Merge branch 'main' into feat/s3parser

Author: agasurfer

CHANGELOG.md

@@ -10,8 +10,34 @@ and this project adheres to
 
 ### Added
 
+- 🔒️(backend) add validation of Room.configuration
+- ✨(helm) add support multiple transcribe worker / endpoint #1247
+
+### Fixed
+
+- ♻(frontend) standardize role terminology across localizations
+- 🐛(backend) make start-recording atomic and fault-tolerant
+- 🔒️(frontend) room ids are generated with non-cryptographic rand
+
+## [1.15.0] - 2026-04-30
+
+### Added
+
 - ✨(backend) add metadata collection of VAD, connection and chat events
 - ✨(backend) add core.recording.event.parsers.S3Parser 
+- ✨(backend) introduce add-ons authentication backend
+- 💬(backend) clarify french transcription audio download link text #1299
+- 🚧(addons) introduce initial Microsoft Outlook add-in support (alpha)
+- 🔧(backend) add setting to toggle application token exchange mechanism
+- ✨(backend) support add-ons authentication in external viewset
+
+### Fixed
+
+- 🐛(summary) support webm #1290
+- ⬆️(backend) bump django-lasuite to v0.0.26
+- 🩹(frontend) use a more standard (quality) rating scale
+- 🩹(frontend) fix access control for screen recording feature flag
+- 🩹(frontend) fix reconnect loop caused by connectionObserverStore updates
 
 ## [1.14.0] - 2026-04-16
 

bin/Tiltfile

@@ -34,10 +34,11 @@ docker_build(
     'localhost:5001/meet-frontend-dinum:latest',
     context='..',
     dockerfile='../docker/dinum-frontend/Dockerfile',
-    only=['./src/frontend', './docker', './.dockerignore'],
+    only=['./src/frontend', './src/addons', './docker', './.dockerignore'],
     target = 'frontend-production',
     live_update=[
         sync('../src/frontend', '/home/frontend'),
+        sync('../src/addons', '/home/addons'),
     ]
 )
 clean_old_images('localhost:5001/meet-frontend-dinum')
@@ -108,7 +109,7 @@ k8s_resource('meet-backend', resource_deps=['postgresql', 'minio', 'redis', 'liv
 k8s_resource('meet-celery-backend', resource_deps=['redis'])
 k8s_resource('meet-celery-summarize', resource_deps=['redis'])
 k8s_resource('meet-celery-summary-backend', resource_deps=['redis'])
-k8s_resource('meet-celery-transcribe', resource_deps=['redis'])
+k8s_resource('meet-celery-transcribe-default', resource_deps=['redis'])
 k8s_resource('meet-backend-migrate', resource_deps=['meet-backend'])
 k8s_resource('livekit-livekit-server', resource_deps=['redis'])
 k8s_resource('livekit-livekit-server-test-connection', resource_deps=['livekit-livekit-server'])

bin/prepare-release.sh

@@ -101,6 +101,12 @@ update_npm_version "mail"
 # Update backend pyproject.toml
 update_python_version "backend"
 
+# Run uv lock in backend
+print_info "Running uv lock in backend..."
+cd "src/backend"
+uv lock
+cd -
+
 # Update summary pyproject.toml
 update_python_version "summary"
 
@@ -149,6 +155,7 @@ echo "      - src/frontend/package.json"
 echo "      - src/sdk/package.json"
 echo "      - src/mail/package.json"
 echo "      - src/backend/pyproject.toml"
+echo "      - src/backend/uv.lock"
 echo "      - src/summary/pyproject.toml"
 echo "      - src/agents/pyproject.toml"
 echo "      - CHANGELOG.md"

docker/dinum-frontend/Dockerfile

@@ -38,6 +38,21 @@ COPY ./docker/dinum-frontend/assets/ \
 COPY ./docker/dinum-frontend/fonts/ \
     ./dist/assets/fonts/
 
+# ---- Addons builder image ----
+FROM node:20-alpine AS addons-builder
+
+WORKDIR /home/addons/outlook
+
+COPY ./src/addons/outlook/package.json ./package.json
+COPY ./src/addons/outlook/package-lock.json ./package-lock.json
+
+RUN npm ci
+
+COPY ./src/addons/outlook/ .
+
+RUN npx webpack --mode production
+
+
 # ---- Front-end image ----
 FROM nginxinc/nginx-unprivileged:alpine3.23 AS frontend-production
 
@@ -60,7 +75,11 @@ COPY --from=meet-builder \
     /home/frontend/dist \
     /usr/share/nginx/html
 
-COPY ./src/frontend/default.conf /etc/nginx/conf.d
+COPY --from=addons-builder \
+    /home/addons/outlook/dist \
+    /usr/share/nginx/html/addons/outlook
+
+COPY ./docker/dinum-frontend/nginx/default.conf /etc/nginx/conf.d
 COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint
 
 ENTRYPOINT [ "/usr/local/bin/entrypoint" ]

docker/dinum-frontend/nginx/default.conf

@@ -0,0 +1,82 @@
+server {
+  listen 8080;
+  server_name localhost;
+  server_tokens off;
+
+  root /usr/share/nginx/html;
+
+  location = /.well-known/windows-app-web-link {
+      default_type application/json;
+      alias /usr/share/nginx/html/.well-known/windows-app-web-link;
+      add_header Content-Disposition "attachment; filename=windows-app-web-link";
+  }
+
+  # Manifest — fetched, never iframed
+  location = /addons/outlook/manifest.xml {
+      alias /usr/share/nginx/html/addons/outlook/manifest.xml;
+
+      add_header Access-Control-Allow-Origin "*";
+      add_header Cache-Control "no-cache, no-store, must-revalidate";
+      add_header X-Frame-Options "DENY";
+      add_header Content-Security-Policy "frame-ancestors 'none'";
+  }
+
+  location = /addons/outlook/assets/ {
+      return 404;
+  }
+
+  location ~* ^/addons/outlook/assets/(.+\.(?:css|js|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot))/?$ {
+      root /usr/share/nginx/html;
+      expires 30d;
+      add_header Cache-Control "public, max-age=2592000, immutable" always;
+      add_header Access-Control-Allow-Origin "*";
+      add_header Vary "Origin" always;
+  }
+
+  location = /addons/outlook/ {
+      return 404;
+  }
+
+  location ~ ^/addons/outlook(/.*)?$ {
+      alias /usr/share/nginx/html/addons/outlook$1;
+      error_page 404 =200 /index.html;
+      add_header Cache-Control "no-cache, no-store, must-revalidate";
+      add_header Pragma "no-cache" always;
+      add_header Expires 0 always;
+
+      set $ms_domains "https://*.live.com https://*.office.com https://*.microsoft.com https://*.office365.com https://*.sharepoint.com";
+
+      set $nonce $request_id;
+
+      set $csp "upgrade-insecure-requests; ";
+      set $csp "${csp}frame-ancestors ${ms_domains}; ";
+      set $csp "${csp}script-src 'nonce-${nonce}' 'strict-dynamic'; ";
+      set $csp "${csp}connect-src 'self' ${ms_domains}; ";
+      set $csp "${csp}frame-src 'none'; ";
+      set $csp "${csp}object-src 'none'; ";
+      set $csp "${csp}base-uri 'none'; ";
+
+      add_header Content-Security-Policy $csp;
+
+      sub_filter 'NONCE_PLACEHOLDER' $nonce;
+      sub_filter_once off;
+  }
+
+  # Serve static files with caching
+  location ~* ^/assets/.*\.(css|js|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+      expires 30d;
+      add_header Cache-Control "public, max-age=2592000";
+  }
+
+  # Serve static files
+  location / {
+      try_files $uri $uri/ /index.html;
+      # Add no-cache headers
+      add_header Cache-Control "no-cache, no-store, must-revalidate";
+      add_header Pragma "no-cache";  # HTTP 1.0 header for backward compatibility
+      add_header Expires 0;
+  }
+
+  # Optionally, handle 404 errors by redirecting to index.html
+  error_page 404 =200 /index.html;
+}

src/addons/outlook/.eslintrc.json

@@ -0,0 +1,8 @@
+{
+  "plugins": [
+    "office-addins"
+  ],
+  "extends": [
+    "plugin:office-addins/recommended"
+  ]
+}