.ZodString>;
     user_created: z.ZodOptional<z.ZodString>;
-    accountability: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+    accountability: z.ZodOptional<z.ZodEnum<{
         all: "all";
         activity: "activity";
-    }>, z.ZodNull]>>;
+    }>>;
 }, z.core.$strip>;
 export declare const FlowItemValidateSchema: z.ZodObject<{
     id: z.ZodOptional<z.ZodString>;
@@ -312,13 +312,13 @@ export declare const FlowItemValidateSchema: z.ZodObject<{
         active: "active";
         inactive: "inactive";
     }>>;
-    trigger: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+    trigger: z.ZodOptional<z.ZodEnum<{
         operation: "operation";
         schedule: "schedule";
         event: "event";
         webhook: "webhook";
         manual: "manual";
-    }>, z.ZodNull]>>;
+    }>>;
     options: z.ZodOptional<z.ZodUnion<readonly [z.ZodRecord<z.ZodString, z.ZodAny>, z.ZodNull]>>;
     operation: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodNull]>>;
     operations: z.ZodOptional<z.ZodArray<z.ZodObject<{
@@ -337,10 +337,10 @@ export declare const FlowItemValidateSchema: z.ZodObject<{
     }, z.core.$strip>>>;
     date_created: z.ZodOptional<z.ZodString>;
     user_created: z.ZodOptional<z.ZodString>;
-    accountability: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+    accountability: z.ZodOptional<z.ZodEnum<{
         all: "all";
         activity: "activity";
-    }>, z.ZodNull]>>;
+    }>>;
 }, z.core.$strip>;
 export declare const TriggerFlowInputSchema: z.ZodObject<{
     id: z.ZodUnion<readonly [z.ZodNumber, z.ZodString]>;

package/dist/ai/tools/schema.js

@@ -135,13 +135,13 @@ export const FlowItemInputSchema = z
     color: z.union([z.string(), z.null()]),
     description: z.union([z.string(), z.null()]),
     status: z.enum(['active', 'inactive']),
-    trigger: z.union([z.enum(['event', 'schedule', 'operation', 'webhook', 'manual']), z.null()]),
+    trigger: z.enum(['event', 'schedule', 'operation', 'webhook', 'manual']),
     options: z.union([z.record(z.string(), z.any()), z.null()]),
     operation: z.union([z.string(), z.null()]),
     operations: z.array(OperationItemInputSchema),
     date_created: z.string(),
     user_created: z.string(),
-    accountability: z.union([z.enum(['all', 'activity']), z.null()]),
+    accountability: z.enum(['all', 'activity']),
 })
     .partial();
 export const FlowItemValidateSchema = FlowItemInputSchema;

package/dist/app.js

@@ -10,6 +10,7 @@ import express from 'express';
 import { merge } from 'lodash-es';
 import qs from 'qs';
 import { aiChatRouter } from './ai/chat/router.js';
+import { aiFilesRouter } from './ai/files/router.js';
 import { registerAuthProviders } from './auth.js';
 import accessRouter from './controllers/access.js';
 import activityRouter from './controllers/activity.js';
@@ -18,6 +19,7 @@ import authRouter from './controllers/auth.js';
 import collectionsRouter from './controllers/collections.js';
 import commentsRouter from './controllers/comments.js';
 import dashboardsRouter from './controllers/dashboards.js';
+import deploymentWebhookRouter from './controllers/deployment-webhooks.js';
 import deploymentRouter from './controllers/deployment.js';
 import extensionsRouter from './controllers/extensions.js';
 import fieldsRouter from './controllers/fields.js';
@@ -48,7 +50,7 @@ import usersRouter from './controllers/users.js';
 import utilsRouter from './controllers/utils.js';
 import versionsRouter from './controllers/versions.js';
 import { isInstalled, validateDatabaseConnection, validateDatabaseExtensions, validateMigrations, } from './database/index.js';
-import { registerDeploymentDrivers } from './deployment.js';
+import { ensureDeploymentWebhooks, registerDeploymentDrivers } from './deployment.js';
 import emitter from './emitter.js';
 import { getExtensionManager } from './extensions/index.js';
 import { getFlowManager } from './flows.js';
@@ -96,6 +98,7 @@ export default async function createApp() {
     await validateStorage();
     await registerAuthProviders();
     registerDeploymentDrivers();
+    await ensureDeploymentWebhooks();
     const extensionManager = getExtensionManager();
     const flowManager = getFlowManager();
     await extensionManager.initialize();
@@ -161,6 +164,9 @@ export default async function createApp() {
     app.use((req, res, next) => {
         express.json({
             limit: env['MAX_PAYLOAD_SIZE'],
+            verify: (req, _res, buf) => {
+                req.rawBody = buf;
+            },
         })(req, res, (err) => {
             if (err) {
                 return next(new InvalidPayloadError({ reason: err.message }));
@@ -214,6 +220,8 @@ export default async function createApp() {
         app.use(rateLimiter);
     }
     app.get('/server/ping', (_req, res) => res.send('pong'));
+    // Public webhook endpoint (signature-verified by the provider)
+    app.use('/deployments/webhooks', deploymentWebhookRouter);
     app.use(authenticate);
     app.use(schema);
     app.use(sanitizeQuery);
@@ -243,6 +251,7 @@ export default async function createApp() {
     }
     if (toBoolean(env['AI_ENABLED']) === true) {
         app.use('/ai/chat', aiChatRouter);
+        app.use('/ai/files', aiFilesRouter);
     }
     if (env['METRICS_ENABLED'] === true) {
         app.use('/metrics', metricsRouter);

package/dist/controllers/deployment-webhooks.d.ts

@@ -0,0 +1,2 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;

package/dist/controllers/deployment-webhooks.js

@@ -0,0 +1,95 @@
+import { DEPLOYMENT_PROVIDER_TYPES } from '@directus/types';
+import express from 'express';
+import getDatabase from '../database/index.js';
+import { getDeploymentDriver } from '../deployment.js';
+import emitter from '../emitter.js';
+import { useLogger } from '../logger/index.js';
+import { DeploymentProjectsService } from '../services/deployment-projects.js';
+import { DeploymentRunsService } from '../services/deployment-runs.js';
+import { DeploymentService } from '../services/deployment.js';
+import asyncHandler from '../utils/async-handler.js';
+import { getSchema } from '../utils/get-schema.js';
+const router = express.Router();
+router.post('/:provider', asyncHandler(async (req, res) => {
+    const logger = useLogger();
+    const provider = req.params['provider'];
+    if (!DEPLOYMENT_PROVIDER_TYPES.includes(provider)) {
+        return res.sendStatus(404);
+    }
+    const rawBody = req.rawBody;
+    if (!rawBody) {
+        logger.debug(`[webhook:${provider}] No raw body`);
+        return res.sendStatus(400);
+    }
+    const schema = await getSchema();
+    const knex = getDatabase();
+    const deploymentService = new DeploymentService({
+        schema,
+        knex,
+        accountability: null,
+    });
+    let webhookConfig;
+    try {
+        webhookConfig = await deploymentService.getWebhookConfig(provider);
+    }
+    catch {
+        logger.warn(`[webhook:${provider}] No webhook config found`);
+        return res.sendStatus(404);
+    }
+    if (!webhookConfig.webhook_secret) {
+        logger.warn(`[webhook:${provider}] No webhook secret configured`);
+        return res.sendStatus(404);
+    }
+    const driver = getDeploymentDriver(provider, webhookConfig.credentials, webhookConfig.options);
+    // Fallback for providers whose API doesn't support webhook signature headers (e.g. Netlify)
+    const headers = { ...req.headers };
+    const queryToken = req.query['token'];
+    if (typeof queryToken === 'string') {
+        headers['x-webhook-token'] = queryToken;
+    }
+    const event = driver.verifyAndParseWebhook(rawBody, headers, webhookConfig.webhook_secret);
+    if (!event) {
+        logger.warn(`[webhook:${provider}] Verification failed or unknown event`);
+        try {
+            const body = JSON.parse(rawBody.toString('utf-8'));
+            logger.warn(`[webhook:${provider}] Raw event type: ${body.type ?? body.state ?? 'unknown'}`);
+        }
+        catch {
+            logger.warn(`[webhook:${provider}] Unparseable body: ${rawBody.toString('utf-8').slice(0, 200)}`);
+        }
+        return res.sendStatus(401);
+    }
+    // Look up project by external_id
+    const projectsService = new DeploymentProjectsService({
+        schema,
+        knex,
+        accountability: null,
+    });
+    const project = await projectsService.readByExternalId(event.project_external_id);
+    if (!project) {
+        // 410 signals the provider this project is no longer tracked
+        logger.info(`[webhook:${provider}] Project ${event.project_external_id} not tracked`);
+        return res.sendStatus(410);
+    }
+    const runsService = new DeploymentRunsService({
+        schema,
+        knex,
+        accountability: null,
+    });
+    const runId = await runsService.processWebhookEvent(project.id, event);
+    // Emit action events
+    const eventPayload = {
+        provider,
+        project_id: project.id,
+        run_id: runId,
+        external_id: event.deployment_external_id,
+        status: event.status,
+        url: event.url,
+        target: event.target,
+        timestamp: event.timestamp,
+    };
+    emitter.emitAction(['deployment.webhook', `deployment.webhook.${event.type}`], eventPayload, null);
+    logger.info(`[webhook:${provider}] Processed: ${event.type} → run ${runId}`);
+    return res.sendStatus(200);
+}));
+export default router;

package/dist/controllers/deployment.js

@@ -1,8 +1,9 @@
-import { ErrorCode, ForbiddenError, InvalidPathParameterError, InvalidPayloadError, isDirectusError, } from '@directus/errors';
+import { ErrorCode, InvalidPathParameterError, InvalidPayloadError, isDirectusError } from '@directus/errors';
 import { DEPLOYMENT_PROVIDER_TYPES } from '@directus/types';
 import express from 'express';
 import Joi from 'joi';
 import getDatabase from '../database/index.js';
+import { useLogger } from '../logger/index.js';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
 import { validateBatch } from '../middleware/validate-batch.js';
@@ -11,16 +12,14 @@ import { DeploymentRunsService } from '../services/deployment-runs.js';
 import { DeploymentService } from '../services/deployment.js';
 import { MetaService } from '../services/meta.js';
 import asyncHandler from '../utils/async-handler.js';
+import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { transaction } from '../utils/transaction.js';
 const router = express.Router();
+function parseRange(range, defaultMs) {
+    const ms = getMilliseconds(range, defaultMs);
+    return new Date(Date.now() - ms);
+}
 router.use(useCollection('directus_deployments'));
-// Require admin access for all deployment routes
-router.use((_req, _res, next) => {
-    if (_req.accountability && _req.accountability.admin !== true) {
-        throw new ForbiddenError();
-    }
-    return next();
-});
 // Validate provider parameter
 const validateProvider = (provider) => {
     return DEPLOYMENT_PROVIDER_TYPES.includes(provider);
@@ -101,40 +100,9 @@ router.get('/:provider/projects', asyncHandler(async (req, res, next) => {
         accountability: req.accountability,
         schema: req.schema,
     });
-    // Get provider config to find deployment ID
     const deployment = await service.readByProvider(provider);
-    // Get projects from provider (with cache)
     const { data: providerProjects, remainingTTL } = await service.listProviderProjects(provider);
-    // Get selected projects from DB
-    const selectedProjects = await projectsService.readByQuery({
-        filter: { deployment: { _eq: deployment.id } },
-    });
-    // Map by external_id for quick lookup
-    const selectedMap = new Map(selectedProjects.map((p) => [p.external_id, p]));
-    // Sync names from provider
-    const namesToUpdate = selectedProjects
-        .map((dbProject) => {
-        const providerProject = providerProjects.find((p) => p.id === dbProject.external_id);
-        if (providerProject && providerProject.name !== dbProject.name) {
-            return { id: dbProject.id, name: providerProject.name };
-        }
-        return null;
-    })
-        .filter((update) => update !== null);
-    if (namesToUpdate.length > 0) {
-        await projectsService.updateBatch(namesToUpdate);
-    }
-    // Merge with DB structure (id !== null means selected)
-    const projects = providerProjects.map((project) => {
-        return {
-            id: selectedMap.get(project.id)?.id ?? null,
-            external_id: project.id,
-            name: project.name,
-            deployable: project.deployable,
-            framework: project.framework,
-        };
-    });
-    // Pass remaining TTL for response headers
+    const projects = await projectsService.listWithSync(deployment.id, providerProjects);
     res.locals['cache'] = false;
     res.locals['cacheTTL'] = remainingTTL;
     res.locals['payload'] = { data: projects };
@@ -198,64 +166,42 @@ router.patch('/:provider/projects', asyncHandler(async (req, res, next) => {
         accountability: req.accountability,
         schema: req.schema,
     });
-    // Get provider config
-    const deployment = await service.readByProvider(provider);
     // Validate deployable projects before any mutation
     if (value.create.length > 0) {
-        const driver = await service.getDriver(provider);
-        const providerProjects = await driver.listProjects();
-        const projectsMap = new Map(providerProjects.map((p) => [p.id, p]));
-        const nonDeployable = value.create.filter((p) => !projectsMap.get(p.external_id)?.deployable);
-        if (nonDeployable.length > 0) {
-            const names = nonDeployable
-                .map((p) => projectsMap.get(p.external_id)?.name || p.external_id)
-                .join(', ');
-            throw new InvalidPayloadError({
-                reason: `Cannot add non-deployable projects: ${names}`,
-            });
-        }
+        await projectsService.validateDeployable(provider, value.create);
     }
-    const updatedProjects = await projectsService.updateSelection(deployment.id, value.create, value.delete);
+    const updatedProjects = await projectsService.updateSelection(provider, value.create, value.delete);
+    // Sync webhook with updated project list
+    service.syncWebhook(provider).catch((err) => {
+        const logger = useLogger();
+        logger.error(`Failed to sync webhook for ${provider}: ${err}`);
+    });
     res.locals['payload'] = { data: updatedProjects };
     return next();
 }), respond);
+const rangeQuerySchema = Joi.object({
+    range: Joi.string()
+        .pattern(/^\d+(ms|s|m|h|d|w|y)$/)
+        .optional(),
+});
 // Dashboard - selected projects with stats
 router.get('/:provider/dashboard', asyncHandler(async (req, res, next) => {
     const provider = req.params['provider'];
     if (!validateProvider(provider)) {
         throw new InvalidPathParameterError({ reason: `${provider} is not a supported provider` });
     }
+    const { error, value } = rangeQuerySchema.validate(req.query);
+    if (error) {
+        throw new InvalidPayloadError({ reason: error.message });
+    }
+    const sinceDate = parseRange(value.range, 86_400_000);
     const service = new DeploymentService({
         accountability: req.accountability,
         schema: req.schema,
     });
-    const projectsService = new DeploymentProjectsService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    // Get provider config
-    const deployment = await service.readByProvider(provider);
-    // Get selected projects from DB
-    const selectedProjects = await projectsService.readByQuery({
-        filter: { deployment: { _eq: deployment.id } },
-    });
-    if (selectedProjects.length === 0) {
-        res.locals['payload'] = { data: { projects: [] } };
-        return next();
-    }
-    // Fetch full details for each selected project (parallel)
-    const driver = await service.getDriver(provider);
-    const projectDetails = await Promise.all(selectedProjects.map(async (p) => {
-        const details = await driver.getProject(p.external_id);
-        return {
-            ...details,
-            id: p.id,
-            external_id: p.external_id,
-        };
-    }));
-    // Disable cache - dashboard needs fresh data from provider
+    const data = await service.getDashboard(provider, sinceDate);
     res.locals['cache'] = false;
-    res.locals['payload'] = { data: { projects: projectDetails } };
+    res.locals['payload'] = { data };
     return next();
 }), respond);
 // Trigger deployment for a project
@@ -277,36 +223,11 @@ router.post('/:provider/projects/:id/deploy', asyncHandler(async (req, res, next
         accountability: req.accountability,
         schema: req.schema,
     });
-    const projectsService = new DeploymentProjectsService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const runsService = new DeploymentRunsService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    // Get project from DB
-    const project = await projectsService.readOne(projectId);
-    // Trigger deployment via driver
-    const driver = await service.getDriver(provider);
-    const result = await driver.triggerDeployment(project.external_id, {
+    const run = await service.triggerDeployment(provider, projectId, {
         preview: value.preview,
         clearCache: value.clear_cache,
     });
-    // Store run in DB
-    const runId = await runsService.createOne({
-        project: projectId,
-        external_id: result.deployment_id,
-        target: value.preview ? 'preview' : 'production',
-    });
-    const run = await runsService.readOne(runId);
-    res.locals['payload'] = {
-        data: {
-            ...run,
-            status: result.status,
-            url: result.url,
-        },
-    };
+    res.locals['payload'] = { data: run };
     return next();
 }), respond);
 // Update deployment config by provider
@@ -356,17 +277,11 @@ router.delete('/:provider', asyncHandler(async (req, _res, next) => {
 }), respond);
 // List runs for a project
 router.get('/:provider/projects/:id/runs', asyncHandler(async (req, res, next) => {
-    // Disable cache - runs status needs to be fresh from provider
-    res.locals['cache'] = false;
     const provider = req.params['provider'];
     const projectId = req.params['id'];
     if (!validateProvider(provider)) {
         throw new InvalidPathParameterError({ reason: `${provider} is not a supported provider` });
     }
-    const service = new DeploymentService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
     const projectsService = new DeploymentProjectsService({
         accountability: req.accountability,
         schema: req.schema,
@@ -377,7 +292,6 @@ router.get('/:provider/projects/:id/runs', asyncHandler(async (req, res, next) =
     });
     // Validate project exists
     await projectsService.readOne(projectId);
-    // Get paginated runs from DB (default limit: 10)
     const query = {
         ...req.sanitizedQuery,
         filter: { project: { _eq: projectId } },
@@ -386,24 +300,39 @@ router.get('/:provider/projects/:id/runs', asyncHandler(async (req, res, next) =
         fields: ['*', 'user_created.first_name', 'user_created.last_name', 'user_created.email'],
     };
     const runs = await runsService.readByQuery(query);
-    // Get pagination meta
     const metaService = new MetaService({
         accountability: req.accountability,
         schema: req.schema,
     });
     const meta = await metaService.getMetaForQuery('directus_deployment_runs', query);
-    // Fetch status for each run from provider
-    const driver = await service.getDriver(provider);
-    const runsWithStatus = await Promise.all(runs.map(async (run) => {
-        const details = await driver.getDeployment(run.external_id);
-        return {
-            ...run,
-            ...details,
-            id: run.id,
-            external_id: run.external_id,
-        };
-    }));
-    res.locals['payload'] = { data: runsWithStatus, meta };
+    res.locals['payload'] = { data: runs, meta };
+    return next();
+}), respond);
+// Project runs stats
+router.get('/:provider/projects/:id/runs/stats', asyncHandler(async (req, res, next) => {
+    const provider = req.params['provider'];
+    const projectId = req.params['id'];
+    if (!validateProvider(provider)) {
+        throw new InvalidPathParameterError({ reason: `${provider} is not a supported provider` });
+    }
+    const { error, value } = rangeQuerySchema.validate(req.query);
+    if (error) {
+        throw new InvalidPayloadError({ reason: error.message });
+    }
+    const sinceDate = parseRange(value.range, 604_800_000).toISOString();
+    const projectsService = new DeploymentProjectsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const runsService = new DeploymentRunsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    // Validate project exists and user has access
+    await projectsService.readOne(projectId);
+    const data = await runsService.getStats(projectId, sinceDate);
+    res.locals['cache'] = false;
+    res.locals['payload'] = { data };
     return next();
 }), respond);
 // Get single run details
@@ -421,31 +350,13 @@ router.get('/:provider/runs/:id', asyncHandler(async (req, res, next) => {
     if (error) {
         throw new InvalidPayloadError({ reason: error.message });
     }
-    const sinceDate = value.since;
-    const runsService = new DeploymentRunsService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
     const service = new DeploymentService({
         accountability: req.accountability,
         schema: req.schema,
     });
-    const run = await runsService.readOne(runId);
-    const driver = await service.getDriver(provider);
-    const [details, logs] = await Promise.all([
-        driver.getDeployment(run.external_id),
-        driver.getDeploymentLogs(run.external_id, sinceDate ? { since: sinceDate } : undefined),
-    ]);
+    const data = await service.getRunWithLogs(provider, runId, value.since);
     res.locals['cache'] = false;
-    res.locals['payload'] = {
-        data: {
-            ...run,
-            ...details,
-            id: run.id,
-            external_id: run.external_id,
-            logs,
-        },
-    };
+    res.locals['payload'] = { data };
     return next();
 }), respond);
 // Cancel a deployment
@@ -455,27 +366,12 @@ router.post('/:provider/runs/:id/cancel', asyncHandler(async (req, res, next) =>
     if (!validateProvider(provider)) {
         throw new InvalidPathParameterError({ reason: `${provider} is not a supported provider` });
     }
-    const runsService = new DeploymentRunsService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
     const service = new DeploymentService({
         accountability: req.accountability,
         schema: req.schema,
     });
-    const run = await runsService.readOne(runId);
-    const driver = await service.getDriver(provider);
-    await driver.cancelDeployment(run.external_id);
-    // Fetch updated status
-    const details = await driver.getDeployment(run.external_id);
-    res.locals['payload'] = {
-        data: {
-            ...run,
-            ...details,
-            id: run.id,
-            external_id: run.external_id,
-        },
-    };
+    const data = await service.cancelDeployment(provider, runId);
+    res.locals['payload'] = { data };
     return next();
 }), respond);
 export default router;

package/dist/controllers/files.js

@@ -150,6 +150,7 @@ router.post('/', asyncHandler(multipartHandler), asyncHandler(async (req, res, n
 const importSchema = Joi.object({
     url: Joi.string().required(),
     data: Joi.object(),
+    options: Joi.object({ filterMimeType: Joi.array().items(Joi.string()) }),
 });
 router.post('/import', asyncHandler(async (req, res, next) => {
     const { error } = importSchema.validate(req.body);
@@ -160,7 +161,7 @@ router.post('/import', asyncHandler(async (req, res, next) => {
         accountability: req.accountability,
         schema: req.schema,
     });
-    const primaryKey = await service.importOne(req.body.url, req.body.data);
+    const primaryKey = await service.importOne(req.body.url, req.body.data, req.body.options);
     try {
         const record = await service.readOne(primaryKey, req.sanitizedQuery);
         res.locals['payload'] = { data: record || null };