…3627)

* fix(sso): default tokenEndpointAuthentication to client_secret_post

better-auth's SSO plugin does not URL-encode credentials before Base64
encoding in client_secret_basic mode (RFC 6749 §2.3.1). When the client
secret contains special characters (+, =, /), OIDC providers decode them
incorrectly, causing invalid_client errors.

Default to client_secret_post when tokenEndpointAuthentication is not
explicitly set to avoid this upstream encoding issue.

Fixes #3626

* fix(sso): use nullish coalescing and add env var for tokenEndpointAuthentication

- Use ?? instead of || for semantic correctness
- Add SSO_OIDC_TOKEN_ENDPOINT_AUTH env var so users can explicitly
  set client_secret_basic when their provider requires it

* docs(sso): add SSO_OIDC_TOKEN_ENDPOINT_AUTH to script usage comment

Signed-off-by: Mini Jeong <mini.jeong@navercorp.com>

* fix(sso): validate SSO_OIDC_TOKEN_ENDPOINT_AUTH env var value

Replace unsafe `as` type cast with runtime validation to ensure only
'client_secret_post' or 'client_secret_basic' are accepted. Invalid
values (typos, empty strings) now fall back to undefined, letting the
downstream ?? fallback apply correctly.

Signed-off-by: Mini Jeong <mini.jeong@navercorp.com>

---------

Signed-off-by: Mini Jeong <mini.jeong@navercorp.com>

The $contains filter operator builds an ILIKE pattern but does not
escape LIKE wildcard characters (%, _) in user-provided values.

This causes incorrect, over-broad query results when the search value
contains these characters. For example, filtering with
{ name: { $contains: "100%" } } matches any row where name
contains "100" followed by anything, not just the literal "100%".

Escape %, _, and \ in the value before interpolating into the ILIKE
pattern so that they match literally.

Co-authored-by: Waleed <walif6@gmail.com>
Co-authored-by: lawrence3699 <lawrence3699@users.noreply.github.com>

#4014)

* improvement(landing, blog): SEO and GEO optimization

* improvement(docs): ui/ux cleanup

* chore(blog): remove unused buildBlogJsonLd export and wordCount schema field

* fix(blog): stack related posts vertically on mobile and fill all suggestion slots

- Add flex-col sm:flex-row and matching border classes to related posts
  nav for consistent mobile stacking with the main blog page
- Remove score > 0 filter in getRelatedPosts so it falls back to recent
  posts when there aren't enough tag matches
- Align description text color with main page cards

…tags modal (#4015)

* fix(knowledge): prevent navigation on context menu actions and widen tags modal

* fix(knowledge): guard onCopyId against navigation and use setTimeout for robustness

* refactor(knowledge): extract withActionGuard helper to deduplicate context menu guard

* fix(knowledge): wrap withActionGuard callback in try/finally to prevent stuck ref

…alidation (#4013)

* feat(blocks): add dagster block

* type safety improvements

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* unify error handeling across dg tool

* update icon to daggy

* update icon to daggy

* feat(dagster): expand integration with 9 new tools and full GraphQL validation

- Add 9 new tools: delete_run, get_run_logs, reexecute_run, list_schedules,
  start_schedule, stop_schedule, list_sensors, start_sensor, stop_sensor
- Fix GraphQL union type handling across all tools (replace invalid `... on Error`
  with concrete union member fragments per Dagster schema)
- Fix TerminateRunFailure, InvalidStepError, InvalidOutputError handling in existing tools
- Rename graphql.ts → utils.ts for clarity
- Wire all 14 operations into the Dagster block with proper conditions and param remapping
- Update icon to dagster logo SVG and set bgColor to white
- Add block wiring guidance to the add-tools skill

* fix(dagster): replace invalid `... on Error` interface spreads with concrete union members

- list_runs: InvalidPipelineRunsFilterError + PythonError
- list_jobs: RepositoryNotFoundError + PythonError
- reexecute_run: PipelineNotFoundError, RunConflict, UnauthorizedError, PythonError
- terminate_run: RunNotFoundError, UnauthorizedError, PythonError
- delete_run: RunNotFoundError, UnauthorizedError, PythonError
- list_sensors: RepositoryNotFoundError + PythonError
- start_sensor: SensorNotFoundError, UnauthorizedError, PythonError
- stop_sensor: UnauthorizedError + PythonError
- stop_schedule: fix $id variable type String! → String (matches nullable schema arg)
- dagster.mdx: add manual intro description section

* docs

* fix(dagster): add RunConfigValidationInvalid handling to launch_run and use concrete error types

* fix(dagster): replace ... on Error with concrete RunNotFoundError + PythonError in get_run and get_run_logs

* fix(dagster): add missing LaunchRunResult union members (InvalidSubsetError, PresetNotFoundError, ConflictingExecutionParamsError, NoModeProvidedError)

* fix(dagster): always override jobName in list_runs params to prevent stale launch_run value leaking

---------

Co-authored-by: abhinavDhulipala <abhinav.dhulipala@berkeley.edu>
Co-authored-by: abhinavDhulipala <46908860+abhinavDhulipala@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

…#4017)

* fix(modals): consistent text colors, copy, and workspace delete confirmation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(modal): replace useEffect with render-time state reset

Replace useEffect anti-pattern for resetting confirmation text with
React's recommended "adjusting state during render" pattern. This
ensures stale text is never painted and avoids an extra render cycle.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* feat(claude): add you-might-not-need-an-effect slash command

* chore(config): align .claude, .cursor, and .agents configs

* fix(config): add frontmatter and $ARGUMENTS to effect command

…4019)

* feat(auth): add DISABLE_GOOGLE_AUTH and DISABLE_GITHUB_AUTH env vars

* fix(auth): also disable server-side OAuth provider registration when flags are set

* lint

…#4020)

* fix(docs): resolve missing tool outputs for spread-inherited V2 tools

* fix(docs): add word boundary to baseToolRegex to prevent false matches

* fix(docs): remove unnecessary case-insensitive flag from baseToolRegex

Co-authored-by: Theodore Li <theo@sim.ai>