Daily Digest
Daily Digest – 21 May 2026
2026 Capabilities Progress
- Page generation — Canvas is seeing active development on the core building blocks this capability depends on, including fixes to how the editor stays in sync after server-side changes, API work to manage page regions, and stability improvements that prevent broken components from crashing the editor [57][71][83]. Next milestone is stabilising these foundational editor behaviours before AI-driven page generation can be layered on top. No blocking risks, but the volume of open, unreviewed work is a pace risk.
- Context management — No direct progress today.
- Background agents — Meaningful stability work landed for the AI Agents module, including a fix for infinite AJAX loops when agents cannot resolve a task, and corrections to how agent tool arguments are handled [52][53]. The MCP module also progressed write-operation support, which is foundational to agents that need to act on content, not just read it [44]. Risk: several fixes are still awaiting review, and a backlog of unreviewed work could slow the path to a stable agent runtime.
- Design system integration — Canvas activity addressed how components are named and identified, including adding machine names to JS components and ensuring deleted or renamed components are correctly removed from folder structures [58][64]. These are prerequisite data-model changes for AI to reliably reference and propose design system components. Progress is incremental but on the right path.
- Content creation and discovery — Two refactoring merge requests improve the architecture of the AI Content Suggestions feature, making plugin settings easier to manage centrally [22][23]. A fix for a Search API indexing break with custom data sources also protects the search infrastructure this capability depends on [10]. The AG-UI anonymous chat history fix removes a meaningful usability gap for public-facing content discovery experiences [94]. Progress is real but focused on foundations rather than end-user features.
- Advanced governance — The AI Initiative governance and roadmap alignment issue is open and awaiting leadership endorsement, which would provide the organisational framework needed to govern AI changes at scale [33]. On the technical side, guardrail improvements now ensure safety rules evaluate the full conversation rather than only the last message, a meaningful gap for audit integrity in multi-turn interactions [9][24]. Risk: the governance framework document is stalled pending approval, which is a dependency for everything else in this capability.
- Intelligent website improvements — No direct progress today.
- Multi-channel campaigns — No direct progress today.
Shipped
- Critical search index data loss fixed in amazee.ai provider — A bug where clearing one search index would wipe data from all other indexes has been resolved and merged, protecting content integrity for sites using the vector database feature [38][43].
- AI assistant crash on conflicting agent configurations resolved — A fix was merged preventing the AI assistant from fatally crashing when an administrator-created agent configuration shared a name with a built-in system agent, making the platform more stable for site builders [6][20].
- Guardrail safety checks now evaluate full conversations — A fix was merged ensuring that content safety guardrails screen the entire conversation history rather than only the most recent message, closing a meaningful gap in multi-turn chat experiences [9][24].
- AI Content Suggestions settings consolidated into a single configuration object — Two related fixes were merged to centralise plugin settings and shared logic for the AI Content Suggestions feature, making it easier for teams to manage and maintain [12][13][22][23].
- Anonymous user chat history loss fixed in AG-UI — A fix was submitted and merged addressing a bug where unauthenticated visitors to sites using the AG-UI chat widget would lose their conversation history between messages, restoring a functional experience for public-facing deployments [93][94].
Ongoing
- AI Initiative governance and roadmap awaiting leadership approval — A formal proposal to align the initiative on release planning, maintainer coordination, and decision-making is open and seeking endorsement, which would give contributors and partners a stable framework to work within [33].
- Security audit remediations and credential encryption in progress for amazee.ai provider — Fixes addressing findings from a recent security audit are under review, alongside a separate draft proposal to encrypt stored credentials, both of which need prioritisation before a stable release [34][39][40].
- Write operations support for Model Context Protocol under review — A substantial contribution proposing the ability for AI tools to create and update Drupal content, not just read it, has been submitted and is awaiting review, representing a major capability expansion for the module [44].
- Richer markdown editor now configurable without developer involvement — A fix enabling non-technical site builders to activate an enhanced markdown editing experience through the standard configuration interface is open for review [8][21].
- Drupal Eval Commons shared quality standards initiative opened — An umbrella proposal has been raised to coordinate how multiple Drupal AI projects measure and validate AI output quality, with the goal of agreeing on a shared foundation to avoid duplicated or incompatible work across the ecosystem [15].
AI (Artificial Intelligence)
The past 24 hours saw solid forward momentum across several areas of the AI module, with a mix of bug fixes, usability improvements, and strategic planning work moving through review.
Bug Fixes and Stability
Several issues affecting real users are under active repair. A fix is in review for a crash that occurs when site builders try to configure AI-powered content automation on content types with no fields -- reported by anmolgoyal74. A separate fix addresses a scenario where the AI assistant could unexpectedly crash a site when certain agent configurations clashed with built-in system components, with Ahmad Khalil (ahmad-khalil-imagex) both reporting and submitting a fix. There is also ongoing work to ensure that safety guardrails -- which screen conversational AI input for off-topic or inappropriate content -- correctly evaluate the full conversation rather than just the most recent message, a meaningful gap for multi-turn chat experiences.
Performance and Editor Experience
A proposed improvement would prevent the chatbot from creating a user session until someone actually sends a message. This matters because premature session creation can degrade caching performance for anonymous visitors. Separately, Christoph Breidert (breidert) has raised and a contributor is addressing the ability for non-technical site builders to enable a richer markdown editing experience through the standard configuration interface, removing the need for developer involvement.
Content Suggestions and Shared Infrastructure
Two related merge requests from Artem Dmitriiev (a.dmitriiev) are working toward cleaner, more maintainable configuration for the AI Content Suggestions feature, making it easier to manage plugin settings from a single place. A broader effort to centralise shared text-extraction capabilities -- so multiple AI submodules can reuse common logic rather than duplicating it -- is also progressing through review.
Strategic Planning
George Kastanis (zorz) has opened an umbrella proposal under Drupal Eval Commons to coordinate how multiple Drupal AI projects measure and validate AI output quality. The goal is to agree on a shared foundation early, avoiding duplicated or incompatible work across the ecosystem.
How can I help on this project?
Leaders can support progress in a few targeted ways. First, the Drupal Eval Commons coordination effort would benefit from organisational endorsement and resourcing to participate in shared standards work. Second, with multiple merge requests awaiting review, ensuring teams have capacity dedicated to code review and testing would accelerate release readiness.
Drupal AI Initiative
Marketing and Outreach Momentum
The past 24 hours have seen steady progress across the initiative's marketing workstream. The team wrapped up its Sprint 3 social media work, with Amber Henry (amber.henry) completing scheduled posts promoting key Drupal AI content, including industry guides, the Drupal AI Learners Club, and an upcoming webinar. A centralized audit of existing AI-related content and case studies, led by Rosie Gladden (rgladden), has also been closed out, giving the team a clearer picture of available assets going forward.
Looking ahead, attention is turning to the Enterprise AI Summit in Rotterdam (September 2026), with LinkedIn promotion now in planning. The team is also exploring storytelling opportunities through the Drupal Splash Awards and Digital Customer Programme partners, both of which could surface strong real-world AI adoption stories.
A significant strategic item has opened: Align on AI Initiative Governance and Roadmap, authored by Christoph Breidert (breidert) and collaborators, seeks formal leadership endorsement of how the initiative plans releases, coordinates with maintainers, and decides what to build. Approval here would give contributors and partners a stable, reliable framework to work within.
How can I help on this project?
Leaders can make a direct impact in a few areas:
- Endorse the governance framework: The governance and roadmap document is awaiting leadership approval. Your sign-off would give the community a clear, trusted foundation to build on.
- Unlock sponsor and partner conversations: The Enterprise AI Summit and Splash Awards outreach both benefit from senior-level introductions to potential sponsors or featured organisations.
- Amplify reach: Sharing initiative content through your own networks or encouraging your organisation to participate in the Drupal AI Learners Club extends the team's marketing reach at no additional cost.
amazee.ai Private AI Provider
Summary
Activity over the past 24 hours was focused on quality and reliability, with two meaningful fixes delivered and active security work underway. This reflects steady, focused progress for a module still in early-stage development.
Fixes Delivered
Two issues were resolved and merged during this period, both addressing how the module's vector database handles search index data. The fix in Issue #3578033: Avoid creating columns in the VDB for non-attributes fields removes unnecessary database overhead, keeping the data store cleaner and more efficient. More significantly, Issue #3579517: Fix clearing index data destroying other indexes' data resolved a critical data integrity bug where clearing one search index would inadvertently wipe data from other indexes sharing the same database. Both fixes were contributed by m4olivei.
Security and Credential Protection Work in Progress
Dan Lemon (dan2k3k4) has opened a merge request, Fix(#3586230): owasp audit remediations, addressing security findings from a recent audit. Separately, a draft proposal from Dezső Biczó (mxr576) to secure stored credentials with Easy Encryption remains open and awaiting further attention. Both are normal parts of maturing a module toward a stable release.
How can I help on this project?
- Prioritise the security review: The OWASP audit remediation and credential encryption work are both open and could benefit from a decision on timeline and release priority.
- Encourage adoption feedback: As fixes land, connecting the team with early users or pilot deployments would surface real-world issues faster.
Model Context Protocol
Activity on the Model Context Protocol module over the past 24 hours has been modest but meaningful. A new merge request has been opened by Shubham Goel (shubhamgoel) to add Write (Create/Update) Operations Support, representing a significant capability expansion for the module.
Strategic Progress
Until now, the module has focused on allowing AI assistants to read and query content from a Drupal site. This new contribution proposes enabling those same tools to create and update content as well. This is a foundational step toward making the module genuinely useful in real-world workflows, where AI-assisted tools need to do more than just retrieve information. The submission is substantial in scope and will require review before it can be accepted.
As an early-stage module, open contributions like this are a healthy sign of growing community interest. No issues were flagged or escalated in this period.
How can I help on this project?
- Encourage teams with Drupal expertise to review and test the new write-operations contribution, helping it move toward acceptance more quickly.
- Consider whether there are internal use cases for AI-assisted content workflows that could serve as real-world validation and advocacy for the project.
AI Agents
Summary
Activity over the past 24 hours reflects steady progress on quality and reliability improvements across the AI Agents module, which remains in active development. The team resolved and merged a fix for a known issue where agents caught in an unresolvable loop would trigger an endless cycle of background requests -- a disruptive behaviour reported by users. That fix, delivered by AKHIL BABU (AkhilBabu), is now committed and in the codebase.
Alongside this, two further fixes are under review. One addresses a bug where incorrect data about content fields could be passed to an AI agent due to information bleeding between fields during processing, reported by Marc Orcau (budalokko). Another, with a proposed fix already open, corrects how certain forced configuration values are handled when setting up agent tools, contributed by AKHIL BABU (AkhilBabu).
A separate improvement proposed by Ahmad Khalil (ahmad-khalil-imagex) -- covering both an identified bug and an accompanying proposed fix -- would prevent administrators from accidentally creating agent configurations that silently conflict with built-in system agents, a change that would make the platform more predictable for site builders.
Overall, the team is addressing a healthy queue of usability and correctness issues consistent with a maturing alpha-stage module.
How can I help on this project?
- Several fixes are awaiting review and are not yet assigned. Ensuring dedicated reviewer time is available would help prevent a backlog of ready work from stalling before release.
- Consider signalling strategic priorities to the team -- for example, whether stability and bug resolution should take precedence over new features as the module moves toward a stable release.
Drupal Canvas
Activity over the past 24 hours has been strong, with five changes merged into the codebase and a broad pipeline of work continuing in review.
What Was Delivered
Several meaningful improvements landed during this period. A fix contributed by Sapnil Biswas now prevents broken or misconfigured site plugins from crashing the Canvas editor -- instead, they are identified and excluded early, before they can cause problems for users. Developer tooling also saw improvements: Wim Leers (wimleers) reduced redundant automated checks that were slowing down the development feedback loop, and simplified the process for contributors to run code quality checks locally. A drag-and-drop behaviour change that had been introduced previously was also reverted by Tim Plunkett (tim.plunkett), indicating the team is actively maintaining quality standards and is willing to roll back changes that do not meet the bar.
What Is in Progress
A substantial volume of work is under active review. Notable themes include: multilingual support (a preview for translated content is being developed by Ted Bowman (tedbow)); conflict detection to protect users when two people edit the same page simultaneously; improvements to how the editor stays in sync with the server after a page is saved or published; and expanded support for global layout regions. Work is also under way to improve the reliability of automated testing pipelines and to keep third-party dependencies up to date automatically.
How can I help on this project?
- Several merge requests have been open for weeks with significant scope -- prioritising dedicated reviewer time or capacity for code review could accelerate these to completion.
- Multilingual and conflict-resolution features are in progress but not yet merged; if these capabilities are important to your roadmap, signalling that priority to the team can help focus effort.
- Consider advocating for or funding contributor time specifically allocated to finalising and stabilising open work, rather than only starting new features.
LiteLLM AI Provider
Activity over the past 24 hours was focused on a single but meaningful reliability improvement. A new contribution from Wouters Frederik (wouters_f) addresses a known problem where streaming responses could fail depending on the infrastructure environment, including local development setups. Streaming is the capability that allows AI-generated content to appear progressively in real time rather than making users wait for a complete response, so failures here directly affect the perceived quality and responsiveness of any AI-powered features built on this module.
The fix, submitted as fixes streaming failures on some infra and in ddev, is currently open for review. No issues were updated and no commits were merged during this period, which is consistent with the normal rhythm of an early-stage module where review cycles can take time.
Overall, the project continues to make incremental progress toward a more robust and broadly compatible integration. There are no blocking concerns to flag at this stage.
How can I help on this project?
- Encourage your technical team to prioritise reviewing the open streaming fix so it can be merged and tested promptly.
- Consider whether broader infrastructure testing environments could be made available to validate fixes across different deployment configurations.
- Advocate internally for dedicated time for contributors to engage with early-stage module work, which often stalls simply due to competing priorities.
AG-UI
Active Development
Activity over the past 24 hours focused on a single user-facing issue: anonymous visitors to sites using the AG-UI chat widget lose their conversation history between messages, meaning every exchange effectively starts from scratch. This makes the chat experience disjointed and unusable for unauthenticated users. Takaya Hirose (takayahirose) has submitted a fix addressing the root cause, and that fix is currently awaiting review. No other commits or merge requests landed in this period.
As an alpha-stage module, having open issues under review is entirely normal and reflects healthy, iterative progress. The key positive here is that a concrete fix is already proposed for what would otherwise be a meaningful gap in functionality for public-facing deployments.
How can I help on this project?
If your organisation has developers with Drupal experience, encouraging them to review the open fix for the Anonymous users lose chat history across requests issue would help move it toward merge. You can also support the project by advocating for its use in upcoming initiatives, which helps build the user base and surface real-world feedback early.
References
[8] Add UI toggle to enable MDXEditor on plain text field widgets
[9] Guardrail plugins only evaluate the last message
[10] Indexing breaks with custom SearchAPI DataSource
[12] Save AI Content Suggestion plugin settings inside ai_content_suggestions.settings config object
[15] Drupal Eval Commons umbrella
[20] Issue #3586449: Throw actionable exception when AI Assistant agent ID resolves to a code plugin
[21] Issue #3586451: Allow to use MDX Editor in Text plain widget
[23] Issue #3586436: Refactor AiContentSuggestionsPluginBase
[24] Resolve #3579088 "Guardrail plugins only"
[33] Align on AI Initiative Governance and Roadmap
[34] Improve security
[38] VDB: Clearing all indexed data of search index A drops indexed data of others
[39] Fix(#3586230): owasp audit remediations
[40] Draft: Secure stored credentials with Easy Encryption
[43] Issue #3579517: Fix clearing index data destroying other indexes' data
[44] 3551588: Write (Create/Update) Operations Support
[52] Convert tool arguments to corresponding datatype when hide property is enabled.
[53] Issues/3586024: Add post update hook.
[57] Refreshes editor layout model after server changes
[58] #3591130 deleted components (which can also result from renaming) must be removed from folders
[64] #3591374 Add #machine_name to JsComponent.
[71] feat: #3589801 Expose HTTP API for managing Page Regions
[83] #3590730: TypeError in ComponentTreeItemList.php
[93] Anonymous users lose chat history across requests
[94] Issue 3590036: Fixed lost chat history across requests for anonymous users.
Shipped
- ai_provider_amazeeio VDB column bloat fixed — Merged fix prevents contextual and ignored Search API fields from receiving unnecessary database columns in the vector database [41].
- ai_provider_amazeeio critical data-loss bug resolved — Fixed
deleteAllIndexItems()to delete rows byindex_idrather than dropping the entire collection table, preventing one index clear from destroying data in all other indexes [43]. - ai_agents post-update hook for max_loops_message — Merged post-update hook migrates existing agent config to include the
max_loops_messagekey introduced to cap infinite AJAX loops, closing the upgrade gap [53]. - Canvas BlockComponentDiscovery rejects invalid default block configs — Fixed
BlockComponentDiscovery::checkRequirements()to reject block plugins whosedefaultConfiguration()violates their own config schema at discovery time rather than crashing Canvas later [87]. - Canvas CI and linting improvements merged — Three developer-experience MRs landed: redundant PHPStan CI runs eliminated [84], a unified
composer run lintcommand introduced [86], and alphabetically sorted PHP imports enforced across the codebase to reduce merge conflicts [89].
Ongoing
- ai_agents agent ID collision with code-defined plugins — Open MR adds validation to reject config entity machine names that collide with code-defined
AiAgentplugin IDs, preventing silent plugin resolution failures inAiAgentManager::findDefinitions()[51][45]. - AI core guardrail plugins only evaluate last message — Open MR fixes guardrail plugins that inspected only
end($messages)rather than the fullChatInputhistory, leaving earlier messages unchecked [24][9]. - ai_provider_amazeeio OWASP audit remediations — Open MR addresses a SQL injection risk in
PostgresProvider::processConditionGroup()by introducing an operator whitelist [39][34]. - agui anonymous chat history lost across requests — Open MR fixes session persistence for anonymous users where
AiAssistantApiRunner::getMessageHistory()returns only one message because TempStore owner is instantiated inside theStreamedResponsecallback after the session is already written [94][93]. - mcp write operations support pending review — A 1,211-line MR adding create and update operations to the MCP module is open and awaiting review of API design, input validation, and access control [44].
AI (Artificial Intelligence)
No commits landed in the reporting window, but a sizeable batch of open merge requests saw renewed activity across several subsystems.
Open MRs Seeking Review
Several in-flight MRs are accumulating diff lines without merging. The Method getPluginResponse should be in AiContentSuggestionsPluginBase class and not in external service issue reached RTBC status, with MR !1576 from Artem Dmitriiev (a.dmitriiev) refactoring the plugin base to remove the static service call pattern. Alongside it, !1579 consolidates plugin settings into the ai_content_suggestions.settings config object, eliminating the three-way split across .settings, .prompts, and .tone. Both are authored by Artem Dmitriiev (a.dmitriiev).
Ahmad Khalil (ahmad-khalil-imagex) opened !1589 to address a fatal in AgentRunner::runAsAgent() when an ai_agent config entity ID collides with a code-defined plugin, causing the runner to call ConfigAiAgentInterface methods on a plain AiAgentBase instance. The fix throws an actionable exception early rather than fataling deep in the call stack.
Other open MRs include !978 deferring session creation until after the first chatbot interaction to avoid premature Varnish/CDN cache invalidation, !1102 fixing the uninitialized $field_name property in AiAutomator::calculateDependencies(), and !1467 from Alphons Jaimon (AJV009) fixing guardrail plugins that only inspected the last message via end($messages) rather than the full ChatInput history. The !1361 MR introducing a core AiFieldTextExtractor plugin type remains open, as does !1529 adding a semantic matching mode to RestrictToTopic.
George Kastanis (zorz) opened the Drupal Eval Commons umbrella issue to coordinate a shared eval format across drupal/ai, ai_eval, ai_agents_test, and ai_best_practices.
How can I help on this project?
- The !1576 refactor of
AiContentSuggestionsPluginBaseis marked RTBC -- review it and add a tested-by if you can exercise the content suggestions workflow. - The !1589 agent ID collision fix is small (37 diff lines) and needs a review pass against the
AgentRunnerexception-handling logic. - The Calling toArray() on string in AiEventsSubscriber::logEvent() bug is unassigned with no open MR -- a good candidate to pick up.
Drupal AI Initiative
Marketing Sprint Activity
Activity over the last 24 hours in the AI Initiative has been entirely on the marketing and governance side, with no code merged or commits pushed during the reporting period.
Two marketing tasks reached closure: the Marketing Sprint #3: General social media 12 - 25 May task was marked fixed by Amber Henry (amber.henry), covering scheduled posts for industry guides, the Drupal AI Learners Club, and the Southwark webinar. The Create Centralized list of all existing AI-related content task assigned to Rosie Gladden (rgladden) was also closed. The Retro of AI Marketing Sprints 1 & 2, led by Jeremy Chinquist (jjchinquist), was similarly resolved.
Still open heading into the next sprint: Marketing sprint #4: Promote Enterprise AI Summit on LinkedIn and See what marketing opportunities are available from Splash Awards, the latter awaiting outreach to Hilmar and collation of AI-related submissions. Christoph Breidert (breidert) opened Align on AI Initiative Governance and Roadmap, seeking leadership endorsement of a governance and release-planning concept document co-authored with Marcus_Johansson and a.dmitriiev.
How can I help on this project?
- Review and provide feedback on the governance concept document linked in Align on AI Initiative Governance and Roadmap, which is awaiting community and leadership input.
- Pick up the unassigned coordination work on See what marketing opportunities are available from Splash Awards, which has no MR and needs someone to begin outreach and collate submissions.
amazee.ai Private AI Provider
Two notable bug fixes landed on 2026-05-21, both authored by m4olivei. Issue #3578033: Avoid creating columns in the VDB for non-attributes fields was merged, resolving the longstanding problem where contextual and ignored fields were receiving unnecessary database columns that were always empty. Alongside it, Issue #3579517: Fix clearing index data destroying other indexes' data was also merged, overriding deleteAllIndexItems() to delete rows by index_id rather than dropping and recreating the entire collection table -- a critical data-loss bug when multiple search indexes shared the same VDB collection. Both issues carry a "needs backport to 1.2.x" label, so backport work is still outstanding.
In-flight work includes Fix(#3586230): owasp audit remediations, opened by Dan Lemon (dan2k3k4), which addresses a SQL injection risk in PostgresProvider::processConditionGroup() by introducing an operator whitelist. The Draft: Secure stored credentials with Easy Encryption MR from Dezső Biczó (mxr576) remains open at 715 diff lines. A Rector PHP 8.0 modernisation MR from Dan Lemon (dan2k3k4) is also still open.
How can I help on this project?
- Review the open OWASP audit remediations MR, particularly the operator whitelist logic in
PostgresProvider::processConditionGroup(). - Pick up the 1.2.x backports for the two merged VDB fixes -- neither has an open MR yet.
- Review the Make the installation instructions useful issue, which was closed but may need documentation follow-up.
Model Context Protocol
Activity in the Model Context Protocol (mcp) module over the last 24 hours was limited to a single merge request, with no commits landing or issues receiving comments during the reporting period.
Write Operations MR Opened
Shubham Goel (shubhamgoel) opened Write (Create/Update) Operations Support, a substantial contribution spanning 1,211 diff lines. This MR adds write-side capabilities -- create and update operations -- to the MCP module, which has until now focused on read/context-serving functionality. The MR is currently open and awaiting review. No commits have been merged yet during this period, so no new functionality has shipped.
How can I help on this project?
- Review the open Write (Create/Update) Operations Support MR: with 1,211 diff lines it needs careful scrutiny of API design, input validation, and access control logic before it can merge.
- Check the module's issue queue for unassigned bugs or feature requests that have no associated MR and consider picking one up.
AI Agents
Merged This Period
One fix landed in the last 24 hours. AKHIL BABU (AkhilBabu) merged Issues/3586024: Add post update hook. (commit 3793b023), closing Follow up #3547457. Add post update hook for max_loops_message. The parent issue had introduced a max_loops_message config key to cap the Infinite AJAX request loop when the Agent is unable to resolve a job, but shipped without a post-update hook to migrate existing config. That gap is now closed. Both issues are marked as needing a backport to 1.2.x.
Open Work and Reviews Needed
Three bugs are queued awaiting review or action. Ahmad Khalil (ahmad-khalil-imagex) opened Issue #3586026: Reject AI Agent IDs that collide with code-defined AiAgent plugins to address the collision in AiAgentManager::findDefinitions() at line 196, where a config entity whose machine name matches a code-defined plugin ID is silently dropped and becomes invisible to createInstance(). That MR is 108 lines and in review.
AKHIL BABU also has an open MR, Convert tool arguments to corresponding datatype when hide property is enabled., fixing hide_property skips data-type conversion for forced values inside AiAgentEntityWrapper::applyToolUsageLimitsToContext(). Related to that, Avinash jha (avinash.jha) has Issue #3555863: Support forced values for context parameters containing a colon open to resolve colon-escaped property names like entity__colon__node.
Still unassigned with no MR is GetEntityFieldInformation leaks target_entity_type / target_bundle_type across fields, a straightforward array-reset bug in GetEntityFieldInformation::execute() at src/Plugin/AiFunctionCall/GetEntityFieldInformation.php lines 145-174.
How can I help on this project?
- Review MR !272 for the machine-name collision fix in
AiAgentManager, and MR !270 for thehide_propertydata-type conversion fix. - Pick up the unassigned GetEntityFieldInformation field-leak bug -- the faulty loop is clearly isolated at lines 145-174 and has no existing MR.
Drupal Canvas
Merged and Shipped
Five MRs landed during the reporting period. Wim Leers (wimleers) drove three developer-experience improvements: Resolve #3591249 "Phpstan only twice on ci" eliminates a redundant PHPStan invocation that was causing four runs on CI and two locally; Resolve #3591245 "Linting contribution barrier" introduces a unified composer run lint command pairing PHPCS and PHPStan; and Resolve #3588837 "Alphabeticallysorteduses" enforces alphabetically sorted PHP imports across a large 8813-line diff to reduce merge conflicts. Sapnil Biswas (sapnil_biswas) landed Issue #3580070: Reject invalid default block configs, fixing BlockComponentDiscovery::checkRequirements() to reject block plugins whose defaultConfiguration() violates their own config schema at discovery time rather than crashing Canvas later. Tim Plunkett (tim.plunkett) also reverted a previous folder drag-and-drop change via Revert "fix: #3580919 Align Folder Drag-and-Drop Behavior with Design Specs".
Open Work in Progress
There is substantial open MR activity. Dave Long (longwave) has two open MRs: #3591340 Refactor AstroIsland, which adds #inner_html and #attributes element properties and introduces the CANVAS_INTERNAL_PROP_KEYS constant, and #3591374 Add #machine_name to JsComponent. Matt Glaman (mglaman) has an open fix in Issue #3538825: ApiExceptionSubscriber prevents ExceptionLoggingSubscriber from running, lowering ApiExceptionSubscriber to priority -50 so exceptions on Canvas API routes are actually logged. Krasimir Bachev (c2h2o5) opened Refreshes editor layout model after server changes to synchronise the in-memory layout model after hook_entity_presave or hook_canvas_page_presave mutations.
How can I help on this project?
Review the ApiExceptionSubscriber fix to confirm the priority change is correct and the kernel test is sufficient. Review the editor layout refresh MR and verify the query endpoint changes correctly dispatch layout model updates. Review the AstroIsland refactor for API correctness before it gains dependents.
LiteLLM AI Provider
Activity in the last 24 hours was limited to a single merge request opened by wouters_f (wouters_frederik). The MR fixes streaming failures on some infra and in ddev targets streaming reliability issues that affect certain infrastructure setups, including local DDEV environments. The branch 3591336-failing-streaming-requests introduces 27 diff lines. No commits were pushed directly and no issues received comments during the reporting period.
How can I help on this project?
- Review the open MR fixes streaming failures on some infra and in ddev -- test it against a DDEV setup or other infrastructure and leave feedback on correctness and edge cases in the streaming handling code.
- Check whether the 27-line diff covers all streaming failure paths and comment on any missing error handling or edge cases you identify.
AG-UI
Activity in the AG-UI module over the last 24 hours was limited to a single open issue awaiting review. No merge requests were merged and no commits were pushed during the reporting period.
Bug Fixes in Progress
Takaya Hirose (takayahirose) has an open patch addressing Anonymous users lose chat history across requests, a session persistence bug affecting the chat widget for anonymous visitors. The root cause is that AiAssistantApiRunner::getMessageHistory() consistently returns only a single message because the TempStore owner is instantiated inside the StreamedResponse callback -- after kernel.response has already written the session. This means each request generates a fresh core.tempstore.private.owner key, discarding all prior conversation context. The fix spans 137 diff lines and is currently labelled needsReview.
How can I help on this project?
- Review the open merge request Issue 3590036: Fixed lost chat history across requests for anonymous users -- test it locally with an anonymous session and verify TempStore persistence across multiple requests.
- Check whether the fix handles edge cases such as simultaneous anonymous sessions or TempStore expiry under load, and leave inline feedback on the MR.
References
[9] Guardrail plugins only evaluate the last message
[24] Resolve #3579088 "Guardrail plugins only"
[34] Improve security
[39] Fix(#3586230): owasp audit remediations
[41] Issue #3578033: Avoid creating columns in the VDB for non-attributes fields
[43] Issue #3579517: Fix clearing index data destroying other indexes' data
[44] 3551588: Write (Create/Update) Operations Support
[45] AI Agent entity form should reject machine names that collide with existing code-plugin IDs
[51] Issue #3586026: Reject AI Agent IDs that collide with code-defined AiAgent plugins
[53] Issues/3586024: Add post update hook.
[84] Resolve #3591249 "Phpstan only twice on ci"
[86] Resolve #3591245 "Linting contribution barrier"
[87] Issue #3580070: Reject invalid default block configs
[89] Resolve #3588837 "Alphabeticallysorteduses"
[93] Anonymous users lose chat history across requests
[94] Issue 3590036: Fixed lost chat history across requests for anonymous users.